Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing
Reexamination Certificate
1999-05-18
2004-04-06
Lin, Wen Tai (Department: 2154)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
C709S217000, C709S219000, C709S229000, C713S152000, C713S152000
Reexamination Certificate
active
06718388
ABSTRACT:
BACKGROUND OF THE INVENTION
The present invention relates to network data communications, and more particularly to establishing a secure data communication session between a public user and an internal host in which the host and internal network are secured from unauthorized access.
The proliferation of users and services on global computer networks such as the Internet raises security concerns for both users and service providers. Users want the data they submit to providers and the data they receive from providers to be free from unauthorized interception and use. Similarly, service providers want their hosts and systems secured from unauthorized access and intrusion by “hackers”. Service providers, especially those involved with financial services view their computing hardware and software as critical assets. These service providers rely on the trust of their customers who assume that no one will be able to access customer records or otherwise negatively impact the service.
Prior on-line services used dedicated dial-up facilities, and customized security software on the user's terminal and the host system to prevent unauthorized access. In other words, users were forced to access the service provider's system by dialing a special telephone number. Transmitted data was secured by encryption, and incoming dial-up calls were only accepted from authorized users. Security software was also implemented on the provider's host system. This became very inefficient and cumbersome as users began to subscribe to multiple on-line services.
Global computer networks such as the Internet allow users to access many different hosts and services from their computers via a single access connection. While this has enhanced users' abilities to access information and conduct business, global networking has complicated service providers' security mechanisms. For example, a service provider must allow inbound (from the network to the service) access to their site for everybody. This results from the service providers' inability to be sure of the originating computer address, such as a TCP/IP (Transmission Control Protocol/Internet Protocol) address from which actual or prospective users will communicate. It is too inefficient and impractical to allow access on an address by address basis, especially since computer addresses can change every time a user connects to their network access provider. As a result, service providers must allow access for the entire network community, and service providers are forced to use other methods to secure access to their hosts, and to secure the data contained on their hosts.
Security systems and methods have been developed which employ the use of special security software on both the user's terminal and the host system. These types of security systems use a public and private key pair challenge mechanism using data encryption and digital signatures for authentication. This provides a secure session, but every user must have a copy of this software in order to access the host. Service providers offering this type of access software must offer customers installation support and problem determination services, and must also update the special software as needed. This increases the complexity of the system and drives up the cost of providing the service.
Other encryption software, such as Secure Sockets Layer (SSL) handshake protocol is used for client and host authentication. SSL is application independent and negotiates encryption keys and allows the user terminal to authenticate the host prior to allowing data communications. SSL is typically implemented in Internet web browser software. Thus, it facilitates secure data transmission between a user and a host. This allows a user to be sure that communication between their terminal and the host is free from unauthorized interception, but still does not protect the service provider's host from security attacks.
Service providers have attempted to secure their hosts by interposing firewalls and proxy servers between their hosts and the user community. Firewalls are typically programmed to restrict inbound access to a particular set of users, or to restrict access to a particular set of hosts or ports, i.e., services. In a system using a proxy server, the user terminal communicates with the proxy server which in turn communicates with the host. In this configuration, a user establishes a session with a proxy server and the proxy server establishes a session with the host.
As discussed above, restricting user access is not practical, and restricting services still leaves a security hole through which crafty hackers can enter. In other words, since a small opening must be maintained in the firewall to establish the inbound connection, is it still possible for unauthorized users to access the host.
Further security breaches are possible because firewalls typically allow direct session communications between the user's terminal and the host system. Direct session communication refers to a user terminal addressing data packets such that the final destination address is indicated as the terminus host machine. This provides the user with the actual host address. It is desired to protect the host address in confidence such that users do not know what the host address is and can not attempt to send unauthorized data directly to the host in an attempt to access it in a manner which is not desired by the service provider.
The security exposure situation is not improved much through the use of a proxy server, because a hacker who compromises the proxy server can use the proxy server as a base for accessing the provider's hosts. In a typical proxy server environment, the network and any firewalls must “trust” the proxy and allow data communications to flow between the proxy and the host. In other words, hosts must accept data transmitted from a proxy, and firewalls must allow traffic to or from the proxy to users and hosts to flow freely.
As discussed above, in a typical communication session between a user and a host through a proxy server, the proxy server accepts the user's inbound (from user to server) session connection request, and invokes a new session request between the proxy server and the host. Although this arrangement and method hides the host address from the user, a connection is still established by the proxy server to the host. Thus, any interposing firewalls must allow the proxy to establish a connection with a host. As a result, gaining access to the proxy, authorized or unauthorized, allows access to a provider's host.
FIG. 1
shows an example of a typical security hardware arrangement. In a typical environment, such as the Internet, users
2
need to access a service available on host
4
through public network
6
. In addition, a person responsible for managing host
4
will access that host using management terminal
8
through private network
10
. Public network
6
is a global computer network such as the Internet, whereas private network
10
is a corporation's intra-network. Security device
12
is interposed between public network
6
and private network
10
such that users
2
can communicate with host
4
, but are not permitted to communicate with private network
10
or any hosts thereon. Security device
12
can be a firewall or a proxy server. Security device
12
can be configured so that users on private network
10
can access public network
6
or host
4
. In the arrangement shown in
FIG. 1
, the placement of host
4
on a network segment accessible by both public network
6
users and private network
10
users is called a demilitarized zone (DMZ).
As discussed above, the arrangement of
FIG. 1
leaves open a number of potential security problems, and limits the placement of hosts to these DMZ segments. Using the prior art arrangement, a user
2
is establishing a direct session with host
4
, or a proxied session with host
4
through security device
12
. An unauthorized user who gains access to security device
12
may be a
Yarborough William Jordan
Zhuang Jia Jin
Dickstein , Shapiro, Morin & Oshinsky, LLP
JP Morgan Chase Bank
Lin Wen Tai
LandOfFree
Secured session sequencing proxy system and method therefor does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secured session sequencing proxy system and method therefor, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secured session sequencing proxy system and method therefor will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3188689