×

Method and system for transmitting information across a firewall

  • US 7,316,028 B2
  • Filed: 11/07/2002
  • Issued: 01/01/2008
  • Est. Priority Date: 12/28/2001
  • Status: Expired due to Fees
First Claim
Patent Images

1. A method of transmitting information across a firewall among a plurality of computers, at least one first of the computers being at a first side of the firewall and at least one second of the computers being at a second side of the firewall, wherein at least one first proxy at the first side of the firewall and at least one second proxy at the second side of the firewall are associated respectively with the at least one first computer and with the at least one second computer, including the steps of:

  • generating a plurality of firewall-incompatible messages that enable a server that is connected to the at least one second of the computers at the second side of the firewall to manage resources of the at least one first computer at the first side of the firewall;

    establishing a pass-through communication tunnel that directly connects each first and second proxy, the communication tunnel being secured by mutual authentication of the corresponding first and second proxies;

    causing a transmitting one of the computers to send a firewall-incompatible message, of the plurality of firewall-incompatible messages, for a receiving one of the computers at the other side of the firewall to a transmitting one of the associated at least one proxy;

    sending the firewall-incompatible message from the transmitting proxy to a receiving one of the at least one proxy at the other side of the firewall through the corresponding tunnel;

    associating the firewall-incompatible message with the receiving computer; and

    forwarding the firewall-incompatible message from the receiving proxy to the receiving computer,wherein each first computer consists of an endpoint in a demilitarized zone and each second computer consists of a gateway in a private network,further including the steps under the control of the second proxy of;

    receiving a message of an initial login type encrypted with a shared static key from the first proxy, the initial login message being indicative of a request for an initial login from a first computer and being associated with an indication of a first address and a first logical connection of the first computer,deciphering the initial login message using the static key,allocating a corresponding listening logical connection to the second proxy,storing a memory structure associating the listening logical connection with the first address and the first logical connection,updating the initial login message by replacing the first logical connection with the listening logical connection, andencrypting the initial login message using the static key;

    wherein the at least one first computer and the at least one first proxy consist of a plurality of first computers and a plurality of first proxies, respectively, an identifier of the first proxies being stored in a further memory structure on the second proxy, and further including the steps under the control of the second proxy of;

    associating the identifier of a current first proxy from which the initial login message is received with the corresponding first address and first logical connection in the memory structure,determining the current proxy corresponding to each message received from each second computer using the memory structure, andtransmitting the message to the current first proxy when available or to a different one of the associated first proxies in the further memory structure otherwise.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×