Secure intranet access

US 6,950,936 B2
Filed: 08/28/2003
Issued: 09/27/2005
Est. Priority Date: 03/16/1999
Status: Expired due to Term

First Claim

Patent Images

1. A computer readable medium including a border server software, said border server software comprising:

secure connection software for secure communication with a client where the client resides in an insecure network;

insecure connection software for communicating with a target server where the target server resides in a secure network; and

a transformer software configured to transform a secure request received from the client to an insecure request for the target server, the transformer software configured to transform insecure data received from the target server into secure data wherein the transformer software enables said request and data transformation simultaneously with client authentication; and

the transformer software configured to send the secure data to the client upon authentication of the client.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, signals, devices, and systems are provided for secure access to a network from an external client. Requests for access to confidential data may be redirected from a target server to a border server, after which a secure sockets layer connection between the border server and the external client carries user authentication information. After the user is authenticated to the network, requests may be redirected back to the original target server. Web pages sent from the target server to the external client are scanned for non-secure URLs such as those containing “http://” and modified to make them secure. The target server and the border server utilize various combinations of secure and non-secure caches. Although tunneling, may be used, the extensive configuration management burdens imposed by virtual private networks are not required.

Citations

20 Claims

1. A computer readable medium including a border server software, said border server software comprising:
- secure connection software for secure communication with a client where the client resides in an insecure network;
  
  insecure connection software for communicating with a target server where the target server resides in a secure network; and
  
  a transformer software configured to transform a secure request received from the client to an insecure request for the target server, the transformer software configured to transform insecure data received from the target server into secure data wherein the transformer software enables said request and data transformation simultaneously with client authentication; and
  
  the transformer software configured to send the secure data to the client upon authentication of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The border server of claim 1, wherein the transformer transforms the secure request, which is a Uniform Resource Locator (URL) request, and wherein the secure connection software is used by a browser of the client to issue the secure request.
  - 3. The border server of claim 1, wherein the transformer transforms the insecure data by sending the insecure data to the client as the secure data using a Hypertext Markup Transfer Protocol over a Secure Sockets Layer (HTTPS) which is used by the secure connection software.
  - 4. The border server of claim 1, wherein the target server is indirectly accessible to the client via the transformer while the client remains authenticated.
  - 5. The border server of claim 1, wherein the client is authenticated by an authentication system on the secure network.
  - 6. The border server of claim 1, wherein the transformer maintains a cache having the secure data for servicing subsequent requests for the secure data.
  - 7. The border server of claim 1 further comprising a redirector that intercepts and redirects the secure requests to the transformer.

8. A method for operating a border server software, said method comprising:
- receiving a secure request a client over an insecure network;
  
  transforming the secure request into an insecure request, wherein the transforming of the secure request are enabled and executed simultaneously with the client authentication, sending the insecure request to a target server residing in a secure network;
  
  receiving insecure data from the target server; and
  
  transforming the insecure data into secure data and sending the secure data to the client over the insecure network, if the client was successfully authenticated.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8 further comprising checking a cache within the secure network for the insecure data before sending the insecure request to the target server.
  - 10. The method of claim 8 wherein the receiving further includes intercepting, by the border server, the secure request sent from the client, wherein the secure request was originally directed from the client to the target server.
  - 11. The method of claim 8 wherein the transforming of the secure request further includes sending the insecure request to the target server within a secure intranet environment which is the secure network.
  - 12. The method of claim 8 wherein the transforming of the secure request includes using a directory services database in connection with an authentication system to authenticate the client.
  - 13. The method of claim 8 wherein the transforming of the secure request includes blocking, by the border server, direct access from the client to the target server.
  - 14. The method of claim 8 wherein the receiving further includes receiving a username and password with the secure request which is used when authenticating the client.

15. A method for operating a border server software, comprising:
- intercepting a secure request issued from a client for secure data accessible from a secure network, wherein the secure request is intercepted from an insecure network;
  
  authenticating the client during an operation to transform the secure request into an insecure request within the secure network, wherein the client authentication and transformation of the secure request are enabled and executed simultaneously; and
  
  locating the secure data within the secure network and transforming the secure data into insecure data for delivery to the client over the insecure network using secure communications.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15 wherein the intercepting further includes intercepting the secure request that was originally directed to a target server having the secure data and located within the secure network.
  - 17. The method of claim 15 wherein the locating further includes using Secure Socket Layer protocols as the secure communications over the Internet which is the insecure network.
  - 18. The method of claim 15 wherein the locating further includes issuing the insecure request to a target server within the secure network in order to acquire the secure data.
  - 19. The method of claim 15 wherein the locating further includes checking a cache for the secure data.
  - 20. The method of claim 15 further comprising, storing the secure data in a cache accessible from the secure network to satisfy subsequent secure requests for the secure data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Ebrahimi, Hashem M, Subramaniam, Anand
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/650,211
Publication Number

US 20040049702A1
Time in Patent Office

761 Days
Field of Search

379/93.02, 708/135, 705/72, 705/64, 713/169, 713/170, 713/171, 713/168, 713/200, 713/201, 709/201, 709/202, 709/229
US Class Current

713/169
CPC Class Codes

G06Q 20/382   insuring higher security of...

H04L 63/02   for separating internal fro...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/162   at the data link layer

Secure intranet access

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Secure intranet access

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links