Method and apparatus for effecting secure communications
First Claim
Patent Images
1. A method of effecting secure communications between a server and a client, the server executed in a server computer, the method comprising:
- detecting, at the server computer, a client connection at a first port;
providing, by the server computer, the client with a decoy port number; and
providing, by the server computer, services to the client on a second port having a second port number that is mapped to the decoy port number, wherein the second port number is different from the decoy port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique to effect secure communications with a server application, such as server applications that are accessible on the Internet. In one embodiment, a client connection is detected at a first port. The client is provided with a decoy port number. A server provides services to the client on a second port that is mapped to the decoy port number.
38 Citations
22 Claims
-
1. A method of effecting secure communications between a server and a client, the server executed in a server computer, the method comprising:
-
detecting, at the server computer, a client connection at a first port; providing, by the server computer, the client with a decoy port number; and providing, by the server computer, services to the client on a second port having a second port number that is mapped to the decoy port number, wherein the second port number is different from the decoy port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port. - View Dependent Claims (2, 3, 4, 19)
-
-
5. A computer system comprising:
-
a plurality of ports, each port having a respective port number;
a server application; and
a routine that, if executed, is operative to;detect a client connection at a fast port;
provide the client with a decoy port number; and
provide services to the client on a second port having a second port number that is mapped to the decoy port number, wherein the second port number is different from the decoy port number;maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port. - View Dependent Claims (6, 7, 20, 21)
-
-
8. A server computer system comprising:
- a plurality of ports, each port having a respective port number;
a first server application; anda first routine that is associated with the first server application and that, if executed, is operative to;
detect a client connection at a first port;
transmit a decoy port number to the client;
terminate the connection to the first port; andprovide services to the client on a second port having a second port number that is mapped to the decoy port number, the second port number being a valid port number that is different from the decoy port number; a second server application; and a second routine that is associated with the second server application and that, if executed, is operative to;
detect a client connection at a third port;
transmit a second decoy port number to the client;
terminate the connection to the third port; and
provide services to the client on a fourth port having a fourth port number that is mapped to the second decoy port number, the fourth part number being another valid port number that is different from the second decoy port number;
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port. - View Dependent Claims (9)
- a plurality of ports, each port having a respective port number;
-
10. A method executed by a client computer, comprising:
- attempting to access a server application on a first port of a server computer;
receiving, from the server computer, a decoy port number that is an invalid port number;
translating the decoy port number to a valid port number; and
connecting to the server application on the valid port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the secondport. - View Dependent Claims (11, 12, 13)
- attempting to access a server application on a first port of a server computer;
-
14. A computer system comprising:
- a plurality of ports, each port having a respective port number;
an application; andmeans for effecting secure access to the application by redirecting a client from a first port to a second port, wherein the means for effecting secure access comprises; a routine that, if executed, is operable to provide the client with a decoy port number that maps to a second port number of the second port, wherein the decoy port number is an invalid port number and the second port number is valid port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the tablemaintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port.
- a plurality of ports, each port having a respective port number;
-
15. An article comprising a non-transitory machine-readable storage medium that comprises instructions that, if executed, cause n server computer to:
-
detect a connection at a first port of the server computer by a client application; transmit, to the client application, a decoy port number, wherein the decoy port number is an invalid port number; and cause a server application in the server computer to be launched at a second port that has a second port number mapped to the decoy port number, the second port number being a valid port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the table maintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port. - View Dependent Claims (22)
-
-
16. A client/server system comprising:
- a server computer system; and
a server application installed on the sever computer system and comprising instructions that, if executed on the server computer system, are effective to;
detect a connection at a first port by a client application;
transmit, to the client application, a decoy port number, wherein the decoy portnumber is an invalid port number; terminate the connection on the first port; and provide services to the client application on a second port having a second port number that is mapped to the decoy port number; and
maintaining, in the server computer, a table of available decoy port numbers that are mapped to valid port numbers wherein the tablemaintained in the server computer corresponds to a second table maintained at a client computer on which the client is executed, the second table mapping decoy numbers to valid port numbers at the client computer;
monitoring the second port for a connection by the client, andif there is no connection by the client within a predetermined time interval, terminating execution of the server on the second port. - View Dependent Claims (17, 18)
- a server computer system; and
Specification