Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Patent
1996-10-21
1999-08-31
Bowler, Alyssa H.
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
380 25, G06F 1100
Patent
active
059448237
ABSTRACT:
A firewall isolates computer and network resources inside the firewall from networks, computers and computer applications outside the firewall. Typically, the inside resources could be privately owned databases and local area networks (LAN's), and outside objects could include individuals and computer applications operating through public communication networks such as the Internet. Usually, a firewall allows for an inside user or object to originate connection to an outside object or network, but does not allow for connections to be generated in the reverse direction; i.e. from outside in. The disclosed invention provides a special "tunneling" mechanism, operating on both sides of a firewall, for establishing such "outside in" connections when they are requested by certain "trusted" individuals or objects or applications outside the firewall. The intent here is to minimize the resources required for establishing "tunneled" connections (connections through the firewall that are effectively requested from outside), while also minimizing the security risk involved in permitting such connections to be made at all. The mechanism includes special tunneling applications, running on interface servers inside and outside the firewall, and a special table of "trusted sockets" created and maintained by the inside tunneling application. Entries in the trusted sockets table define objects inside the firewall consisting of special inside ports, a telecommunication protocol to be used at each port, and a host object associated with each port. Each entry is "trusted" in the sense that it is supposedly known only by individuals authorized to have "tunneling" access through the firewall from outside. These applications use the table to effect connections through the firewall in response to outside requests identifying valid table entries.
REFERENCES:
patent: 5283828 (1994-02-01), Saunders et al.
patent: 5416842 (1995-05-01), Aziz
patent: 5455953 (1995-10-01), Russell
patent: 5481715 (1996-01-01), Hamilton et al.
patent: 5602918 (1997-02-01), Chen et al.
patent: 5606617 (1997-02-01), Brands
patent: 5623600 (1997-04-01), Ji et al.
patent: 5623601 (1997-04-01), Vu
patent: 5632011 (1997-05-01), Landfield et al.
patent: 5680461 (1997-10-01), McManis
patent: 5692047 (1997-11-01), McManis
patent: 5696898 (1997-12-01), Baker et al.
patent: 5761669 (1998-06-01), Montague et al.
PCT International Preliminary Examination Report, Oct. 2, 1997, International Application No. PCT/GB97/02712.
Cheswick and Bellovin: "Firewalls and Internet Security, repelling the Willy Hacker"; Apr. 1994, Addison-Wesley Publishing Company; pp. 86 to 106.
Bryan J: "Firewalls for Sale"; Byte, vol. 20, No. 4, Apr. 1, 1995; pp. 99/100, 102, 104.
Ted Doty: "A firewall Overview"; Connexions, vol. 9, No. 7, Jul. 1995; pp. 20-23.
Bellovin S M et al: "Network Firewalls" IEEE Communications Magazine, vol. 32, No. 9, Sep. 1, 1994, pp. 50-57B.
Newman D et al: Can Firewalls Take the Heat?; Data Communications, vol. 24, No. 16, Nov. 21, 1995; pp. 71-78, 80.
Noritoshi Demizu et al; "DDT--A Versatile Tunneling Technology"; Computer Networks and ISDN Systems, vol. 27, No. 3, Dec. 1, 1994, pp. 493-502.
Symposium on Network and Distributed System Security, San Diego, Feb. 16-17, 1995, Proceedings, pp. 31-41.
Jade Prashanth
Moore Victor Stuart
Rao Arun Mohan
Walters Glen Robert
Bowler Alyssa H.
Davis Jr. Walter D.
International Business Machines Corporations
Lieber Robert
Tomlin Richard A.
LandOfFree
Outside access to computer resources through a firewall does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Outside access to computer resources through a firewall, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Outside access to computer resources through a firewall will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2425401