Method and apparatus for allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway
DCFirst Claim
1. A method of allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway, comprising:
- (A) designating a plurality of ports in the firewall for the gateway, each corresponding to one of a number of ports in the gateway, wherein each of the gateway ports can be dynamically assigned to correspond to the port of one of the servers;
(B) proxifying an object reference referring to a target server of the servers which is to be accessed by a user request by replacing the IP address and the port number of the target server in the object reference with a dynamically assigned gateway port and the IP address of the gateway;
mapping the dynamically assigned gateway port and the gateway IP address to the port and IP address of the target server; and
sending the proxified object reference back to the user device such that the user device uses it to issue the user request to access the target server via the gateway in order to allow secure connection between the user device and the target server to be established without requiring the user request to expose the IP address and port of the target server at the gateway.
4 Assignments
Litigations
0 Petitions
Accused Products
Abstract
A method of allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway is described. The method includes the step of designating a plurality of ports in the firewall for the gateway, each corresponding to one of a number of ports in the gateway. Each of the gateway ports can be dynamically assigned to correspond to the port of one of the servers. The method also includes a step of proxifying an object reference used in a user request for a target server from the user device in order to establish secure connection between the user device and the target server. This step is first performed by replacing the IP address and the port number of the target server of the user request with a dynamically assigned gateway port and the IP address of the gateway. Then the dynamically assigned gateway port and the gateway'"'"'s IP address are mapped to the port of and IP address of the target server such that the user request is not required to expose the IP address and port number of the target server at the gateway.
204 Citations
11 Claims
-
1. A method of allowing a secure and transparent communication between a user device and servers of a data access network system via a firewall and a gateway, comprising:
-
(A) designating a plurality of ports in the firewall for the gateway, each corresponding to one of a number of ports in the gateway, wherein each of the gateway ports can be dynamically assigned to correspond to the port of one of the servers;
(B) proxifying an object reference referring to a target server of the servers which is to be accessed by a user request by replacing the IP address and the port number of the target server in the object reference with a dynamically assigned gateway port and the IP address of the gateway;
mapping the dynamically assigned gateway port and the gateway IP address to the port and IP address of the target server; and
sending the proxified object reference back to the user device such that the user device uses it to issue the user request to access the target server via the gateway in order to allow secure connection between the user device and the target server to be established without requiring the user request to expose the IP address and port of the target server at the gateway. - View Dependent Claims (2, 3, 4, 5)
establishing a chain of TCP/IP connections between the user device and the gateway and between the gateway and the target server; and
establishing a single SSL (Secure Socket Layer) connection between the user device and the target server.
-
-
6. In a data access network system having servers, a client access device, a firewall, and a first and a second gateway serially coupled between the servers and the firewall, a method of allowing secure connection between the client device and a target server of the servers via the gateways to be established, comprising:
-
(A) designating a plurality of ports in the firewall for the first gateway, each corresponding to one of a number of ports in the first gateway, wherein each of the gateway ports of the first gateway can be dynamically assigned to correspond to a port of the second gateway, wherein each of the gateway ports of the second gateway can also be dynamically assigned to correspond to a port of the servers;
(B) proxifying an object reference referring to a target server of the servers which is to be accessed by a user request by replacing the IP address and the port number of the target server in the object reference with a dynamically assigned gateway port and the IP address of the first gateway;
mapping the dynamically assigned gateway port and the IP address of the first gateway to a dynamically assigned gateway port and the IP address of the second gateway;
mapping the dynamically assigned gateway port and the IP address of the second gateway to the port number of and IP address of the target server;
sending the proxified object reference back to the user device from the first gateway such that the user device uses it to issue the user request to access the target server via the gateways in order to allow secure connection between the user device and the target server to be established without requiring the user request to expose the IP address and port of the target server at the gateways; and
(C) establishing the secure connection between the user device and the target server via the first and second gateways. - View Dependent Claims (7, 8, 9, 10, 11)
establishing a chain of TCP/IP connections between the user device and the gateways and between the gateways and the target server; and
establishing a single SSL (Secure Socket Layer) connection between the user device and the target server.
-
-
11. The method of claim 6, wherein said user device comprises a computer system.
Specification