Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2001-08-16
2004-12-21
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S152000, C713S152000
Reexamination Certificate
active
06834342
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of data communication between computer systems. More specifically, it relates to a method of communication between a local computer system potentially protected by a firewall and a remote computer system connected to the local system via a public network.
2. Background Information
In the field of communications many systems exist for passing data from one point to another. A typical communication system consists of several layers. A low-level layer might include software designed to drive hardware devices, such as modems or Ethernet interface cards. An example of a fully featured top-level software transport layer that is designed to provide reliable end to end communications is the TCP/IP protocol. Computer Networks, by Andrew S. Tanenbaum, printed by Prentice Hall PTR, Upper Saddle River, N.J. 1996, provides a more detailed view of computer networks, TCP/IP and the OSI model.
This invention builds upon a number of established systems that can be readily understood by one skilled in the art. These systems are summarized as follows:
Protocol encapsulation: This is a technique where high-level communication messages are packaged into the payload of a lower level communication system. One example of this is the manner in which TCP/IP messages are packaged into Ethernet packets for communication over a local area network (LAN). In a similar way TCP/IP can be packaged into Frame Relay packets for communication over wide area networks (WAN), or into serial streams for communication over networks such as the Internet. Protocol encapsulation can also be application-specific, as described in Batz et al., U.S. Pat. No. 5,918,022 entitled Protocol for Transporting Reservation System Data Over A TCP/IP Network. The present invention, while possessing some limitations, is intended for general use and is not necessarily tied to any specific application.
TCP/IP: This basic communications medium is described in detail in the above referenced work by Tanenbaum and provides a reliable point-to-point communication system that applications can use to communicate. Protocol encapsulation methods have been written that can encapsulate TCP/IP requests into just about every conceivable low-level network transport, including Ethernet and PPP.
HTTP and HTTPS: HTTP is a high-level protocol that builds upon TCP/IP and was designed specifically to carry content between Web sites and Web browsers. HTTPS is a secure implementation of HTTP that is used for transmitting sensitive data such as credit card details.
HTTP firewalls and Proxies: With recent advances in electronic communications, corporations have begun to use public networks, specifically the internet, for internal communications, communications with clients, and for accessing public data stores such as third-party web sites. Corporations are normally connected to the Internet through dedicated communications links that are available on a permanent basis. However, Internet connectivity poses a great security risk to a corporation: any machine with a known address that can access the Internet is in turn accessible from any other machine on the Internet. To prevent unwanted third-party access, most corporations, and some individuals, deploy firewalls to secure their sites. A firewall is a computer software and hardware solution that allows communications to be originated only from within the secure site. For example, most firewalls allow outgoing HTTP traffic (Web page requests) and incoming replies to messages originated within the site (Web pages). Email is often allowed to pass directly into a secure site as it intended to be a passive form of communication. This ability to allow limited communication is often performed by a proxy. A proxy is a forwarding agent that receives a request for information from a computer within the secure site, passes it to a destination, and returns any responses to the originator. The combination of a firewall preventing access to machines within a secure site, and a proxy masking a secure machine's true identity, provide a level of security which most demand. Some corporations impose an even higher level of security by restricting, or denying completely, certain forms of outgoing communication. For example, many corporations permit only small amounts of data to be sent through their firewalls; this can be accomplished by denying HTTP POST requests and disabling all other upload protocols, such as FTP. More details can be found in Coley et al., U.S. Pat. No. 6,061,798 entitled, “Firewall System for Protecting Network Elements Connected To A Public Network.”
Tunnels: With the deployment of firewalls and proxies it became impossible, or at least quite difficult, to provide a bi-directional communication system between a computer within a secure site and another computer on the Internet. Several solutions exist that require special bypasses or tunnels to be added to firewalls, but these typically require additional applications to be executed on the firewall host. This is at the least an inconvenience, and often prohibited due to security considerations. For more detail, see Jade et al, U.S. Pat. No. 6,061,797 entitled “Tunnels Outside Access To Computer Resources Through A Firewall”; Birrell et al, U.S. Pat. No. 5,805,803 entitled, “Secure Web Tunnel,” and Aziz et al., U.S. Pat. No. 5,548,646 entitled, “System For Signatureless Transmission And Reception Of Data Packets Between Computer Networks.” The present application describes a system that does not deploy anything on a firewall host, and yet allows reliable two-way communications between local and remote applications using only HTTP. As discussed above, HTTP requests are normally successfully proxied through firewalls.
Encryption: While the present embodiment of the invention makes use of encryption to provide secure communications, it should be clear to one skilled in the art that any one of a number of available techniques could be used, and the invention is not dependent on the exact method used. It should also be apparent that a non secure embodiment of the invention is possible by not using encryption. For example, in one embodiment the process described in Hellman, et al., U.S. Pat. No. 4,200,770 entitled, “Cryptographic Apparatus and Method,” might be used.
SUMMARY OF THE PRESENT INVENTION
Methods and apparatus are disclosed which provide a system for secure and reliable communication between a pair of client computers, or a plurality of client computers residing on separate private networks, and connected via a public network such as the Internet. The communications described herein are designed to function even if a persistent link can not be established between the communicating computers. Further, the system described herein is designed to traverse any locally installed gateways or firewalls to obtain communicative access to a remote destination.
REFERENCES:
patent: 4200770 (1980-04-01), Hellman et al.
patent: 5548646 (1996-08-01), Aziz et al.
patent: 5570209 (1996-10-01), Usui et al.
patent: 5590199 (1996-12-01), Krajewski, Jr. et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5805803 (1998-09-01), Birrell et al.
patent: 5918022 (1999-06-01), Batz et al.
patent: 6061797 (2000-05-01), Jade et al.
patent: 6061798 (2000-05-01), Coley et al.
Hahad Mounir
Halliday David C.
Lauderback David W.
Potts Michael A. S.
Burns Doane , Swecker, Mathis LLP
EECAD, Inc.
Peeso Thomas R.
LandOfFree
Method and system for secure communication over unstable... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for secure communication over unstable..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for secure communication over unstable... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3279897