Secure communications between internet and remote client
First Claim
Patent Images
1. A method comprising:
- generating at a middleware server of an intranet a time-limited, non-public server key;
preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby;
the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network;
establishing at the internal server a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet;
receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating a designated internal server of the intranet, the designated internal server being coupled to the internal server within the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer;
performing at the middleware server a public key encryption to establish secure communication with the internal server designated by the location information;
receiving at the middleware server a session key from the internal server;
encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server;
providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server;
receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and
patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for securing communications within a computer network that includes wireless devices is presented. The method involves the use of a middleware server, which allows ill-performing and potentially insecure communications protocols to be off-loaded onto a more powerful machine running in a more secure environment, e.g., within a company'"'"'s Intranet. The method can be practiced with any symmetric encryption algorithm, and can be combined with additional security methods, such as asymmetric encryption methods.
-
Citations
24 Claims
-
1. A method comprising:
-
generating at a middleware server of an intranet a time-limited, non-public server key; preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby; the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network; establishing at the internal server a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet; receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating a designated internal server of the intranet, the designated internal server being coupled to the internal server within the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer; performing at the middleware server a public key encryption to establish secure communication with the internal server designated by the location information; receiving at the middleware server a session key from the internal server; encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server; providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server; receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 18, 21)
-
-
11. In a computer system comprising an intranet and a client computer, a method comprising:
-
preloading at the client computer from a middleware server of the intranet a time-limited, non-public server key of the middleware server of the intranet, said preloading comprising securely copying the time-limited, non-public key within the intranet from the middleware server to the client computer, prior to when the client computer is remotely coupled to the intranet, whereby; the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network; establishing at the client computer a remote coupling with the internal server over a non-secure network when the client computer is remote from the intranet; when the client computer is remotely coupled to the intranet via the non-secure network, encrypting at the client computer information identifying a location of a designated internal server of one or more internal servers of the intranet, said encryption performed by using the time-limited, non-public server key of the middleware server; sending, over a second data transfer path which is not the secure data transfer path and which is part of the non-secure network the encrypted location information to the middleware server; receiving an encrypted session key from the middleware server over the second data transfer path, wherein said session key is a session key generated by the designated internal server of the intranet; decrypting the session key of the designated internal server by using the time-limited server key of the middleware server; and when the client computer is remotely coupled to the intranet via the non-secure network, communicating with the internal server via a two-way communications link using the session key of the internal server. - View Dependent Claims (12, 19, 22)
-
-
13. A middleware server computing device configured to establish secure two-way network communications between a designated internal server of the intranet and a client when the client is remotely coupled to the intranet via a non-secure network, comprising:
-
a processor; a server key component configured to generate a time-limited, non-public server key; a storage component configured to store the time-limited, non-public server key; a preloading component configured to preload the time-limited, non-public server key by securely copying the time-limited, non-public server key to the client within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby; the client and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via the non-secure network; a communications component configured to; establish a remote coupling with the client computer over the non-secure network when the client computer is remote from the intranet; receive from the client, when the client computer is remotely coupled to the intranet via the non-secure network, a location information for the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client; request a connection with the designated internal server specified by the location information; receive from the designated internal server an internal server generated session key; send to the client the internal server generated session key as a time- limited, non-public server key encrypted session key; receive from the client, when the client computer is remotely coupled to the intranet via the non-secure network, a session key encrypted connection information for a connection between the client and the internal server; send to the internal server the session key encrypted connection information; and when the client computer is remotely coupled to the intranet via the non-secure network, patch a two-way connection through to the client from the designated internal server, whereby the client computer and the internal server are enabled to use the session key of the internal server for two-way communication; and a cryptography component configured to; produce the location information for the designated internal server by decrypting the location information received from the client, the decryption performed by using the time-limited, non-public server key, and encrypt the internal server generated session key using the time-limited, non-public server key of the middleware server to produce the server key encrypted session key. - View Dependent Claims (14, 15, 16, 17)
-
-
20. A method for secure two-way communications between a first computer and a second computer, comprising:
-
generating at the first computer an algorithm identification for an encryption algorithm method selected from among a plurality of encryption algorithm methods; establishing a secure communications link between the first computer and the second computer, wherein the secure communications link comprises a secure encryption key known to the first computer and to the second computer; encrypting at the first computer with the secure encryption key the algorithm identification, wherein a secure encryption key encrypted algorithm identification is generated; communicating from the first computer to the second computer via the secure communications link the secure encryption key encrypted algorithm identification; and at least one of; encrypting at the first computer according to the encryption algorithm method identified by the algorithm identification a first message, and sending the first message to the second computer; wherein the first message is thereby capable of being decrypted by the second computer according to the encryption algorithm method identified by the algorithm identification message;
orreceiving at the first computer a second message sent from the second computer, the second message having been encrypted by the second computer according to the encryption algorithm method identified by the algorithm identification; wherein the second message is thereby capable of being decrypted by the first computer according to the encryption algorithm method identified by the algorithm identification.
-
-
23. A system to establish and maintain secure two-way communications between a client computer and a designated internal server, the internal server being part of an intranet, the intranet further comprising a middleware server coupled to the internal server and capable of communicating with the client computer when the client computer is remotely located from the intranet, said system comprising a computing device programmed to:
-
generate at the middleware server a time-limited, non-public server key; cause the middleware server to provide to the client computer the time-limited, non-public server key via a secure coupling within the intranet, wherein; the client computer is securely pre-authenticated to the middleware server while the client computer is within the Intranet; and the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network; cause the middleware server to receive from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer; cause the middleware server to perform a public key encryption necessary to establish secure communication with the internal server designated by the location information; cause the middleware server to receive a session key from the internal server; cause the middleware server to encrypt the session key of the internal server using the time-limited, non-public server key of the middleware server; cause the middleware server to provide the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server; cause the middleware server to receive from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and cause the middleware server to patch two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.
-
-
24. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method comprising:
-
generating at a middleware server of an intranet a time-limited, non-public server key; preloading the time-limited, non-public server key to a client computer by securely copying the time-limited, non-public server key from the middleware server to the client computer within the intranet, prior to when the client computer is remotely coupled to the intranet, whereby; the client computer and the middleware server are configured to communicate using the time-limited, non-public server key when the client computer is remotely coupled to the intranet via a non-secure network; establishing at an internal server of the intranet a remote coupling with the client computer over a non-secure network when the client computer is remote from the intranet; receiving at the middleware server from the client computer, when the client computer is remotely coupled to the intranet via the non-secure network, a location information designating the designated internal server of the intranet, the location information being a time-limited, non-public server key encrypted location information encrypted by the client computer; performing at the middleware server a public key encryption necessary to establish secure communication with the internal server designated by the location information; receiving at the middleware server a session key from the internal server; encrypting at the middleware server the session key of the internal server using the time-limited, non-public server key of the middleware server; providing from the middleware server the encrypted session key of the internal server to the client computer, thereby enabling the client computer to decrypt the session key of the internal server using the time-limited, non-public server key of the middleware server; receiving at the middleware server from the client computer a session key encrypted connection information for a connection between the client computer and the internal server; and patching via the middleware server two-way communications between the client computer and the internal server, whereby the client computer is enabled to use the session key of the internal server to establish encrypted two-way communication between the client computer and the internal server when the client computer is remotely coupled to the intranet via the non-secure network.
-
Specification