Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
2000-02-15
2002-02-19
Meky, Moustafa M. (Department: 2153)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Reexamination Certificate
active
06349336
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to message transfer across a firewall and, more particularly, to a method for enabling a device that is protected by a firewall to be controlled by a device external to the firewall.
BACKGROUND OF THE INVENTION
Computer data processing systems often include a group of peripheral devices, such as printers, connected to a processor or server, in a local area network (LAN). Software running on the processor allows an operator to configure operating parameters and monitor the performance of all of the locally connected peripherals.
In general, as features and conveniences offered by a computer system are enhanced, the software controlling the system becomes increasingly sophisticated and complex. Installation and troubleshooting of the system often requires specialized knowledge of the system and the peripherals. When confronted with a problem, the operator of the system often must obtain assistance from technical support personnel having this specialized knowledge.
An operator initially seeking assistance typically places a telephone call to a service center and speaks with a technical support representative. The representative first obtains information from the operator regarding the configuration of the particular system at issue, and thereafter guides the operator through an installation or troubleshooting procedure.
Technical support by telephone is almost always time consuming and expensive. It requires the resources of the operator and technical representative, and often involves a long distance telephone call. To be successful, both the operator and the representative must be capable of engaging in a prolonged dialogue and exchanging technical information and directions. This arrangement is susceptible to errors brought on by poor communication or inadequate training of the operator or representative. Even under the best of circumstances, there is no guarantee of success. An unsuccessful session or technical support by telephone can leave the operator with feelings ranging from annoyance to complete frustration, and tarnish the image of the vendor providing the support.
Technical service is improved when the representative has first hand access to the system at issue. This can be achieved by traveling to the site where the system is installed, but necessarily incurs the expense of traveling to and from the site. A preferable alternative is for the representative to have remote access to the system.
The Internet offers a channel by which remotely located computers may exchange information with one another. A first computer may send a request for information, across the Internet, to a second computer. The second computer then responds with a message that includes the desired information.
For purposes of security and system integrity, many organizations install firewalls that restrict the exchange of information with computers outside of the organization. A firewall is interposed between a local computer system and the Internet to block undesired incoming requests and information. Consequently, a local computer system that is protected by a firewall cannot be unconditionally accessed from a remote location.
Referring to
FIG. 1
, a local computer
50
and a remote computer
70
are coupled across the Internet
65
. A proxy machine
60
is operatively interposed between local computer
50
and the Internet
65
.
Proxy machine
60
interfaces with the Internet
65
on behalf of local computer
50
, and routes messages from the Internet
65
to local computer
50
only when authorized to do so. By way of example, local computer
50
initiates communication with remote computer
70
by sending a request
75
, via proxy machine
60
, to remote computer
70
. Request
75
includes proxy information in a hypertext transfer protocol (HTTP) header that authorizes proxy machine
60
to route a message from remote computer
70
to local computer
50
. Subsequently, remote computer
70
sends a response
80
, which proxy machine
60
routes to local computer
50
.
Proxy machine
60
serves as a firewall to protect the integrity of local computer
50
by preventing unauthorized messages from being routed to local computer
50
from the Internet
65
. Not only does proxy machine
60
block unauthorized incoming data, but it also blocks unauthorized incoming requests that would otherwise interrogate local computer
50
. Consequently, remote computer
70
cannot unconditionally write data to, or read data from local computer
50
.
Since local computer
50
must authorize proxy machine
60
to accept incoming messages on a per message basis, each message from remote computer
70
to local computer
50
must be initiated by local computer
50
. In a situation where several messages are exchanged, a pattern of requests and responses is necessary. Local computer
50
sends a request
75
, receives a response
76
, sends a request
77
, receives a response
78
, sends a request
79
, receives a response
80
, etc. In the general case, local computer
50
sends requests to, and receives responses from, remote computer
70
.
There is a need for a technical support representative to manage a computer system from which the representative is remotely located. Through remote access, the representative can configure, monitor and troubleshoot the system with little or no intervention on the part of an operator at the system site. Additionally, there is a need for the representative to access a computer system that is protected by a firewall restricting the representative's access to the computer system.
Accordingly, it is an object of the present invention to provide a method for a remote computer system to access a local computer system across the Internet, where a firewall is operatively interposed between the Internet and the local computer system.
It is another object of the present invention to provide a method for a remote computer system to communicate with a local computer system across the Internet, where a firewall is operatively interposed between the Internet and the local computer system and to control such communication through imposition of control functions that avoid a need for modification of applications running on either the local or remote computer systems.
SUMMARY OF THE INVENTION
The invention enables a tunneling action that allows a remote processor to communicate with a local processor when the remote processor is coupled to the local processor via a reverse proxy device, a computer network, a firewall device and a proxy agent device. Initially, the local processor establishes a communication channel with the remote processor by dispatching a local request message to the proxy agent device. The proxy agent device dispatches the local request message via the firewall and network to the reverse proxy device, thus enabling the firewall to receive a remote response message to the local request message. Thereafter, the remote processor issues a remote request message to the reverse proxy device, which in turn dispatches a remote response message with the remote request message contained therein, to the firewall. Upon receipt by the proxy agent device of the remote response message (via the firewall), the proxy agent device extracts and dispatches the remote request message to the local processor. Dispatch of a local response message by the local processor causes the proxy agent to incorporate the local response message into a local request message and to dispatch the local request message to the remote processor via the firewall and the reverse proxy device.
REFERENCES:
patent: 5790664 (1998-08-01), Coley et al.
patent: 5828893 (1998-10-01), Wied et al.
patent: 5941988 (1999-08-01), Bhagwat et al.
patent: 5944823 (1999-08-01), Jade et al.
patent: 6104716 (2000-08-01), Crichton et al.
patent: 6148346 (2000-11-01), Hanson
patent: 6185625 (2001-02-01), Tso et al.
Clough James
Nelson Dean S.
Sit Eric N.
Hewlett--Packard Company
Meky Moustafa M.
LandOfFree
Agent/proxy connection control across a firewall does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Agent/proxy connection control across a firewall, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Agent/proxy connection control across a firewall will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2976796