Reducing network configuration complexity with transparent virtual private networks
First Claim
1. In a private network comprising a resource and a firewall, which acts as a gateway by controlling client desired access to the private network resource, a method of establishing a connection to the private network resource while balancing authentication processing requirements between a client and the firewall to mutually guard against denial of service attacks, the method comprising the acts of:
- receiving, by the firewall, a request from the client to access the private network resource, wherein the request from the client is made to the private network resource without any knowledge of the firewall;
requesting, by the firewall, the client to provide one or more client credentials to authenticate the client;
sending, by the firewall, one or more firewall credentials to authenticate the firewall, wherein generating the one or more firewall credentials consumes some level of limited firewall processing resources;
receiving one or more client credentials at the firewall, wherein generating the one or more client credentials consumes some level of limited client processing resources similar in magnitude with the consumption of the limited firewall processing resources;
verifying, by the firewall, the one or more client credentials;
establishing a secure channel for accessing the private network resource in response to the verification of the one or more client credentials; and
forwarding data from the client destined to the private network resource through the firewall using the secure channel.
2 Assignments
0 Petitions
Accused Products
Abstract
A firewall acts as a transparent gateway to a server within a private network by initiating an unsolicited challenge to a client to provide authentication credentials. After receiving the client'"'"'s credentials, the firewall verifies the authentication credentials and establishes a secure channel for accessing the server. Data destined for the server from the client may be forwarded through the firewall using the secure channel. The firewall may sign, or otherwise indicate that data forwarded to the server is from a client that the firewall has authenticated. The firewall also may provide some level of authentication to the client. While connected to the server, the client may access other servers external to the private network without having the data associated with the other servers pass through the private network. The firewall reduces configuration information that a client otherwise must maintain to access various private network servers.
109 Citations
51 Claims
-
1. In a private network comprising a resource and a firewall, which acts as a gateway by controlling client desired access to the private network resource, a method of establishing a connection to the private network resource while balancing authentication processing requirements between a client and the firewall to mutually guard against denial of service attacks, the method comprising the acts of:
-
receiving, by the firewall, a request from the client to access the private network resource, wherein the request from the client is made to the private network resource without any knowledge of the firewall;
requesting, by the firewall, the client to provide one or more client credentials to authenticate the client;
sending, by the firewall, one or more firewall credentials to authenticate the firewall, wherein generating the one or more firewall credentials consumes some level of limited firewall processing resources;
receiving one or more client credentials at the firewall, wherein generating the one or more client credentials consumes some level of limited client processing resources similar in magnitude with the consumption of the limited firewall processing resources;
verifying, by the firewall, the one or more client credentials;
establishing a secure channel for accessing the private network resource in response to the verification of the one or more client credentials; and
forwarding data from the client destined to the private network resource through the firewall using the secure channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. In a private network comprising a resource and a firewall, which acts as a gateway by controlling client desired access to the private network resource, a method of establishing a connection to the private network resource while balancing authentication processing requirements between a client and the firewall to mutually guard against denial of service attacks, the method comprising steps for:
-
initiating a series of authentication transactions designed to impose commensurable processing burdens on the client requesting access to the private network resource and the firewall operating as a gateway for the private network, wherein the client initially is unaware that the firewall operates as a gateway for the private network, and wherein each authentication transaction incrementally increases a level of trust between the client and the firewall until the authentication of the client and the firewall are sufficiently verified;
for each of the series of authentication transactions;
authenticating to the client in accordance with one of the series of authentication transactions; and
challenging the client to authenticate in a manner requiring similar processing burdens; and
granting the client access to the private network resource through the firewall upon completing the series of authentication transactions. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. In a private network comprising a resource and a firewall, which acts as a gateway by controlling client desired access to the private network resource, a computer readable media carrying computer executable instructions that implement a method of establishing a connection to the private network resource while balancing authentication processing requirements between a client and the firewall to mutually guard against denial of service attacks, the method comprising the acts of:
-
receiving, by the firewall, a request from the client to access the private network resource, wherein the request from the client is made to the private network resource without any knowledge of the firewall;
requesting, by the firewall, the client to provide one or more client credentials to authenticate the client;
sending, by the firewall, one or more firewall credentials to authenticate the firewall, wherein generating the one or more firewall credentials consumes some level of limited firewall processing resources;
receiving one or more client credentials at the firewall, wherein generating the one or more client credentials consumes some level of limited client processing resources similar in magnitude with the consumption of the limited firewall processing resources;
verifying, by the firewall, the one or more client credentials;
establishing a secure channel for accessing the private network resource in response to the verification of the one or more client credentials; and
forwarding data from the client destined to the private network resource through the firewall using the secure channel. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. In a private network comprising a resource and a firewall, which acts as a gateway by controlling client desired access to the private network resource, a computer readable media carrying computer executable instructions that implement a method of establishing a connection to the private network resource while balancing authentication processing requirements between a client and the firewall to mutually guard against denial of service attacks, the method comprising steps for:
-
initiating a series of authentication transactions designed to impose commensurable processing burdens on the client requesting access to the private network resource and the firewall operating as a gateway for the private network, wherein the client initially is unaware that the firewall operates as a gateway for the private network, and wherein each authentication transaction incrementally increases a level of trust between the client and the firewall until the authentication of the client and the firewall are sufficiently verified;
for each of the series of authentication transactions;
authenticating to the client in accordance with one of the series of authentication transactions; and
challenging the client to authenticate in a manner requiring similar processing burdens; and
granting the client access to the private network resource through the firewall upon completing the series of authentication transactions. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. In a private network comprising a server and a firewall, which acts as a gateway by controlling access to the server, a method of providing access to the server through the firewall without a client knowing about the firewall, the method comprising the acts of:
-
receiving at the firewall, an access request from the client that is directed to the server because the client does not know that the firewall operates as a gateway for the server;
generating one or more authentication credentials at the firewall that demonstrate a level of trust between the server and the firewall;
the firewall sending a request for the client to authenticate to the firewall, the request including the one or more firewall authentication credentials so that the client knows of the level of trust between the server and the firewall without having to make a separate request;
receiving at the firewall, one or more authentication credentials from the client;
the firewall verifying the one or more client authentication credentials; and
thereafter, allowing the client to access the server through the firewall. - View Dependent Claims (46, 47, 48, 49, 50, 51)
-
Specification