Object gateway for securely forwarding messages between networks
First Claim
1. A system arranged to provide a gateway between a first network and a second network, the system comprising:
- interface means to receive from the first network a message intended for an object in the second network, the message including an identifier for a further object in either the first or second network;
means to generate further interface means for receiving from the second network messages for the further object;
means to form a new identifier for the further interface means, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier;
means to replace the received identifier with the new identifier in the message; and
means to forward the message to the object in the second network.
2 Assignments
0 Petitions
Accused Products
Abstract
A network gateway (1005) is described, wherein an object invocation (1020) containing an embedded object reference (1025), which points to a further object (1002), is modified on passing through the gateway. The gateway validates the object invocation and enacts a number of security tests thereon before forwarding it on. In preferred embodiments, the embedded object reference is replaced by an object reference (1035) to a gateway proxy specifically for the further object (1002). The replacement object reference (1035) also includes enough information that the original object reference (1025) can be recovered. The gateway proxy is generated on or after receipt of the invocation (1020). In the event the further object (1002), which was the subject of the object reference, is itself invoked, the invocation is directed to the gateway proxy, which in turn recovers the original object reference and forwards the invocation on to the further object (1002).
65 Citations
34 Claims
-
1. A system arranged to provide a gateway between a first network and a second network, the system comprising:
-
interface means to receive from the first network a message intended for an object in the second network, the message including an identifier for a further object in either the first or second network; means to generate further interface means for receiving from the second network messages for the further object; means to form a new identifier for the further interface means, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier; means to replace the received identifier with the new identifier in the message; and means to forward the message to the object in the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A method of controlling a gateway to pass messages for objects between first and second networks attached to the gateway, the method comprising the steps of:
-
receiving from the first network a message for an object in the second network, the message including an identifier for a further object in either the first or second network; generating means to receive messages for the further object; forming a new identifier for the means to receive messages for the further object, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier; replacing the received identifier with the new identifier in the message; and forwarding the message to the object in the second network. - View Dependent Claims (34)
-
Specification