System and method for connecting to a device on a protected network
First Claim
Patent Images
1. A system, comprising:
- a local area network, said local area network includinga local entity,a connection entity coupled to the local entity, andan access control mechanism coupled to the connection entity;
a remote entity; and
a trusted arbitrator, coupled to the access control mechanism and to the remote entity via a wide area network, to receive a first request which is sent by the remote entity across the wide area network and being directed at least in part to the local entity on the local area network,wherein the connection entity regularly polls the trusted arbitrator via the access control mechanism across the wide area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator, the trusted arbitrator sends a first response via the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, and the connection entity forwards at least a portion of the first request to the local entity.
0 Assignments
0 Petitions
Accused Products
Abstract
A novel system and method for connecting to an entity behind a firewall or proxy enhances network security and eliminates the costs and risks associated with modifying the firewall or proxy. The invention uses a trusted arbitrator as an intermediary between (1) a local area network protected by an access control mechanism such as a firewall or proxy and (2) external entities seeking to connect with an entity within the network. Requests from external entities are routed to the trusted arbitrator, which communicates with a connection entity located behind the firewall or proxy.
10 Citations
16 Claims
-
1. A system, comprising:
-
a local area network, said local area network including a local entity, a connection entity coupled to the local entity, and an access control mechanism coupled to the connection entity; a remote entity; and a trusted arbitrator, coupled to the access control mechanism and to the remote entity via a wide area network, to receive a first request which is sent by the remote entity across the wide area network and being directed at least in part to the local entity on the local area network, wherein the connection entity regularly polls the trusted arbitrator via the access control mechanism across the wide area network to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator, the trusted arbitrator sends a first response via the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, and the connection entity forwards at least a portion of the first request to the local entity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method, comprising:
-
receiving a first request at a trusted arbitrator from a remote entity, the first request being directed to a local entity; storing the first request on the trusted arbitrator, the first request being sent by the remote entity across a wide area network to the trusted arbitrator and being directed at least in part to a local entity on a local area network; receiving regular polling, from a connection entity on the local area network, to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator; and sending a first response from the trusted arbitrator across the wide area network to the connection entity on the local area network, the first response including a first request from the remote entity and being in response to polling of the connection entity, wherein the connection entity forwards at least a portion of the first request from the connection entity to the local entity. - View Dependent Claims (10, 11, 12)
-
-
13. A data storage medium having machine-readable code stored thereon, the machine-readable code comprising instructions executable by logic elements, the instructions defining a method comprising:
-
storing a first request on a trusted arbitrator, the first request being sent by a remote entity across a wide area network to the trusted arbitrator and being directed at least in part to a local entity on a local area network; receiving regular polling, from a connection entity on the local area network, to determine whether any requests directed to devices on the local area network are pending in the trusted arbitrator; and sending a first response from the trusted arbitrator across the wide area network to the connection entity on the local area network, the first response including the first request from the remote entity and being in response to polling by the connection entity, wherein the connection entity forwards at least a portion of the first requst from the connection entity to the local entity. - View Dependent Claims (14, 15, 16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeIntel Corporation
-
Original AssigneeIntel Corporation
-
InventorsKing, David A., Remer, Eric B., Remer, David L.
-
Primary Examiner(s)Caldwell, Andrew
-
Assistant Examiner(s)Nguyen, Hai V.
-
Application NumberUS10/852,799Publication NumberTime in Patent Office553 DaysField of Search709/200, 709/229, 709/238, 709/250, 707/9, 713/175, 713/201US Class Current709/229CPC Class CodesH04L 63/02 for separating internal fro...Y10S 707/99939 Privileged access
