Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-06-30
2001-05-15
Iqbal, Nadeem (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06233688
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The invention relates generally to the field of computer networking. More specifically, the invention relates to protocols and conventions for computer inter-networking.
2. Description of the Related Art
From within a corporate “intranet” network or a shared private network, the methods and protocols for local area access to computers, devices and data resources within the network is well defined and somewhat uniform, under the control of the administrators of those networks. When users attempt to gain access to those same devices, computers and resources from outside the network, such access is referred to as “remote access”. In the past, the most popular physical topology for remote access is a direct dial into a modem bank, which may be at the corporate site or provided for by an ISP (Internet Service Provider). However, this topology impose a heavy administrative burden and monetary cost especially when remote access is attempted through long distance or international toll calls. Thus, there has been a recent trend to provide remote access through an Internet connection. With Internet remote access, the IP (Internet Protocol) connection can be obtained first using any available method, and thus the intranet does not need to maintain a direct physical access point such as a dial-in modem bank. Once a user is “on the Internet” (has achieved an IP connection), a multitude of different protocols and services (limited by the connectivity features of the intranet) can be used on the user's “client” to gain remote access into the intranet. In order to gain remote access, the client must pass the intermediary step, in most cases, of traversing a firewall. The traversal of the firewall can be achieved by using gateway specific software, SSL (Secure Sockets Layer) mechanisms and so on.
Specific client software must have support and awareness of specific firewall traversal methods, and thus generic client software cannot be utilized to penetrate the intranet. For example, a client application such as Netscape™ may not be able to traverse the firewall since it lacks the means with which to express entry parameters to “support” the private intranet's firewall scheme. Thus, users are often limited to using software that specifically understands and communicates with the intranet. This restricts the choice of client software greatly such that only a limited set of client applications out of all the multitude of programs available can be used when accessing that private intranet.
These schemes typically tie the firewall access mechanism to the application, instead of making it transparent by placing it inside the underlying networking support. There is a need for general naming mechanism in order to separate application from firewall traversal mechanisms. Furthermore, the firewall has no standard format to download traversal configuration into the client after authentication.
Thus, there is a need for a generic scheme for allowing client applications to be transparent to the remote access and firewall traversal procedure. The scheme should permit any type of remote access/firewall traversal and security method/protocol to be recognized and operated independent of the client application.
SUMMARY OF THE INVENTION
The invention provides a generic naming scheme for remote access and firewall traversal in the form of a uniform resource locator (RAFT URL). The RAFT URL may be provided to any client application, regardless of compatibility with the remote access/firewall traversal method, which then launches another executable module. The executable module performs the remote access/firewall traversal method and interacts with the operating environment to obtain data transport mechanisms. These mechanisms permit the client application to transact with private resources beyond the firewall. The remote access/firewall traversal procedure is made transparent to the client application, and thus, a wider array of client applications may be chosen for the data session with the resources beyond the firewall.
REFERENCES:
patent: 5818019 (1999-06-01), Valencia
patent: 5822539 (1998-10-01), Van Hoff
patent: 5944823 (1999-08-01), Jade et al.
patent: 5950195 (1999-09-01), Stockwell et al.
patent: 5987611 (1999-11-01), Freund
patent: 5999979 (1999-12-01), Vellanki et al.
patent: 6061797 (2000-05-01), Jade et al.
patent: 6073176 (2000-06-01), Baindur et al.
patent: 6088796 (2000-07-01), Cianfrocca et al.
Blakely & Sokoloff, Taylor & Zafman
Iqbal Nadeem
Sun Microsystems Inc.
LandOfFree
Remote access firewall traversal URL does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Remote access firewall traversal URL, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Remote access firewall traversal URL will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2445525