Efficient transmission of IP data using multichannel SOCKS server proxy

US 7,278,157 B2
Filed: 03/14/2002
Issued: 10/02/2007
Est. Priority Date: 03/14/2002
Status: Active Grant

First Claim

Patent Images

1. In a data communications network, a split proxy comprising:

a split proxy server disposed behind a firewall in a private portion of the data communications network;

a split proxy client disposed in a client computing device positioned externally to said private portion of the data communications network;

a split proxy client interface to at least one client application in said client computing device, and a split proxy server interface to at least one server application corresponding to said at least one client application in said private portion of the data communications network; and

,a tunnel established between said split proxy client and split proxy server, said tunnel hosting all Internet Protocol (IP) data traffic between said at least one client application and said at least one corresponding server application in said private portion of the data communications network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a data communications network, a split proxy can include a split proxy server disposed behind a firewall in a private portion of the data communications network; a split proxy client disposed in a client computing device positioned externally to the private portion of the data communications network; a split proxy client interface to at least one client application in the client computing device, and a split proxy server interface to at least one server application corresponding to the at least one client application in the private portion of the data communications network. A tunnel can be established between the split proxy client and split proxy server. The tunnel can host all Internet Protocol (IP) data traffic between the client application and the corresponding server application in the private portion of the data communications network.

Citations

16 Claims

1. In a data communications network, a split proxy comprising:
- a split proxy server disposed behind a firewall in a private portion of the data communications network;
  
  a split proxy client disposed in a client computing device positioned externally to said private portion of the data communications network;
  
  a split proxy client interface to at least one client application in said client computing device, and a split proxy server interface to at least one server application corresponding to said at least one client application in said private portion of the data communications network; and
  
  ,a tunnel established between said split proxy client and split proxy server, said tunnel hosting all Internet Protocol (IP) data traffic between said at least one client application and said at least one corresponding server application in said private portion of the data communications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The split proxy of claim 1, wherein said split proxy server comprises a split SOCKS server and said split proxy client comprises a split SOCKS client.
  - 3. The split proxy of claim 1, wherein said split proxy server comprises a split HTTP proxy server and said split proxy client comprises a split HITP proxy client.
  - 4. The split proxy of claim 1, wherein each of said split proxy client and split proxy server comprises link re-establishment logic configured to re-establish a link forming said tunnel responsive to a termination of said link.
  - 5. The split proxy of claim 1, wherein said tunnel comprises an authenticated tunnel.
  - 6. The split proxy of claim 1, wherein each of said split proxy client and split proxy server comprises a data compressor/decompressor configured to compress all IP data flowing through said tunnel and to decompress all IP data emerging from said tunnel.
  - 7. The split proxy of claim 1, wherein said tunnel comprises a plurality of sub-channels, each said sub-channel hosting all IP data traffic between a single one of said at least one client application and a corresponding one of said at least one corresponding server application in said private portion of the data communications network.

8. A method for processing secure data communications between a server application disposed in a private portion of a data communications network, and a client application hosted in a client computing device in a portion of the data communications network which is external to the private portion, said method comprising the steps of:
- programming a firewall in the private portion of the data communications network to disallow communicative links between the server application and computing devices which are external to the private portion of the data communications network;
  
  socksifying the client application;
  
  configuring the client computing device to host a split SOCKS client;
  
  forming an authenticated tunnel between said split SOCKS client in the client computing device, and a split SOCKS server disposed in the private portion of the data communications network; and
  
  ,passing application data between the client application and server application over said authenticated tunnel.

9. A multichannel method for processing secure data communications between server applications disposed in a private portion of a data communications network, and socksified client applications hosted in a client computing device in a portion of the data communications network which is external to the private portion, the data communications network having a firewall separating said private and external portions, said firewall having a configuration for disallowing communicative links between the server applications and computing devices in the external portion, said method comprising the steps of:
- establishing a communicative link between a split SOCKS client in the client computing device, and a split SOCKS server disposed in the private portion of the data communications network, said communicative link forming an authenticated tunnel; and
  
  ,establishing a sub-channel over said authenticated tunnel for each pair of client applications and server applications, wherein application data associated with each pair can be passed through said authenticated tunnel over said sub-channel.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, further comprising the steps of:
    - inspecting an authentication credential for each additional client application requesting a connection through said split SOCKS server with a corresponding server application; and
      
      ,if said inspected authentication credential compares to an authentication credential already inspected when establishing one of said authenticated tunnel and said sub-channels, establishing a new sub-channel for said additional client application and corresponding server application without forwarding said credential to said split SOCKS server.
  - 11. The method of claim 9, further comprising the steps of:
    - detecting a break in said communicative link forming said authenticated tunnel; and
      
      ,responsive to detecting said break, re-establishing a communicative link between said split SOCKS client in the client computing device, and said split SOCKS server disposed in the private portion of the data communications network, said re-established communicative link re-forming said authenticated tunnel, and, passing application data between the client application and server application over said re-formed authenticated tunnel.
  - 12. The method of claim 9, further comprising the steps of:
    - compressing said application data prior to passing said application data over said authenticated tunnel; and
      
      ,decompressing said compressed application data subsequent to passing said application data over said authenticated tunnel.

13. A machine readable storage having stored thereon a computer program for processing secure data communications between server applications disposed in a private portion of a data communications network, and socksified client applications hosted in a client computing device in a portion of the data communications network which is external to the private portion, the data communications network having a firewall separating said private and external portions, said firewall having a configuration for disallowing communicative links between the server applications and computing devices in the external portion, said computer program comprising a routine set of instructions for causing the machine to perform the steps of:
- establishing a communicative link between a split SOCKS client in the client computing device, and a split SOCKS server disposed in the private portion of the data communications network, said communicative link forming an authenticated tunnel; and
  
  ,establishing a sub-channel over said authenticated tunnel for each pair of client applications and server applications, wherein application data associated with each pair can be passed through said authenticated tunnel over said sub-channel.
- View Dependent Claims (14, 15, 16)
- - 14. The machine readable storage of claim 13, further comprising the steps of:
    - inspecting an authentication credential for each additional client application requesting a connection through said split SOCKS server with a corresponding server application; and
      
      ,if said inspected authentication credential compares to an authentication credential already inspected when establishing one of said authenticated tunnel and said sub-channels, establishing a new sub-channel for said additional client application and corresponding server application without forwarding said credential to said split SOCKS server.
  - 15. The machine readable storage of claim 13, further comprising the steps of:
    - detecting a break in said communicative link forming said authenticated tunnel; and
      
      ,responsive to detecting said break, re-establishing a communicative link between said split SOCKS client in the client computing device, and said split SOCKS server disposed in the private portion of the data communications network, said re-established communicative link re-forming said authenticated tunnel, and, passing application data between the client application and server application over said re-formed authenticated tunnel.
  - 16. The machine readable storage of claim 13, further comprising the steps of:
    - compressing said application data prior to passing said application data over said authenticated tunnel; and
      
      ,decompressing said compressed application data subsequent to passing said application data over said authenticated tunnel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
International Business Machines Corporation
Inventors
Jones, Douglas L., Wimer, William C. II
Primary Examiner(s)
Barroń, Jr.; Gilberto
Assistant Examiner(s)
SZYMANSKI, THOMAS M

Application Number

US10/097,950
Publication Number

US 20030177384A1
Time in Patent Office

2,028 Days
Field of Search

709/227, 709/230, 726 1- 34
US Class Current

726/12
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/02   based on web technology, e....

H04L 67/2876   Pairs of inter-processing e...

Efficient transmission of IP data using multichannel SOCKS server proxy

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Efficient transmission of IP data using multichannel SOCKS server proxy

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links