Systems and methods for protecting network devices
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network;
authenticating the client device by the computer system;
receiving, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with, wherein the authenticating the client device includes the computer system verifying a digital signature in the client access list via a signature key shared between the gateway and the authentication server;
in response to the digital signature being correct, verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and
establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway.
6 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access.
132 Citations
19 Claims
-
1. A computer-implemented method comprising:
-
receiving, by a computer system implementing a gateway to a private network, a request from a client device for a network tunnel between the client device and a network device in the private network; authenticating the client device by the computer system; receiving, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with, wherein the authenticating the client device includes the computer system verifying a digital signature in the client access list via a signature key shared between the gateway and the authentication server; in response to the digital signature being correct, verifying, by the computer system, that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establishing, by the computer system, the network tunnel between the client device and the network device in the private network through the gateway. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A non-transitory, computer-readable medium storing instructions that, when executed, cause a computer system implementing a gateway to a private network to:
-
receive a request from a client device for a network tunnel between the client device and a network device in the private network; authenticate the client device; receive, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with, wherein the authenticating of the client device includes the computer system verifying a digital signature in the client access list via a signature key shared between the gateway and the authentication server; in response to the digital signature being correct, verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establish the network tunnel between the client device and the network device in the private network through the gateway.
-
-
19. A computer system implementing a gateway, the computer system comprising:
-
a processor; and a non-transitory memory in communication with the processor and storing instructions that, when executed by the processor, cause the computer system to; receive a request from a client device for a network tunnel between the client device and a network device in the private network; authenticate the client device; receive, from an authentication server in communication with the computer system, a client access list that includes a list of network devices the client device is allowed to communicate with, wherein the authenticating of the client device includes the computer system verifying a digital signature in the client access list via a signature key shared between the gateway and the authentication server; in response to the digital signature being correct, verify that the network device in the private network is part of the list of network devices the client device is allowed to communicate with; and establish the network tunnel between the client device and the network device in the private network through the gateway.
-
Specification