Secure communications between internet and remote client

US 7,702,901 B2
Filed: 01/07/2004
Issued: 04/20/2010
Est. Priority Date: 04/05/2002
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating at a middleware server of an intranet a time-limited, non-public server key;

preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby;

the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;

establishing at the internal server a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet;

receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating a designated internal server of the intranet, the designated internal server being coupled to the internal server within the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer;

performing at the middleware server a public key encryption to establish secure communication with the internal server designated by the location information;

receiving at the middleware server a session key from the internal server;

encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server;

providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;

receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and

patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for securing communications within a computer network that includes wireless devices is presented. The method involves the use of a middleware server, which allows ill-performing and potentially insecure communications protocols to be off-loaded onto a more powerful machine running in a more secure environment, e.g., within a company'"'"'s Intranet. The method can be practiced with any symmetric encryption algorithm, and can be combined with additional security methods, such as asymmetric encryption methods.

Citations

24 Claims

1. A method comprising:
- generating at a middleware server of an intranet a time-limited, non-public server key;
  
  preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby;
  
  the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;
  
  establishing at the internal server a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet;
  
  receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating a designated internal server of the intranet, the designated internal server being coupled to the internal server within the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer;
  
  performing at the middleware server a public key encryption to establish secure communication with the internal server designated by the location information;
  
  receiving at the middleware server a session key from the internal server;
  
  encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and
  
  patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18, 21)
- - 2. The method of claim 1, wherein the step of preloading the time-limited, non-public server key by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet is performed using at least one of a physical file storage media, a direct cable, or a file share within the intranet.
  - 3. The method of claim 1, wherein the non-secure network is the internet.
  - 4. The method of claim 1, further comprising:
    - during the time period when the client computer is remotely coupled to the intranet via the non-secure network, receiving at the middleware server a connection from the client computer using a particular communications protocol on a port that is not well known for that particular protocol.
  - 5. The method of claim 1, wherein communications between the middleware server and the client computer are encrypted using the 3DES algorithm.
  - 6. The method of claim 1, wherein communications between the middleware server and the client computer are encrypted using the Blowfish algorithm.
  - 7. The method of claim 1, wherein communications between the middleware server and the client computer are encrypted using the DESX algorithm.
  - 8. The method of claim 1, wherein communications between the middleware server and the client computer are encrypted using the IDEA algorithm.
  - 9. The method of claim 1, wherein the location information designating the designated internal server of the intranet is an IP address of the designated internal server.
  - 10. The method of claim 1, wherein the location information designating the designated internal server of the intranet is a host name of the designated internal server.
  - 18. The method of claim 1, further comprising:
    - the middleware server receiving public key encrypted messages from at least one of the client computer or the internal server;
      
      the middleware server performing public key decryption of the public key encrypted messages; and
      
      the middleware server further relaying at least one of a decrypted public key encrypted message of the client to the server or a decrypted public key encrypted message of the server to the client.
  - 21. The method of claim 1, further comprising:
    - following an initial communication session over the non-secure network between the client computer and the middleware server using the time-limited, non-public server key, using the same time-limited, non-public server key to communicate between the middleware server and the client computer over the non-secure network during a communication session subsequent to the initial communication session, wherein;
      
      the time-limited, non-public server key is configured to support the secure communications between the middleware server and the client computer throughout multiple communications sessions during a time period in which the client computer is remotely coupled to the intranet via the non-secure network.

11. In a computer system comprising an intranet and a client computer, a method comprising:
- preloading at the client computer from a middleware server of the intranet a time-limited, non-public server key of the middleware server of the intranet, said preloading comprising securely copying the time-limited, non-public key within the intranet from the middleware server to the client computer, prior to when the client computer is remotely coupled to the intranet, whereby;
  
  the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;
  
  establishing at the client computer a remote coupling with the internal server over a non-secure network when the client computer is remote from the intranet;
  
  when the client computer is remotely coupled to the intranet via the non-secure network, encrypting at the client computer information identifying a location of a designated internal server of one or more internal servers of the intranet, said encryption performed by using the time-limited, non-public server key of the middleware server;
  
  sending, over a second data transfer path which is not the secure data transfer path and which is part of the non-secure network the encrypted location information to the middleware server;
  
  receiving an encrypted session key from the middleware server over the second data transfer path, wherein said session key is a session key generated by the designated internal server of the intranet;
  
  decrypting the session key of the designated internal server by using the time-limited server key of the middleware server; and
  
  when the client computer is remotely coupled to the intranet via the non-secure network, communicating with the internal server via a two-way communications link using the session key of the internal server.
- View Dependent Claims (12, 19, 22)
- - 12. The method of claim 11, wherein:
    - the secure copying comprises at least one of copying via a physical file storage media, a file share within the intranet, or a direct cable; and
      
      the second data transfer path is the Internet.
  - 19. The method of claim 11, further comprising offloading from the client computer to the middleware server public key cryptography tasks for public key encrypted messages sent from the client computer.
  - 22. The method of claim 11, further comprising:
    - following an initial communication session over the non-secure network between the client computer and middleware server using the time-limited, non-public server key, using the same time-limited, non-public server key to communicate between the client computer and the middleware server over the non-secure network during a communication session subsequent to the initial communication session, wherein;
      
      the time-limited, non-public server key is configured to support the secure communication between the client computer and the middleware server throughout multiple communication sessions during a time period in which the client computer is remotely coupled to the intranet via the non-secure network.

13. A middleware server computing device configured to establish secure two-way network communications between a designated internal server of the intranet and a client when the client is remotely coupled to the intranet via a non-secure network, comprising:
- a processor;
  
  a server key component configured to generate a time-limited, non-public server key;
  
  a storage component configured to store the time-limited, non-public server key;
  
  a preloading component configured to preload the time-limited, non-public server key by securely copying the time-limited, non-public server key to the client within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby;
  
  the client and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via the non-secure network;
  
  a communications component configured to;
  
  establish a remote coupling with the client computer over the non-secure network when the client computer is remote from the intranet;
  
  receive from the client, when the client computer is remotely coupled to the intranet via the non-secure network, a location information for the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client;
  
  request a connection with the designated internal server specified by the location information;
  
  receive from the designated internal server an internal server generated session key;
  
  send to the client the internal server generated session key as a time- limited, non-public server key encrypted session key;
  
  receive from the client, when the client computer is remotely coupled to the intranet via the non-secure network, a session key encrypted connection information for a connection between the client and the internal server;
  
  send to the internal server the session key encrypted connection information; and
  
  when the client computer is remotely coupled to the intranet via the non-secure network, patch a two-way connection through to the client from the designated internal server, whereby the client computer and the internal server are enabled to use the session key of the internal server for two-way communication; and
  
  a cryptography component configured to;
  
  produce the location information for the designated internal server by decrypting the location information received from the client, the decryption performed by using the time-limited, non-public server key, andencrypt the internal server generated session key using the time-limited, non-public server key of the middleware server to produce the server key encrypted session key.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The middleware server of claim 13, further comprising a public key encryption component configured to perform public key encryption tasks offloaded from at least one of the client or the internal server.
  - 15. The middleware server of claim 14, wherein the public key encryption component is further configured to process public key encrypted messages sent between the client and the internal server.
  - 16. The middleware server of claim 13, further comprising a pre-determined port for connection of the client to the middleware server.
  - 17. The middleware server of claim 13, wherein the communication component is further configured to:
    - receive from the designated internal server an algorithm identification; and
      
      send to the client a server key encrypted algorithm identification; and
      
      the cryptography component is further configured to;
      
      encrypt the algorithm identification using the server key to create the server key encrypted algorithm identification.

20. A method for secure two-way communications between a first computer and a second computer, comprising:
- generating at the first computer an algorithm identification for an encryption algorithm method selected from among a plurality of encryption algorithm methods;
  
  establishing a secure communications link between the first computer and the second computer, wherein the secure communications link comprises a secure encryption key known to the first computer and to the second computer;
  
  encrypting at the first computer with the secure encryption key the algorithm identification, wherein a secure encryption key encrypted algorithm identification is generated;
  
  communicating from the first computer to the second computer via the secure communications link the secure encryption key encrypted algorithm identification; and
  
  at least one of;
  
  encrypting at the first computer according to the encryption algorithm method identified by the algorithm identification a first message, and sending the first message to the second computer;
  
  wherein the first message is thereby capable of being decrypted by the second computer according to the encryption algorithm method identified by the algorithm identification message;
  
  orreceiving at the first computer a second message sent from the second computer, the second message having been encrypted by the second computer according to the encryption algorithm method identified by the algorithm identification;
  
  wherein the second message is thereby capable of being decrypted by the first computer according to the encryption algorithm method identified by the algorithm identification.

23. A system to establish and maintain secure two-way communications between a client computer and a designated internal server, the internal server being part of an intranet, the intranet further comprising a middleware server coupled to the internal server and capable of communicating with the client computer when the client computer is remotely located from the intranet, said system comprising a computing device programmed to:
- generate at the middleware server a time-limited, non-public server key;
  
  cause the middleware server to provide to the client computer the time-limited, non-public server key via a secure coupling within the intranet, wherein;
  
  the client computer is securely pre-authenticated to the middleware server while the client computer is within the Intranet; and
  
  the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;
  
  cause the middleware server to receive from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer;
  
  cause the middleware server to perform a public key encryption necessary to establish secure communication with the internal server designated by the location information;
  
  cause the middleware server to receive a session key from the internal server;
  
  cause the middleware server to encrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  cause the middleware server to provide the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  cause the middleware server to receive from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and
  
  cause the middleware server to patch two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.

24. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
- generating at a middleware server of an intranet a time-limited, non-public server key;
  
  preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby;
  
  the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;
  
  establishing at an internal server of the intranet a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet;
  
  receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer;
  
  performing at the middleware server a public key encryption necessary to establish secure communication with the internal server designated by the location information;
  
  receiving at the middleware server a session key from the internal server;
  
  encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;
  
  receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and
  
  patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Xylon LLC (Intellectual Ventures LLC)
Original Assignee
Stavros Investments LLC (Intellectual Ventures LLC)
Inventors
Ferguson, Derek M.
Primary Examiner(s)
Lanier; Benjamin E
Assistant Examiner(s)
Almeida; Devin

Application Number

US10/753,232
Publication Number

US 20040143735A1
Time in Patent Office

2,295 Days
Field of Search

713/753
US Class Current

713/153
CPC Class Codes

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04W 12/033   of the user plane, e.g. use...

H04W 12/06   Authentication

Secure communications between internet and remote client

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Secure communications between internet and remote client

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links