Method and system for secure communication over unstable public connections
First Claim
Patent Images
1. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system connected thereto via a public network, comprising the steps of:
- identifying the data limiting characteristics of the firewall;
using a communications application to develop local message data to be communicated from the local computer system to the remote system;
encrypting the local message data;
dividing the encrypted local message data into payload chunks of predetermined size determined by the data limiting characteristics of the firewall;
combining each of the payload chunks with identifying header data to form data packets;
encapsulating the data packets into encapsulated data packets in accordance with a high-level data transport protocol;
communicating the encapsulated data packets through the firewall to the remote computer system;
stripping the encapsulation from the encapsulated data packets;
separating the payload chunks from each data packet;
recombining the payload chunks to reform the encrypted local message data;
decrypting the reformed local message data;
presenting the reformed local message data to an application in the remote computer system; and
causing the remote computer system to return a reply message to the local computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are disclosed which provide a system for secure and reliable communication between client computers residing on separate private networks but connected via a public network such as the Internet. The communications described herein are designed to function even if a persistent link can not be established between the two computers. Further, the systems and apparatus described herein are designed to traverse any locally installed gateways or firewalls to obtain access to a remote destination.
-
Citations
19 Claims
-
1. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system connected thereto via a public network, comprising the steps of:
-
identifying the data limiting characteristics of the firewall;
using a communications application to develop local message data to be communicated from the local computer system to the remote system;
encrypting the local message data;
dividing the encrypted local message data into payload chunks of predetermined size determined by the data limiting characteristics of the firewall;
combining each of the payload chunks with identifying header data to form data packets;
encapsulating the data packets into encapsulated data packets in accordance with a high-level data transport protocol;
communicating the encapsulated data packets through the firewall to the remote computer system;
stripping the encapsulation from the encapsulated data packets;
separating the payload chunks from each data packet;
recombining the payload chunks to reform the encrypted local message data;
decrypting the reformed local message data;
presenting the reformed local message data to an application in the remote computer system; and
causing the remote computer system to return a reply message to the local computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
calculating the number N of chunks in which to divide said local message data according to the relationship -
3. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 2 and further comprising:
-
assigning a message ID to said local message data;
assigning a chunk number to each said payload chunk; and
combining the message ID, the chunk number, and the number of chunks N to develop said header data.
-
-
4. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 3 and further comprising:
adding a Sender ID and a Destination ID to said header data.
-
5. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 4 wherein said data packets are encapsulated in an HTTP POST format.
-
6. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 4 wherein said data packets are encapsulated in an HTTP GET format.
-
7. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 1 wherein said reply message includes a plurality of message segments of substantially unlimited length, and further comprising:
-
encrypting each said message segment;
combining the encrypted message segments to form a message payload;
combining the message payload with header data to form an aggregated data packet; and
depositing the aggregated data packet in the send buffer of the remote computer system for transmission to the local computer system.
-
-
8. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 7 wherein said aggregated data packet is formed by
concatenating said message segments to form the message payload; -
generating a header indicating the number of message segments, the sender ID, and the destination ID; and
adding to said header a sequence of fields respectively corresponding to said message segments, each said field including the ID number of the corresponding message segment, the length of the corresponding message segment, and a sender message ID to which the message segment is a reply.
-
-
9. A method of communicating unlimited data between a local computer system protected by a local firewall, and a remote computer system as recited in claim 7 wherein upon receipt of said aggregated data packet by said local computer system, the encapsulation is stripped therefrom, the message payload is separated into separate message segments, and a reply data packet is generated for each message segment by
forming a header including the sender ID, and the destination ID; -
prepending the message ID to the header;
appending the reply to ID to the header; and
appending the message segment to the header.
-
-
-
10. A data communication system, comprising:
-
means forming a communications firewall having data limiting characteristics;
a local computer system communicatively coupled to said firewall and including means for encrypting a block of local message data;
means for dividing the encrypted local message data into payload chunks of predetermined size determined by the data limiting characteristics of the firewall;
means for combining each of the payload chunks with identifying header data to form data packets;
means for encapsulating the data packets into encapsulated data packets in accordance with a high-level data transport protocol; and
means for communicating the encapsulated data packets through the firewall to a remote computer system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
means for calculating the number N of chunks in which to divide said local message data according to the relationship -
12. A data communication system as recited in claim 11, wherein said means for combining each of the payload chunks with identifying header data to form data packets includes
means for assigning a message ID to said local message data; -
means for assigning a chunk number to each said payload chunk; and
means for combining the message ID, the chunk number, and the number of chunks N to develop said header data.
-
-
13. A data communication system as recited in claim 12, wherein said means for combining each of the payload chunks with identifying header data to form data packets further includes
means for adding a Sender ID and a Destination ID to said header data. -
14. A data communication system as recited in claim 12, wherein said high level data transport protocol is HTTP.
-
15. A data communication system as recited in claim 14, and further comprising a remote computer including
means for receiving and stripping the encapsulation from the encapsulated d means for separating the payload chunks from each data packet; -
means for recombining the payload chunks to reform the encrypted local message data;
means for decrypting the reformed local message data;
means for presenting the reformed local message data to an application in the remote computer system; and
means for causing the remote computer system to return a reply message to the local computer system.
-
-
16. A data communication system as recited in claim 15, wherein said reply message includes a plurality of message segments, and wherein said remote computer system further includes
means for encrypting each said message segment; -
means for combining the encrypted message segments to form a message payload; and
means for combining the message payload with header data to form an aggregated data packet, said aggregated data packet being deposited in the send buffer of the remote computer system for transmission to the local computer system.
-
-
17. A data communication system as recited in claim 15, wherein said remote computer system includes means for sending an email to the local computer system indicating that a message is waiting, and wherein said local computer system includes means responsive to said email for causing said local computer system to send a request to said remote computer system requesting a reply.
-
18. A data communication system as recited in claim 15, wherein said reply message includes a plurality of message segments packaged in an aggregated data packet formed by
means for concatenating said message segments to form the message payload; -
means for generating a header indicating the number of message segments, the sender ID, and the destination ID; and
means for adding to said header a sequence of fields respectively corresponding to said message segments, each said field including the ID number of the corresponding message segment, the length of the corresponding message segment, and a sender message ID to which the message segment is a reply.
-
-
19. A data communication system as recited in claim 18, wherein said local computer system includes
means for stripping the encapsulation therefrom, means for separating the message payload into separate message segments, means for generating a reply data packet for each message segment by forming a header including the sender ID, and the destination ID; -
prepending the message ID to the header;
appending the reply to ID to the header; and
appending the message segment to the header.
-
-
Specification