Method and system for providing secure access to private networks

US 7,620,719 B2
Filed: 06/05/2003
Issued: 11/17/2009
Est. Priority Date: 06/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method for processing resource requests provided to an intermediate server from a client via a computer network, said method comprising:

receiving a resource request for a particular resource, the resource request being provided to the intermediate server from the client via the computer network;

extracting an identifier associated with a destination server from the resource request;

requesting, based on the identifier, the particular resource from the destination server;

receiving, in response to the request, the particular resource from the destination server;

modifying the particular resource to redirect internal resource requests to the intermediate server, where the modifying of the particular resource modifies at least one source file address within the particular resource, the at least one source file address pertaining to an applet;

sending the modified particular resource to the client;

receiving, from the client, an applet code request for the applet identified within the modified particular resource;

requesting applet code for the applet from a remote server via the computer network;

receiving the applet code from the remote server in response to said requesting of the applet code;

modifying the applet code to redirect external communications from the applet through the intermediate server; and

sending the modified applet code to the client.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Improved approaches for providing secure remote access to resources maintained on private networks are disclosed. According to one aspect, predetermined elements, such as applets, can be modified to redirect all communications to and from an application server through an intermediate server. The intermediate server in turn communicates with the application servers. According to another aspect, a communication framework can be provided to funnel communication between an applet and a server through a communication layer so as to provide managed and/or secured communications there between.

70 Citations

View as Search Results

21 Claims

1. A method for processing resource requests provided to an intermediate server from a client via a computer network, said method comprising:
- receiving a resource request for a particular resource, the resource request being provided to the intermediate server from the client via the computer network;
  
  extracting an identifier associated with a destination server from the resource request;
  
  requesting, based on the identifier, the particular resource from the destination server;
  
  receiving, in response to the request, the particular resource from the destination server;
  
  modifying the particular resource to redirect internal resource requests to the intermediate server, where the modifying of the particular resource modifies at least one source file address within the particular resource, the at least one source file address pertaining to an applet;
  
  sending the modified particular resource to the client;
  
  receiving, from the client, an applet code request for the applet identified within the modified particular resource;
  
  requesting applet code for the applet from a remote server via the computer network;
  
  receiving the applet code from the remote server in response to said requesting of the applet code;
  
  modifying the applet code to redirect external communications from the applet through the intermediate server; and
  
  sending the modified applet code to the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. A method as recited in claim 1, where the applet code is bytecode for the applet.
  - 3. A method as recited in claim 1, where the particular resource is a markup language document.
  - 4. A method as recited in claim 3, where the markup language document is a HTML page.
  - 5. A method as recited in claim 1, where the computer network includes at least a portion of the Internet.
  - 6. A method as recited in claim 1, where the remote server is the destination server.
  - 7. A method as recited in claim 1, where said modifying of the particular resource comprises:
    - identifying, within the particular resource, a predetermined element that includes at least a first network address; and
      
      modifying the first network address within the predetermined element of the particular resource to a second network address that pertains to the intermediate server.
  - 8. A method as recited in claim 7, where said identifying identifies the predetermined element through use of predetermined tags.
  - 9. A method as recited in claim 7, where the particular resource is a markup language document.
  - 10. A method as recited in claim 8, where the markup language document is a HTML page.
  - 11. A method as recited in claim 10, where the predetermined tags are HTML tags.
  - 12. A method as recited in claim 7, where the second network address includes at least a hostname pertaining to the intermediate server.
  - 13. A method as recited in claim 12, where the second network address further has a suffix that includes at least the first network address.
  - 14. A method as recited in claim 7, where the predetermined element pertains to an applet.
  - 15. A method as recited in claim 14, where the predetermined element is a predetermined attribute of the applet.
  - 16. The method of claim 1, where modifying the particular resource includes:
    - identifying at least one element that specifies the applet within the particular resource;
      
      determining whether the at least one element includes a codebase attribute;
      
      inserting a default codebase attribute into the at least one element when it is determined that the at least one element does not include a codebase attribute; and
      
      modifying the codebase attribute of the at least one element.

17. A computer-implemented system, comprising:
- an intermediate server to;
  
  intercept a request for a web resource sent from a client to a destination server;
  
  reformat the request for the web resource;
  
  send the reformatted request for the web resource to the destination server;
  
  retrieve the web resource from the destination server;
  
  modify the web resource to redirect subsequent resource requests from the client to the intermediate server; and
  
  send the modified web resource to the client;
  
  receive a request from the client for an applet code identified within the web resource;
  
  reformat the request for the applet code;
  
  send the reformatted request for the applet code to the destination server;
  
  receive the applet code from the destination server;
  
  modify the applet code to redirect external communications associated with the applet code through the intermediate server; and
  
  send the modified applet code to the client.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The computer-implemented system of claim 17, where, when modifying the web resource, the intermediate server is to:
    - modify at least one source file address within the web resource, the at least one source file address pertaining to an applet.
  - 19. The computer-implemented system of claim 17, where the intermediate server includes a modifier that modifies one of links or attribute values within the web resource.
  - 20. The computer-implemented system of claim 17, where, when modifying the web resources, the intermediate server is to:
    - identify an applet element within the web resource,determine whether the applet element includes a codebase attribute,insert a particular codebase attribute into the applet element when it is determined that the applet element does not include a codebase attribute; and
      
      modify the codebase attribute when it is determined that the applet element includes a codebase attribute or modify the particular codebase attribute when it is determined that the applet element does not include a codebase attribute.
  - 21. The computer-implemented system of claim 20, where, when modifying the codebase attribute, the intermediate server is to:
    - translate, when the codebase attribute specifies an absolute uniform resource locator, the absolute uniform resource locator to a uniform resource locator that points to the intermediate server, andwhen the codebase attribute specifies a uniform resource locator, the intermediate server is configured to;
      
      construct the absolute uniform resource locator, andtranslate the constructed absolute uniform resource locator to a uniform resource locator that points to the intermediate server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Pulse Secure, LLC (Ivanti Software, Inc.)
Original Assignee
Juniper Networks Incorporated
Inventors
Xia, Zeqing, Tock, Theron
Primary Examiner(s)
Etienne; Ario
Assistant Examiner(s)
Higa; Brendan Y

Application Number

US10/456,354
Publication Number

US 20030229718A1
Time in Patent Office

2,357 Days
Field of Search

709/246, 709238-239, 709223-226, 709/245, 709/229, 709217-219, 709201-203, 726 11- 14, 726 26- 30
US Class Current

709/225
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

H04L 67/01   Protocols

H04L 67/561   Adding application-function...

H04L 67/563   Data redirection of data ne...

H04L 67/564   Enhancement of application ...

H04L 69/162   involving adaptations of so...

Method and system for providing secure access to private networks

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

70 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for providing secure access to private networks

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

70 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links