Providing security for external access to a protected computer network

US 7,552,471 B2
Filed: 03/06/2006
Issued: 06/23/2009
Est. Priority Date: 03/12/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method of sending a request, comprising:

receiving via an external network an external request sent using a first security procedure, wherein the external request comprises a request from a requesting party for response data associated with an internal computer system associated with an internal network;

normalizing at least a portion of the external request into a common format;

applying a decision tree to the normalized external request to determine an action to take in response to the external request; and

sending to the internal computer system, after applying the decision tree to the normalized external request and using a second security procedure based at least in part on the results of the application of the decision tree, an internal request for said response data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for providing controlled access via an external network to a resource residing on an internal network. An external request addressed to a first computer system associated with the internal network is received at the first computer system via the external network. The external request comprises a request from a requesting party for response data from a second computer system associated with the internal network. At least part of the content of the external request is analyzed at the first computer system to determine whether the request is authorized. If it is determined that the request is authorized, the request is processed.

Citations

19 Claims

1. A method of sending a request, comprising:
- receiving via an external network an external request sent using a first security procedure, wherein the external request comprises a request from a requesting party for response data associated with an internal computer system associated with an internal network;
  
  normalizing at least a portion of the external request into a common format;
  
  applying a decision tree to the normalized external request to determine an action to take in response to the external request; and
  
  sending to the internal computer system, after applying the decision tree to the normalized external request and using a second security procedure based at least in part on the results of the application of the decision tree, an internal request for said response data.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as recited in claim 1, wherein at least one of the first security procedure and the second security procedure is associated with Extensible Markup Language (XML).
  - 3. A method as recited in claim 1, wherein using the first security procedure to send the external request allows a recipient of the external request to determine whether the external request is authorized.
  - 4. A method as recited in claim 1, wherein the first security procedure and second security procedure are associated with different credentials.
  - 5. A method as recited in claim 1, wherein the first security procedure and second security procedure comprise different authentication methods.
  - 6. A method as recited in claim 1, wherein the first security procedure and second security procedure comprise different techniques to verify the integrity of a network communication.
  - 7. A method as recited in claim 1, wherein the first security procedure and second security procedure comprise different encryption methods.
  - 8. A method as recited in claim 1, wherein the first security procedure and second security procedure are associated with different security policy rules.
  - 9. A method as recited in claim 1, wherein the first security procedure and second security procedure are associated with different protocols.
  - 10. A method as recited in claim 1, further comprising analyzing at least a portion of the content of the external request to determine that the external request is authorized and sending the internal request based at least in part on the determination that the external request is authorized.
  - 11. A method as recited in claim 1, further comprising storing, for use when sending the response data to the sender of the external request, information associated with the first security procedure.
  - 12. A method as recited in claim 1, wherein the internal request is generated at a mediating firewall that received the external request.
  - 13. A method as recited in claim 1, wherein the second security procedure is at least in part determined using one or more policy rules.

14. A system for sending a request, comprising:
- an external network interface configured to receive an external request sent using a first security procedure and to normalize at least a portion of the external request into a common format, wherein the external request comprises a request from a requesting party for response data associated with an internal computer system associated with an internal network; and
  
  one or more processors coupled to the external network interface and configured to apply a decision tree to the normalized external request to determine an action to take in response to the external request, the process being further configured to send to the internal computer system, after applying the decision tree to the normalized external request and using a second security procedure based at least in part on the results of the application of the decision tree, an internal request for said response data.
- View Dependent Claims (15, 16, 17)
- - 15. A system as recited in claim 14, wherein at least one of the first security procedure and the second security procedure is associated with Extensible Markup Language (XML).
  - 16. A system as recited in claim 14, wherein the first security procedure and second security procedure are associated with different credentials.
  - 17. A system as recited in claim 14, wherein the processor is further configured to analyze at least a portion of the content of the external request to determine that the external request is authorized and to send the internal request to the internal computer system based at least in part on the determination that the external request is authorized.

18. A computer program product for sending a request, the computer program product being embodied in a computer readable storage medium and comprising computer instructions for:
- receiving via an external network an external request sent using a first security procedure, wherein the external request comprises a request from a requesting party for response data associated with an internal computer system associated with an internal network;
  
  normalizing at least a portion of the external request into a common format;
  
  applying a decision tree to the normalized external request to determine an action to take in response to the external request; and
  
  sending to the internal computer system, after applying the decision tree to the normalized external request and using a second security procedure based at least in part on the results of the application of the decision tree, an internal request for said response data.
- View Dependent Claims (19)
- - 19. A computer program product as recited in claim 18, wherein at least one of the first security procedure and the second security procedure is associated with Extensible Markup Language (XML).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Reactivity, Inc. (Cisco Systems, Inc.)
Inventors
Hanson, Michael, Roddy, Brian J., Lilly, John O. III
Primary Examiner(s)
Revak; Christopher A

Application Number

US11/370,259
Publication Number

US 20060253901A1
Time in Patent Office

1,205 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0218   Distributed architectures, ...

H04L 63/0236   Filtering by address, proto...

H04L 63/0245   Filtering by information in...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Providing security for external access to a protected computer network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Providing security for external access to a protected computer network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links