Secure Network Communication System and Method
Abstract
A secure network communication system and method for secure data exchange using transmission control protocol are disclosed. The system provides for data exchange using between a client and a server, by way of an agent and a broker interconnected to exchange data over an unsecured network link. Upon receipt of a control packet from the client, the broker forwards a modified control packet to the agent using a secure protocol. The agent then inspects the modified control packet and forwards it to the server. Upon receipt of a response packet from the server, the agent forwards the response packet to the broker using a secure protocol and upon receipt of the response packet, the agent modifies the response packet and forwards it to the client. In the case that the exchange of control packets indicates establishment of a TCP session, the agent and the broker establish a data channel between themselves to create a transparent TCP channel between the client and the server.
Claims
exact text as granted — not AI-modified1 . A data transmission system for secure data exchange using transmission control protocol between a client and a server, the system comprising an agent and a broker connected to exchange data over an unsecured network link, in which:
upon receipt of a TCP control packet from the client over a secure network, the broker is operative to forward a modified TCP control packet to the agent using a secure protocol; the agent is operative to inspect a modified control packet received from the broker and to forward it to the server; upon receipt of a TCP response packet from the server, the agent is operative to forward the response packet to the broker using a secure protocol; and upon receipt of a TCP response packet from the agent, the broker is operative to modify the response packet and to forward it to the client; wherein in the case that an exchange of TCP control packets indicates establishment of a TCP session, the broker and the agent are operative to establish a data channel between themselves to create a transparent TCP channel between the client and the server.
2 . A data transmission system according to claim 1 in which the client is connected to the broker for exchange of data over a secured network.
3 . A data transmission system according to claim 2 in which the secured network is connected to the unsecured network by one or more of a firewall, a proxy or a network address translation (NAT) device.
4 . A data transmission system according to claim 1 in which the secure protocol is a transport layer security (TLS) protocol having a connection made over the TCP port 443 .
5 . (canceled)
6 . A data transmission system according to claim 4 in which the TLS connection is made over a local proxy.
7 . A data transmission system according to claim 6 in which the local proxy uses the HTTP CONNECT protocol.
8 . A data transmission system according to claim 1 in which the control packet is a TCP SYN packet or a TCP ACK packet and the response packet is a TCP SYN ACK or a TCP RST ACK packet.
9 . (canceled)
10 . A data transmission system according to claim 1 in which the control packet and the response packet are Internet control message protocol packets.
11 . A data transmission system according to claim 1 in which the broker is operative to apply rules to determine whether or not a TCP control packet is forwarded to the agent.
12 . A data transmission system according to claim 11 in which the rules specify whether a TCP control packet should be forwarded based upon one or more of the originator of the packet, the target address of the packet, and the target port number of the packet.
13 . A data transmission system according to claim 1 operative to service multiple virtual networks through a client access network that is responsible for managing client access.
14 . (canceled)
15 . A data transmission system according to claim 13 in which the client access network uses one or both of standard AAA (Authorisation, Authentication and Accounting) and VPN services.
16 . A data transmission method for secure data exchange using transmission control protocol between a client and a server, using a broker and an agent connected to exchange data over an unsecured network link, in which:
upon receipt of a TCP control packet from the client, the broker forwards a modified control packet to the agent using a secure protocol; the agent inspects the modified TCP control packet and forwards it to the server; upon receipt of a TCP response packet from the server, the agent forwards the TCP response packet to the broker using a secure protocol; and upon receipt of the TCP response packet, the broker modifies the TCP response packet and forwards it to the client; wherein in the case that the exchange of TCP control packets indicates establishment of a TCP session, the agent and the broker establish a data channel between themselves to create a transparent TCP channel between the client and the server.
17 . A data transmission method according to claim 16 in which the client is connected to the broker for exchange of data over a secured network.
18 . A data transmission method according to claim 17 in which the secured network is connected to the unsecured network by one or more of a firewall, a proxy or a network address translation (NAT) device.
19 . A data transmission method according to claim 16 in which the secure protocol is a transport layer security (TLS) protocol having a connection made over the TCP port 443 .
20 . (canceled)
21 . A data transmission method according to claim 19 in which the TLS connection is made over a local proxy.
22 . A data transmission method according to claim 21 in which the local proxy uses the HTTP CONNECT protocol.
23 . A data transmission method according to claim 16 in which the TCP control packet is a TCP SYN packet or a TCP ACK packet and the TCP response packet is a TCP SYN ACK or a TCP RST ACK packet.
24 . (canceled)
25 . A data transmission method according to claim 16 in which the TCP control packet and the response packet are Internet control message protocol packets.
26 . A data transmission method according to claim 16 in which the broker applies rules to determine whether or not the TCP control packet is forwarded to the agent.
27 . A data transmission method according to claim 26 in which the rules specify whether a the TCP control packet should be forwarded based upon one or more of the originator of the packet, the target address of the packet, and the target port number of the packet.
28 . A data transmission method according to claim 16 operative to service multiple virtual networks through a client access network.
29 . A data transmission method according to claim 28 in which the client access network is responsible for managing client access.
30 . A data transmission method according to claim 29 in which the client access network uses one or both of standard AAA (Authorisation, Authentication and Accounting) and VPN (virtual private networking) services.Join the waitlist — get patent alerts
Track US2009106830A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.