Constant access gateway and de-duplicated data cache server
First Claim
Patent Images
1. A method for initiating secure communication between a data store and a client device via a gateway, the method comprising:
- receiving, from the data store, a request to establish a control channel between the data store and the gateway;
receiving, at the gateway, from the client device, a first connection initiation request to establish a first connection between the client device and the gateway, the first connection initiation request including a connection request to the data store;
forwarding the connection request included in the first connection initiation request, from the gateway to the data store, via the control channel in response to receiving the first connection initiation request from the client device;
receiving, at the gateway, from the data store, a second connection initiation request to establish a second connection between the gateway and the data store;
receiving authentication information corresponding to the client device from the gateway at the data store via the control channel;
authenticating the client device on the basis of the received authentication information, and thereafter selectively establishing the second connection in dependence on the authentication;
joining, at the gateway, the first connection between the client device and the gateway and the second connection between the gateway and the data store;
determining, at the gateway, data flow mode for the client device based on a security policy associated with the client device, the data flow modes comprising an inflow only mode, an outflow only mode, and an inflow and outflow mode, wherein the inflow only mode permits inbound flow of data to the data store but does not permit outbound flow of data from the data store, wherein the outflow only mode permits outbound flow of data from the data store but does not permit inbound flow of data to the data store, and wherein the inflow and outflow mode permits inbound flow of data to the data store and outbound flow of data from the data store;
in response to receiving inbound data from the client device via the first connection at the gateway;
when the data flow mode is determined to be one of the inflow only mode or the inflow and outflow mode, transmitting, from the gateway, the received inbound data to the data store via the second connection; and
when the data flow mode is determined to be the outflow only mode, refusing to transmit, from the gateway, the received inbound data to the data store via the second connection;
in response to receiving outbound data from the data store via the second connection at the gateway;
when the data flow mode is determined to be one of the outflow only mode or the inflow and outflow mode, transmitting, from the gateway, the received outbound data to the client device via the first connection; and
when the data flow mode is determined to be the inflow only mode, refusing to transmit, from the gateway, the received outbound data to the client device via the first connection.
5 Assignments
0 Petitions
Accused Products
Abstract
An Constant Access Gateway provides secure access for remote mobile computing users to centrally stored data without requiring a VPN connection or a direct connection to the LAN in which the data resides. A Cache Server works alone or in conjunction with the Constant Access Gateway to provide distributed access to the centrally stored data. The Cache Server performs local storage of de-duplicated versions of the centrally stored data, and may interact with the Constant Access Gateway to maintain cache coherency with the central data store.
-
Citations
41 Claims
-
1. A method for initiating secure communication between a data store and a client device via a gateway, the method comprising:
-
receiving, from the data store, a request to establish a control channel between the data store and the gateway; receiving, at the gateway, from the client device, a first connection initiation request to establish a first connection between the client device and the gateway, the first connection initiation request including a connection request to the data store; forwarding the connection request included in the first connection initiation request, from the gateway to the data store, via the control channel in response to receiving the first connection initiation request from the client device; receiving, at the gateway, from the data store, a second connection initiation request to establish a second connection between the gateway and the data store; receiving authentication information corresponding to the client device from the gateway at the data store via the control channel; authenticating the client device on the basis of the received authentication information, and thereafter selectively establishing the second connection in dependence on the authentication; joining, at the gateway, the first connection between the client device and the gateway and the second connection between the gateway and the data store; determining, at the gateway, data flow mode for the client device based on a security policy associated with the client device, the data flow modes comprising an inflow only mode, an outflow only mode, and an inflow and outflow mode, wherein the inflow only mode permits inbound flow of data to the data store but does not permit outbound flow of data from the data store, wherein the outflow only mode permits outbound flow of data from the data store but does not permit inbound flow of data to the data store, and wherein the inflow and outflow mode permits inbound flow of data to the data store and outbound flow of data from the data store; in response to receiving inbound data from the client device via the first connection at the gateway; when the data flow mode is determined to be one of the inflow only mode or the inflow and outflow mode, transmitting, from the gateway, the received inbound data to the data store via the second connection; and when the data flow mode is determined to be the outflow only mode, refusing to transmit, from the gateway, the received inbound data to the data store via the second connection; in response to receiving outbound data from the data store via the second connection at the gateway; when the data flow mode is determined to be one of the outflow only mode or the inflow and outflow mode, transmitting, from the gateway, the received outbound data to the client device via the first connection; and when the data flow mode is determined to be the inflow only mode, refusing to transmit, from the gateway, the received outbound data to the client device via the first connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A system for providing secure communication between a data store and a client device via a gateway, the system comprising:
-
the data store configured to; store data in a computer-readable form; initiate a control channel with the gateway; and initiate a second connection with the gateway in response to receiving a connection request from the gateway at the data store; the gateway configured to; receive, at the gateway, from the client device, a first connection initiation request to establish a first connection between the client device and the gateway, the first connection initiation request including a connection request to the data store; forward the connection request included in the first connection initiation request to the data store via the control channel in response to receiving, over the first connection, the first connection initiation request from the client device; receive authentication information from the data store; and authenticate the data store on the basis of the received authentication information; establish the second connection to the data store; determine data flow mode for the client device based on a security policy associated with the client device, the data flow modes comprising an inflow only mode, an outflow only mode, and an inflow and outflow mode, wherein the inflow only mode permits inbound flow of data to the data store but does not permit outbound flow of data from the data store, wherein the outflow only mode permits outbound flow of data from the data store but does not permit inbound flow of data to the data store, and wherein the inflow and outflow mode permits inbound flow of data to the data store and outbound flow of data from the data store; in response to receiving inbound data from the client device via the first connection; when the data flow mode is determined to be one of the inflow only mode or the inflow and outflow mode, transmit the received inbound data to the data store via the second connection; and when the data flow mode is determined to be the outflow only mode, refuse to transmit the received inbound data to the data store via the second connection; in response to receiving outbound data from the data store via the second connection; when the data flow mode is determined to be one of the outflow only mode or the inflow and outflow mode, transmit the received outbound data to the client device via the first connection; and when the data flow mode is determined to be the inflow only mode, refuse to transmit the received outbound data to the client device via the first connection. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A gateway for facilitating secure communication between a data store and a client device, the gateway comprising:
-
a processor; and a memory comprising computer program code, wherein the processor is configured to process the computer program code and cause the gateway to; establish a control channel between the gateway and the data store, wherein the establishment of the control channel is initiated by the data store; receive, at the gateway, from the client device, a first connection initiation request to establish a first connection between the client device and the gateway, the first connection initiation request including a connection request to the data store; forward the connection request included in the first connection initiation request, from the gateway to the data store, via the control channel in response to receiving the first connection initiation request from the client device; establish a second connection between the gateway and the data store, wherein the establishment of the second connection is initiated by the data store in response to receiving the connection request from the gateway at the data store, wherein establishing the second connection between the gateway and the data store includes; receiving authentication information from the data store; authenticating the data store on the basis of the received authentication information; and selectively establishing the control channel based on the authentication; determine data flow mode for the client device based on a security policy associated with the client device, the data flow modes comprising an inflow only mode, an outflow only mode, and an inflow and outflow mode, wherein the inflow only mode permits inbound flow of data to the data store but does not permit outbound flow of data from the data store, wherein the outflow only mode permits outbound flow of data from the data store but does not permit inbound flow of data to the data store, and wherein the inflow and outflow mode permits inbound flow of data to the data store and outbound flow of data from the data store; in response to receiving inbound data from the client device via the first connection; when the data flow mode is determined to be one of the inflow only mode or the inflow and outflow mode, transmit the received inbound data to the data store via the second connection; and when the data flow mode is determined to be the outflow only mode, refuse to transmit the received inbound data to the data store via the second connection; in response to receiving outbound data from the data store via the second connection; when the data flow mode is determined to be one of the outflow only mode or the inflow and outflow mode, transmit the received outbound data to the client device via the first connection; and when the data flow mode is determined to be the inflow only mode, refuse to transmit the received outbound data to the client device via the first connection. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
-
Specification