Network architecture for secure data communications
First Claim
1. A method for secure data communications, comprising:
- receiving an indication of a data communication from a device in an external network to a perimeter network, wherein the perimeter network includes one or more external edge nodes, one or more internal edge nodes and a plurality of proxy servers connected between the one or more external edge nodes and the one or more internal edge nodes;
selecting one of the plurality of proxy servers to receive the data communication via a first secure connection, wherein each of the plurality of proxy servers in the plurality of proxy servers is configured with configuration information such that the device connected to the external network is unable to discern said proxy server from the other of said plurality of proxy servers;
receiving a portion of the data communication over the first secure connection via the one or more external edge nodes and the selected proxy server;
establishing a second secure connection between the selected proxy server and an internal network, wherein establishing the second secure connection comprises providing the associated configuration information by the selected proxy server to the internal network via the one or more internal edge nodes;
transmitting the portion of the data communication from the selected proxy server to the internal network over the second secure connection;
determining that the selected proxy server is unavailable;
selecting another proxy server of the plurality of proxy servers to receive a remaining portion of the data communication over the first secure connection; and
transmitting the remaining portion of the data communication from the another proxy server to the internal network over the second secure connection,wherein the configuration information includes a digital certificate in each of the plurality of proxy servers and wherein the method further compriseswhen the first secure connection or the second secure connection is not successfully established, determining whether one of the plurality of proxy servers is unavailable;
when one of the plurality of proxy servers is unavailable, removing the unavailable proxy server from a list of available proxy servers; and
establishing the first secure connection or the second secure connection with one of the plurality of proxy servers on the list of available proxy servers.
1 Assignment
0 Petitions
Accused Products
Abstract
A network architecture includes a perimeter network connected between an internal network and an external network. The perimeter network includes one or more external edge nodes that are connected to the external network and a plurality of proxy servers that are each connected to one or more of the external edge nodes. One or more internal edge nodes are connected between the plurality of proxy servers and the internal network. The proxy servers are operable to establish a first secure connection between a destination through the external network and a second secure connection to a destination in the internal network. Each of the plurality of proxy servers provide a substantially identical identification for authentication when establishing the first and second secure connections.
-
Citations
21 Claims
-
1. A method for secure data communications, comprising:
-
receiving an indication of a data communication from a device in an external network to a perimeter network, wherein the perimeter network includes one or more external edge nodes, one or more internal edge nodes and a plurality of proxy servers connected between the one or more external edge nodes and the one or more internal edge nodes; selecting one of the plurality of proxy servers to receive the data communication via a first secure connection, wherein each of the plurality of proxy servers in the plurality of proxy servers is configured with configuration information such that the device connected to the external network is unable to discern said proxy server from the other of said plurality of proxy servers; receiving a portion of the data communication over the first secure connection via the one or more external edge nodes and the selected proxy server; establishing a second secure connection between the selected proxy server and an internal network, wherein establishing the second secure connection comprises providing the associated configuration information by the selected proxy server to the internal network via the one or more internal edge nodes; transmitting the portion of the data communication from the selected proxy server to the internal network over the second secure connection; determining that the selected proxy server is unavailable; selecting another proxy server of the plurality of proxy servers to receive a remaining portion of the data communication over the first secure connection; and transmitting the remaining portion of the data communication from the another proxy server to the internal network over the second secure connection, wherein the configuration information includes a digital certificate in each of the plurality of proxy servers and wherein the method further comprises when the first secure connection or the second secure connection is not successfully established, determining whether one of the plurality of proxy servers is unavailable; when one of the plurality of proxy servers is unavailable, removing the unavailable proxy server from a list of available proxy servers; and establishing the first secure connection or the second secure connection with one of the plurality of proxy servers on the list of available proxy servers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network system, comprising:
-
one or more external edge nodes connected to an external network; one or more internal edge nodes connected to an internal network; and a plurality of proxy servers connected between the external edge nodes and the internal edge nodes, wherein the system is configured to; receive an indication of a data communication from a device in the external network to a perimeter network, wherein the perimeter network includes the one or more external edge nodes, the one or more internal edge nodes and the plurality of proxy servers connected between the one or more external edge nodes and the one or more internal edge nodes; select one of the plurality of proxy servers to receive the data communication via a first secure connection, wherein each of the plurality of proxy servers in the plurality of proxy servers is configured with configuration information such that the device connected to the external network is unable to discern said proxy server from the other of said plurality of proxy servers; establish the first secure connection between the selected proxy server and the external network, wherein establishing the first secure connection comprises identifying the selected proxy server to the external network by providing the associated configuration information to the external network via the one or more external edge nodes; receive a portion of the data communication over the first secure connection via the one or more external edge nodes and the selected proxy server; establish a second secure connection between the selected proxy server and an internal network, wherein establishing the second secure connection comprises providing the associated configuration information by the selected proxy server to the internal network via the one or more internal edge nodes; transmit the portion of the data communication from the selected proxy server to the internal network over the second secure connection; determine that the selected proxy server is unavailable during receiving at least the portion of the data communication over the first secure connection; select another proxy server of the plurality of proxy servers to receive a remaining portion of the data communication over the first secure connection; and transmit the remaining portion of the data communication from the another proxy server to the internal network over the second secure connection, wherein the configuration information includes a digital certificate in each of the plurality of proxy servers and wherein the system is further configured to; when the first secure connection or the second secure connection is not successfully established, determine whether one of the plurality of proxy servers is unavailable; when one of the plurality of proxy servers is unavailable, remove the unavailable proxy server from a list of available proxy servers; and establish the first secure connection or the second secure connection with one of the plurality of proxy servers on the list of available proxy servers. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification