Object gateway for securely forwarding messages between networks

US 6,981,265 B1
Filed: 12/04/1998
Issued: 12/27/2005
Est. Priority Date: 12/04/1997
Status: Expired due to Fees

First Claim

Patent Images

1. A system arranged to provide a gateway between a first network and a second network, the system comprising:

interface means to receive from the first network a message intended for an object in the second network, the message including an identifier for a further object in either the first or second network;

means to generate further interface means for receiving from the second network messages for the further object;

means to form a new identifier for the further interface means, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier;

means to replace the received identifier with the new identifier in the message; and

means to forward the message to the object in the second network.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network gateway (1005) is described, wherein an object invocation (1020) containing an embedded object reference (1025), which points to a further object (1002), is modified on passing through the gateway. The gateway validates the object invocation and enacts a number of security tests thereon before forwarding it on. In preferred embodiments, the embedded object reference is replaced by an object reference (1035) to a gateway proxy specifically for the further object (1002). The replacement object reference (1035) also includes enough information that the original object reference (1025) can be recovered. The gateway proxy is generated on or after receipt of the invocation (1020). In the event the further object (1002), which was the subject of the object reference, is itself invoked, the invocation is directed to the gateway proxy, which in turn recovers the original object reference and forwards the invocation on to the further object (1002).

65 Citations

View as Search Results

34 Claims

1. A system arranged to provide a gateway between a first network and a second network, the system comprising:
- interface means to receive from the first network a message intended for an object in the second network, the message including an identifier for a further object in either the first or second network;
  
  means to generate further interface means for receiving from the second network messages for the further object;
  
  means to form a new identifier for the further interface means, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier;
  
  means to replace the received identifier with the new identifier in the message; and
  
  means to forward the message to the object in the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. A system according to claim 1, wherein the new identifier includes information to enable subsequent recovery by the system of the received identifier.
  - 3. A system according to claim 2, wherein the new identifier includes a representation of the received identifier.
  - 4. A system according to claim 2, wherein the new identifier includes an indication of the identity of the received identifier and the system includes means to associate said indication with said received identifier.
  - 5. A system according to claim 1, comprising means to include in the new identifier a name tag to identify the interface means.
  - 6. A system according to claim 1, wherein the check data further comprises a secret.
  - 7. A system according to claim 1, comprising means to include in the new identifier an indication that the received identifier was received in an message from the first (or second) network.
  - 8. A system according to claim 1, comprising means to determine whether the received identifier originated from the first network or the second network.
  - 9. A system according to claim 8, comprising means to form the new identifier on the basis of the determined origin.
  - 10. A system according to claim 9, wherein, if the received identifier originated in the first network, the means to form the new identifier forms a new identifier including information to enable subsequent recovery by the system of the received identifier.
  - 11. A system according to claim 9, wherein, if the received identifier originated in the second network, having passed through the system from the second network to the first network, the means to form the new identifier forms a new identifier comprising an original identifier recovered from information included in the received identifier.
  - 12. A system according to claim 9, wherein, if the received identifier originated in the first network, having passed through the system from the first network to the second network and having passed back to the first network other than through the system, the means to form the new identifier forms the new identifier as a copy of the received identifier.
  - 13. A system according to claim 1, comprising means to detect a name tag in the message.
  - 14. A system according to claim 13, comprising means to determine on the basis of the name tag whether the object in the second network is valid and is still available to receive messages.
  - 15. A system according to claim 14, wherein the means to determine initiates a call to a naming service, the naming service being configurable by an authorised party by adding or removing name tags, and the presence or absence of a name tag being indicative of whether the object associated with the name tag is available or not respectively.
  - 16. A system according to claim 1, comprising means to verify the received identifier.
  - 17. A system according to claim 16, wherein identifier includes check data to enable verification of the received identifier.
  - 18. A system according to claim 17, wherein the check data is the result of a hash operation enacted on at least part of the identifier and a secret, and the means to verify the received identifier is configured to enact a similar hash operation on the same part of the identifier and a secret and compare the resulting check data with the received check data.
  - 19. A system according to claim 18, wherein the secret is stored by and only accessible by the gateway.
  - 20. A system according to claim 1, wherein the means to generate the further interface means comprises means to determine on the basis of the received identifier whether a template for an appropriate further interface means is already known to the system.
  - 21. A system according to claim 20, wherein the means to generate the further interface means comprises means, which is operable in the event an appropriate template is not known to the system, to obtain an appropriate template from a remote repository.
  - 22. A system according to claim 20, wherein the means to generate the further interface means comprises means, which is operable in the event no appropriate template is known to the system and/or an appropriate template is not recoverable from a remote repository, to obtain a generic template.
  - 23. A system according to claim 20, wherein the means to generate the further interface is arranged to at least obtain a template for the further interface means on or after receipt of the received identifier and in advance of receipt of a message for the further object.
  - 24. A system according to claim 1 configured for operation in a trusted operating system.
  - 25. A system according to claim 24, wherein the trusted operating system enforces Mandatory Access Control.
  - 26. A system according to claim 25, comprising at least two logical compartments and a trusted relay process that has privileges necessary to pass messages between the two compartments, wherein the first network and the respective interface means are associated with a first compartment and the second network is associated with a second compartment.
  - 27. A system according to claim 25, wherein a secret, usable by the system in a hash operation for validating object references, is associated with a third compartment, and wherein only the trusted relay process has the privileges necessary to retrieve the secret from the further compartment in order to enact a hash operation.
  - 28. A system according to claim 1, wherein the received identifier is an Interoperable Object Reference having the form IOR[host:
    - port;
      
      key].
  - 29. A system according to claim 1, wherein the new identifier is an Interoperable Object Reference having the form IOR[host x:
    - port x;
      
      key x], wherein key x includes information to enable subsequent recovery by the system of the received identifier.
  - 30. A system according to claim 29, wherein key x includes a representation of the received object reference IOR[host i:
    - port i;
      
      key i].
  - 31. A system according to claim 29, wherein key x includes:
    - an identifier to indicate from which network the object reference originated;
      
      a name tag associated with an identity of the gateway process; and
      
      check data for verifying the validity of the object reference.
  - 32. The system according to claim 1, wherein the further interface means corresponds to the further object and the further interface means is generated only when or after the message including the identifier for the further object is received.

33. A method of controlling a gateway to pass messages for objects between first and second networks attached to the gateway, the method comprising the steps of:
- receiving from the first network a message for an object in the second network, the message including an identifier for a further object in either the first or second network;
  
  generating means to receive messages for the further object;
  
  forming a new identifier for the means to receive messages for the further object, the new identifier including check data resulting from a hash operation for checking the validity of the or at least part of the new identifier;
  
  replacing the received identifier with the new identifier in the message; and
  
  forwarding the message to the object in the second network.
- View Dependent Claims (34)
- - 34. The method of claim 33, wherein the further interface means corresponds to the further object and the further interface means is generated only when or after the message including the identifier for the further object is received.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Rees, Robert Thomas Owen, Edwards, Nigel John
Primary Examiner(s)
An, Meng-Al T.
Assistant Examiner(s)
ZHEN, LI B

Application Number

US09/555,465
Time in Patent Office

2,580 Days
Field of Search

709/310, 709/311, 709/316, 709/313, 709/315, 709/330
US Class Current

719/313
CPC Class Codes

G06F 9/548   Object oriented; Remote met...

H04L 63/02   for separating internal fro...

H04L 63/0218   Distributed architectures, ...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/168   above the transport layer

H04L 67/01   Protocols

H04L 67/10   in which an application is ...

H04L 67/51   Discovery or management the...

H04L 67/561   Adding application-function...

H04L 67/563   Data redirection of data ne...

H04L 67/564   Enhancement of application ...

H04L 67/565   Conversion or adaptation of...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Object gateway for securely forwarding messages between networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

65 Citations

34 Claims

Specification

Solutions

Use Cases

Quick Links

Object gateway for securely forwarding messages between networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

34 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links