Electrical computers and digital processing systems: multicomput – Computer-to-computer session/connection establishing – Network resources access controlling
Reexamination Certificate
1999-12-30
2003-07-22
Wiley, David (Department: 2143)
Electrical computers and digital processing systems: multicomput
Computer-to-computer session/connection establishing
Network resources access controlling
C713S152000, C709S225000
Reexamination Certificate
active
06598083
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention is directed to communicating with a device on a network. More specifically, the present invention is directed to communicating over a non-continuous connection with a device on a network.
2. Description of Related Art and General Background
A network is a system of computers that are connected to each other (and possibly to terminals and other peripheral devices) by communications lines which may be physical and/or wireless. Each computer on a network may be generally classified as a ‘client’ (i.e. a computer that initiates requests) or a ‘server’ (i.e. a computer that receives and responds to requests), although a single computer may also perform different roles at different times. Transfers of information across the network are typically conducted in compliance with one or more network protocols to ensure that the information may be properly delivered and interpreted. One such protocol is the Hypertext Transfer Protocol or HTTP, an application-level protocol that provides a basis for information transfer across the Internet and is specified e.g. in RFC 2616 (“Hypertext Transfer Protocol—HTTP/1.1”), R. Fielding et al., June 1999, which document is available at http:/Hwww.ietf.org/rfc/rfc2616.txt. As shown in
FIG. 1
, HTTP is a query/response protocol in which an entity such as a client
30
directs a query for information to a specific resource (such as a file or web page, as identified by a Universal Resource Locator or URL) and another entity such as a server
40
forwards an appropriate response associated with that resource.
A local area network (or ‘LAN’) allows computers or terminals that are located near one another to share resources such as storage devices, printers, and other peripheral equipment. A LAN that is connected to a larger network may include one or more access points (or ‘gateways’) through which devices within the LAN may communicate with devices outside the LAN. Access control mechanisms (or ‘ACMs’) provide security against unauthorized access to the LAN by controlling or restricting the flow of information across the access points.
FIG. 2
, for example, shows a LAN
230
that is connected to the Internet
250
only through an ACM
20
a
. Due to the presence of ACM
20
a
at this access point, a remote computer
20
c
that is connected to the Internet
250
may not freely interact with devices connected to LAN
230
such as computer
10
a
. Any request for information that is sent by remote computer
20
c
to computer
10
a
will be scrutinized by ACM
20
a
and may be rejected.
One type of ACM is a firewall. The term ‘firewall’ indicates a protective layer that separates a computer network from external network traffic, and this layer may be implemented in software, hardware, or any combination of the two. For example, firewall application software may be installed on a server to create a combination called a ‘firewall server.’ Another type of ACM is a server (possibly a firewall server) running an application program that evaluates incoming requests according to a predefined set of rules (also called ‘packet filtering’). Such a device is called a ‘proxy server’ or simply a ‘proxy.’ To entities outside the network, the proxy may act as a server, receiving and evaluating incoming transmissions. To devices within the network, the proxy may act as a client, forwarding the incoming transmissions which conform to its rules. For example, the proxy may prevent executable files from entering the LAN but may pass all incoming responses to HTTP queries that were sent by devices within the LAN.
Unfortunately, the characteristics that make firewalls or proxies effective in controlling the flow of information into the network also lead to increased complexity and cost. For example, when an entity outside the LAN, such as remote computer
20
c
, seeks to be connected with an entity within the LAN, such as computer
10
a
, complex and/or costly changes to the ACM may be necessary to permit the connection. In addition, significant processing resources are consumed in evaluating all gateway traffic to ensure compliance with the network's security rules and thereby protect the network from potentially harmful traffic. Furthermore, it may be impractical and/or expensive to maintain a continuous connection between the LAN and the external network (e.g. the Internet).
Some solutions to these problems of overhead—such as setting aside a dedicated, open port in the firewall through which external traffic may enter—may create unacceptable security risks. Other, more secure solutions include virtual private networks (VPNs), which use encryption to allow users on different networks to exchange information with each other in a secure manner over the Internet. This encryption effectively creates a secure “tunnel” between sender and receiver so that even though the information may pass through many other entities during transmission, it is accessible only to the sender and the receiver.
Although a VPN offers a higher level of data security, no reduction in overhead processing is thereby achieved, as network traffic entering the LAN through the VPN must still pass through and be evaluated by the ACM. Adding a VPN to an existing network also involves a significant investment in resources and may introduce bugs or errors into a stable system. Furthermore, in many network installations it may not be feasible to reconfigure an existing ACM to support communication with every new external entity that may be desired, as such modifications require extensive resources and testing. It is desirable to reduce or avoid these costs and risks.
REFERENCES:
patent: 5774660 (1998-06-01), Brendel et al.
patent: 5838682 (1998-11-01), Dekelbaum et al.
patent: 5950172 (1999-09-01), Klingman
patent: 5960177 (1999-09-01), Tanno
patent: 5987132 (1999-11-01), Rowney
patent: 5996076 (1999-11-01), Rowney et al.
patent: 6002767 (1999-12-01), Kramer
patent: 6012100 (2000-01-01), Frailong et al.
patent: 6073172 (2000-06-01), Frailong et al.
patent: 6098108 (2000-08-01), Sridhar et al.
patent: 6308213 (2001-10-01), Valencia
patent: 6477578 (2002-11-01), Mhoon
patent: 6477579 (2002-11-01), Kunkel et al.
patent: 6510523 (2003-01-01), Perlman et al.
Hypertext Transfer Protocol —HTTP/1.1, www.ietf.org//rfc/rfc2616.txt, R. Fielding et al.; The Internet Society, Jun. 1999, pp. 1-155.
Enabling Secure Virtual Private Networks Over the Internet, white paper No. NP0894.01, Intel Corp., Santa Clara, CA (1998) pp. 1-11.
Classical versus transparent IP proxies, RFC1919, M. Chatel, Network Working Group, Mar. 1996, www.ietf.org//rfc/rfc1919.txt, pp. 1-34.
King David A.
Remer David L.
Remer Eric B.
Delgado M.
Pillsbury & Winthrop LLP
Wiley David
LandOfFree
System and method for communicating over a non-continuous... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for communicating over a non-continuous..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for communicating over a non-continuous... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3011282