Method of establishing a secure tunnel through a proxy server between a user device and a secure server

US 6,988,147 B2
Filed: 05/31/2001
Issued: 01/17/2006
Est. Priority Date: 05/31/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of operating a proxy server, the method comprising:

receiving an initial request from a user device during a current session between the user device and the proxy server;

terminating the current session if the initial request is to a secure server; and

establishing a tunnel, through the proxy server, between the user device and the secure server, via a trusted domain proxy/firewall, upon receipt of a further request from the user device to access the secure server if the initial request is to a secure server.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for establishing a secure tunnel through a proxy between a user device and a secure server on a network are described. The method comprises storing information retrievable by the proxy server, in the event of the user device sending a request to the proxy server to access the secure server during a current session with the proxy server. The information indicates that the user device wishes to access the secure server. Thereafter, the current session between the user device and the proxy server is terminated. A tunnel is set through the proxy server between the user device and the secure server (via a trusted domain proxy/firewall) in the event of the user device sending a further request to the proxy server to access the secure server.

37 Citations

View as Search Results

41 Claims

1. A method of operating a proxy server, the method comprising:
- receiving an initial request from a user device during a current session between the user device and the proxy server;
  
  terminating the current session if the initial request is to a secure server; and
  
  establishing a tunnel, through the proxy server, between the user device and the secure server, via a trusted domain proxy/firewall, upon receipt of a further request from the user device to access the secure server if the initial request is to a secure server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising determining whether the initial request is to a destination address of a secure server.
  - 3. The method of claim 2 wherein determining whether the initial request is to a destination address of a secure server comprises finding a match of the destination address of the secure server in a pre-provisioned list of secure servers in the proxy server.
  - 4. The method of claim 2 wherein determining whether the initial request is to a destination address of a secure server comprises forwarding the request to a non-secure server associated with the destination address and receiving an error message in response thereto, which message is indicative that the destination address is that of a secure server.
  - 5. The method of claim 1 further comprising waiting a predetermined period for the further request.
  - 6. The method of claim 1 wherein establishing the tunnel comprises storing state information in order to identify the further request as being associated with the initial request.
  - 7. The method of claim 1 wherein terminating the current session comprises sending an error message to the user device which causes the user device to send the further request to the proxy server.
  - 8. The method of claim 7 wherein the error message is a standard error message in a protocol supported by the user device.
  - 9. The method of claim 1 wherein establishing the tunnel comprises opening a socket with the trusted domain proxy/firewall and mapping the socket to an inbound socket opened with the user device upon receipt of the further request.
  - 10. The method of claim 1 further comprising establishing a time-to-live delay for the tunnel, beyond which time the tunnel is terminated.
  - 11. The method of claim 1 which comprises terminating the tunnel upon the occurrence of a predetermined event.
  - 12. The method of claim 11 wherein the predetermined event comprises receiving a request from the user device to access a server other than the secure server.
  - 13. The method of claim 11 wherein the predetermined event comprises the termination of the session between the user device and the trusted domain proxy/firewall at the instance of the trusted domain proxy/firewall.

14. A machine readable program storage medium, having code stored therein, which when executed on a proxy server causes the proxy server to perform a method comprisingreceiving an initial request from a user device during a current session between a user device and the proxy server;
- terminating the current session if the initial request is to a secure server; and
  
  establishing a tunnel, through the proxy server, between the user device and the secure server, via a trusted domain proxy/firewall, upon receipt of a further request from the user device to access the secure server if the initial request is to a secure server.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 15. The machine readable program storage medium of claim 14, wherein the method comprises determining whether the initial request is to a destination address of a secure server.
  - 16. The machine readable program storage medium of claim 15, wherein determining whether the initial request is to a destination address of a secure server, comprises finding a match of the destination address in a pre-provisioned list of secure servers in the proxy.
  - 17. The machine readable program storage medium of claim 16, wherein determining whether the initial request is to a destination address of a secure server comprises forwarding the request to a non-secure server associated with the destination address and receiving an error message in response thereto, which message is indicative that the destination address is that of a secure server.
  - 18. The machine readable program storage medium of claim 14, wherein the method further comprises waiting a predetermined period for the further request.
  - 19. The machine readable program storage medium of claim 14, wherein establishing the tunnel comprises storing state information in order to identify the further request as being associated with the initial request.
  - 20. The machine readable program storage medium of claim 14, wherein terminating the current session comprises sending an error message to the user device which causes the user device to send the further request to the proxy server.
  - 21. The machine readable program storage medium of claim 20, wherein the error message is a standard error message in a protocol supported by the user device.
  - 22. The machine readable program storage medium of claim 14, wherein establishing the tunnel comprises opening a socket with the trusted domain proxy/firewall and mapping the socket to an inbound socket opened with the user device upon receipt of the further request.
  - 23. The machine readable program storage medium of claim 14, wherein the method further comprises establishing a time-to-live delay for the tunnel, beyond which time the tunnel is terminated.
  - 24. The machine readable program storage medium of claim 14, wherein the method comprises terminating the tunnel upon the occurrence of a predetermined event.
  - 25. The machine readable program storage medium of claim 24, wherein the predetermined event comprises receiving a request from the user device to access a server other than the secure server.
  - 26. The machine readable program storage medium of claim 24, wherein the predetermined event comprises the termination of the session between the user device and the trusted domain proxy/firewall at the instance of the trusted domain proxy/firewall.

27. A proxy server comprising:
- a processor; and
  
  a memory device, having stored therein a code, which when executed by the processor, causes the proxy server to;
  
  receive an initial request from a user device during a current session between the user device and the proxy server;
  
  terminate the current session if the initial request is to a secure server; and
  
  establish a tunnel, through the proxy server, between the user device and the secure server, via a trusted domain proxy/firewall, upon receipt of a further request from the user device to access the secure server if the initial request is to a secure server.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 28. The proxy server of claim 27, wherein the code comprises instructions to determine whether the initial request is to a destination address of a secure server.
  - 29. The proxy server of claim 28, wherein determining whether the initial request is to a destination address of a secure server comprises finding a match of the destination address of the secure server in a pre-provisioned list of secure servers in the proxy server.
  - 30. The proxy server of claim 29, wherein determining whether the initial request is to a destination address of a secure server comprises forwarding the request to a non-secure server associated with the destination address and receiving an error message in response thereto, which message is indicative that the destination address server is that of a secure server.
  - 31. The proxy server of claim 28, wherein the code further comprises instructions for waiting a predetermined period for the further request.
  - 32. The proxy server of claim 28, wherein establishing the tunnel comprises storing state information in order to identify the further request as being associated with the initial request.
  - 33. The proxy server of claim 28, wherein terminating the current session comprises sending an error message to the user device which causes the user device to send the further request to the proxy server.
  - 34. The proxy server of claim 33, wherein the error message is a standard error message in a protocol supported by the user device.
  - 35. The proxy server of claim 28, wherein establishing the tunnel comprises opening a first socket with the trusted domain proxy/firewall and mapping the socket to an inbound socket opened with the user device upon receipt of the further request.
  - 36. The proxy server of claim 28, wherein the code further comprises instructions to establish a time-to-live default for the tunnel, beyond which time the tunnel is terminated.
  - 37. The proxy server of claim 27, wherein the code further comprises instructions to terminate the tunnel upon the occurrence of a predetermined event.
  - 38. The proxy server of claim 37, wherein the predetermined event comprises receiving a request from the user device to access a server other than the secure server.
  - 39. The proxy server of claim 38, wherein the predetermined event comprises the termination of a session between the user device and the trusted domain proxy/firewall at the instance of the trusted domain proxy/firewall.

40. A proxy server comprising:
- means for receiving an initial request from a user device during a current session between the user device and the proxy server;
  
  means for terminating the current session if the initial request is to a secure server; and
  
  means for establishing a tunnel, through the proxy server, between the user device and the secure server, via a trusted domain proxy/firewall, upon receipt of a further request from the user device to access the secure server.

41. A method of operating a proxy server, a method comprising:
- receiving an initial request from a user device during a current session between the user device and the proxy server;
  
  determining whether the initial request is to a secure server;
  
  terminating the current session between the user device and the proxy server if the initial request is to a secure server, the current session being terminated with a standard error message in a protocol understood by the user device which message causes the user device upon receipt of the error message to re-send the request to the proxy server; and
  
  upon receipt of the re-sent request within a predetermined time, opening a socket with a trusted domain proxy/firewall and mapping the socket with an inbound socket opened between the proxy server and the user device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unwired Planet LLC (JP Morgan Chase & Co)
Original Assignee
Openwave Systems Incorporated (JP Morgan Chase & Co)
Inventors
King, Peter F.
Primary Examiner(s)
Meky, Moustafa M.

Application Number

US09/872,997
Publication Number

US 20020194292A1
Time in Patent Office

1,692 Days
Field of Search

709/200, 709/201, 709/203, 709/217, 709/218, 709/219, 709/224, 709/226, 709/227, 709/228, 709/229, 709/237, 709/238, 709/239, 709/240, 709/242, 713/151, 713/152, 713/153, 713/166
US Class Current

709/239
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/067   using one-time keys cryptog...

Method of establishing a secure tunnel through a proxy server between a user device and a secure server

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

37 Citations

41 Claims

Specification

Solutions

Use Cases

Quick Links

Method of establishing a secure tunnel through a proxy server between a user device and a secure server

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

37 Citations

41 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links