Relaying messages through a firewall
First Claim
1. In a computing network that includes a first computer system located outside of a firewall, and a second computer system located inside the firewall, a computer program product comprising computer storage media containing computer-executable instructions for implementing a method of relaying messages through the firewall between a first relay component located outside the firewall and a second relay component located inside the firewall, and wherein the method is comprised of acts of:
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters which are configured to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
encoding parameters, compression parameters, encryption parameters, transfer protocol parameters, security parameters, and ordering guarantee parameters;
said first relay component and said application running on the first computer system negotiating a second set of communication parameters, the second set of communication parameters insufficient for communicating through the firewall, the second set of communication parameters reusing at least one parameter from the first set of communications parameters, the first set of parameters having a first value for the at least one reused parameter and the second set of parameters having a second different value for the at least one reused parameter;
said first computing system sending the message to the first relay component in accordance with the second set of communication parameters, the message intended for delivery to the application running on the second computing system, prior to relaying the message through the firewall to the second relay component located inside the firewall, said first relay component configuring the message for relay through the firewall, including;
transforming the message so that it conforms to the first set of communication parameters, transforming including;
encoding the message and the second set of communication parameters into an encoded element to obscure the meaning of the second set of communication parameters, including the second value for the at least one reused parameter, from the firewall such that the second set of communication parameters can pass through the firewall for subsequent interpretation by the application running on the second computing system but are prevented from interfering with the firewall'"'"'s interpretation of the first communication parameters; and
encapsulating the encoded element in a second message, the second message configured in accordance with the first set of communication parameters, including the first value for the at least one reused parameter; and
mapping the second message to an address for the application running on the second computing system inside the firewall; and
the first relay component then sending the second message through the firewall to the second relay component located inside the firewall in accordance with the first set of communication parameters.
2 Assignments
0 Petitions
Accused Products
Abstract
The present invention extends to methods, systems, and computer program products for relaying messages through firewalls. A message relay negotiates first communication parameters with relay components inside a firewall and (potentially different) second communication parameters with applications outside the firewall. The message relay receives a message from an outside application in accordance with the second negotiated parameters and maps an electronic address in the received message to an inside application. The message relay transforms the message and sends the transformed message over an established connection through the firewall to a relay component in accordance with the first negotiated parameters. The relay component receives the transformed message and transforms the transformed message back into the message. The relay component delivers the message to the inside application in accordance with the second negotiated parameters.
-
Citations
15 Claims
-
1. In a computing network that includes a first computer system located outside of a firewall, and a second computer system located inside the firewall, a computer program product comprising computer storage media containing computer-executable instructions for implementing a method of relaying messages through the firewall between a first relay component located outside the firewall and a second relay component located inside the firewall, and wherein the method is comprised of acts of:
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters which are configured to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
encoding parameters, compression parameters, encryption parameters, transfer protocol parameters, security parameters, and ordering guarantee parameters;
said first relay component and said application running on the first computer system negotiating a second set of communication parameters, the second set of communication parameters insufficient for communicating through the firewall, the second set of communication parameters reusing at least one parameter from the first set of communications parameters, the first set of parameters having a first value for the at least one reused parameter and the second set of parameters having a second different value for the at least one reused parameter;
said first computing system sending the message to the first relay component in accordance with the second set of communication parameters, the message intended for delivery to the application running on the second computing system, prior to relaying the message through the firewall to the second relay component located inside the firewall, said first relay component configuring the message for relay through the firewall, including;
transforming the message so that it conforms to the first set of communication parameters, transforming including;
encoding the message and the second set of communication parameters into an encoded element to obscure the meaning of the second set of communication parameters, including the second value for the at least one reused parameter, from the firewall such that the second set of communication parameters can pass through the firewall for subsequent interpretation by the application running on the second computing system but are prevented from interfering with the firewall'"'"'s interpretation of the first communication parameters; and
encapsulating the encoded element in a second message, the second message configured in accordance with the first set of communication parameters, including the first value for the at least one reused parameter; and
mapping the second message to an address for the application running on the second computing system inside the firewall; and
the first relay component then sending the second message through the firewall to the second relay component located inside the firewall in accordance with the first set of communication parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters which are configured to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
-
8. In a computing network that includes a first computer system located outside of a firewall, and a second computer system located inside the firewall, a computer program product comprising computer storage media containing computer-executable instructions for implementing a method of relaying messages through the firewall between a first relay component located outside the firewall and a second relay component located inside the firewall, and wherein the method is comprised of acts of:
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
encoding parameters, compression parameters, encryption parameters, transfer protocol parameters, security parameters, and ordering guarantee parameters;
said first relay component and said application running on the first computer system negotiating a second set of communication parameters, the second set of communication parameters insufficient for communicating through the firewall, the second set of communication parameters reusing at least one parameter from the first set of communications parameters, the first set of parameters having a first value for the at least one reused parameter and the second set of parameters having a second different value for the at least one reused parameter, the second set of relay components used in configuring messages sent from the application running at the first computing system to the first relay component;
said second relay component receiving a message from the first relay component, the message having been relayed through the firewall in accordance with the first set of communication parameters, the message being mapped by the first relay component to an address for the application running on the second computing system inside the firewall, and transformed by the first relay component so that it conforms to the first set of communication parameters, including the first value for the at least one reused parameter, the transformation including;
an encapsulated encoded element in the message, the encoded element representing another message sent from the application running on the first computer system to the first relay component in accordance with the second set of communication parameters, the encoded element obscuring the meaning of the second set of communication parameters, including the second value for the at least one reused parameter, from the firewall such that the second set of communication parameters can be passed through the firewall for subsequent interpretation by the application running on the second computing system without interfering with the firewall'"'"'s interpretation of the first communication parameters, including the first value for the at least one reused parameter; and
the second relay component then unwrapping the encoded element encapsulated in the received message to reveal the other message so that the other message conforms once again to the second set of communication parameters including the second value for the at least one reused parameter;
the second relay component then delivering the other message to the application running on the second computing system located inside the firewall; and
the second computing system then sending back to the first computing system a reply message configured in accordance with the second set of communication parameters. - View Dependent Claims (9, 10, 11, 12, 13)
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
-
14. In a computing network that includes a first computer system located outside of a firewall, and a second computer system located inside the firewall, a computer program product comprising computer storage media containing computer-executable instructions for implementing a method of relaying messages through the firewall between a first relay component located outside the firewall and a second relay component located inside the firewall, and wherein the method is comprised of acts of:
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
encoding parameters, compression parameters, encryption parameters, transfer protocol parameters, security parameters, and ordering guarantee parameters;
said first relay component and said application running on the first computer system negotiating a second set of communication parameters, the second set of communication parameters insufficient for communicating through the firewall, the second set of communication parameters reusing at least one parameter from the first set of communication parameters, the first set of communication parameters having a first value for the at least one common parameter and the second set of communication parameters having a second different value for the at least one common parameter;
said first computing system sending the message to the first relay component in accordance with the second set of communication parameters, the message intended for delivery to the application running on the second computing system;
prior to relaying the message through the firewall to the second relay component located inside the firewall, said first relay component configuring the message for relay through the firewall, including;
transforming the message so that it conforms to the first set of communication parameters, transforming including;
encoding the message and the second set of communication parameters into an encoded element to obscure the meaning of the second set of communication parameters, including the second value for the at least one reused parameter, from the firewall such that the second set of communication parameters can pass through the firewall for subsequent interpretation by the application running on the second computing system but are prevented from interfering with the firewall'"'"'s interpretation of the first communication parameters, including the first value for the at least one reused parameter; and
encapsulating the encoded element in a second message, the second message configured in accordance with the first set of communication parameters, including the first value for the at least one reused parameter; and
mapping the second message to an address for the application running on the second computing system inside the firewall; and
the first relay component then sending the second message through the firewall to the second relay component located inside the firewall in accordance with the first set of communication parameters, including the first value for the at least one reused parameter;
the second relay component then unwrapping the encoded element form the second message to reveal the message so that the message conforms once again with the second set of communication parameters, including the second value for the at least one reused parameter;
the second relay component then delivering the message to the application running on the second computing system located inside the firewall in accordance with the second set of communication parameters;
the second computing system then sending back to the first computing system a reply message configured in accordance with the second set of communication parameters; and
the first computing system thereafter receiving the reply message. - View Dependent Claims (15)
- the first and second relay components negotiating a first set of communication parameters, the first set of communication parameters to control how the first relay component is to relay messages through the firewall to the second relay component, including relaying a message from an application running on a first computer system located outside the firewall to an application running on a second computer system located inside the firewall, and wherein the first set of communication parameters include one or more of the following parameters;
Specification