US2005235346A1PendingUtilityA1

Method for transparently forming a connection to an element of a private network over an IP-compliant network

51
Assignee: COLEY CHRISTOPHER DPriority: Feb 6, 1996Filed: Mar 2, 2005Published: Oct 20, 2005
Est. expiryFeb 6, 2016(expired)· nominal 20-yr term from priority
H04L 63/0281H04L 69/16H04L 63/1458G06Q 20/027H04L 63/0263H04L 63/02H04L 63/083H04L 63/18H04L 9/40H04L 63/0807H04L 63/0227
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Methods and apparatus for transparently forming a connection to an element of a private network over an IP-compliant network are disclosed. In disclosed embodiments, network devices such as firewalls are disclosed that are configured to receive an access request from an external user over the IP-compliant network to access the private network element and assign a proxy agent process said access request. The proxy agent then determines whether the external user is authorized to access the private network element. If the user is authorized, then the proxy agent forms a connection to the private network element on behalf of the external user such that the network device appears as the source of the connection to the external user.

Claims

exact text as granted — not AI-modified
1 . A method for transparently forming a connection to an element of a private network over an IP-compliant network comprising: 
 receiving an access request from an external user over the IP-compliant network to access the private network element;    assigning a proxy agent operable within said firewall to process said access request;    determining, by said proxy agent, whether said external user is authorized to access said private network element;    if said user is authorized to access said private network element, then forming, by said proxy agent, a connection to said private network element on behalf of said external user; and    wherein said firewall appears as the source of the connection to said external user.    
   
   
       2 . The method of  claim 1 , wherein said act of determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.  
   
   
       3 . The method of  claim 2 , further comprising the act of performing additional verification checks on suspect addresses.  
   
   
       4 . The method of  claim 3 , further comprising the act of performing additional verification based on the suspect addresses' port designation.  
   
   
       5 . The method of  claim 1 , further comprising the act of maintaining a transaction log containing information regarding incoming requests.  
   
   
       6 . A network device for transparently forming a connection to an element of a private network over an IP-compliant network comprising: 
 a network device disposed between the IP-compliant network and the element of the private network, said network device configured to:    receive an access request from an external user to access the private network element;    assign a proxy agent to process said access request; and    the proxy agent being configured to determine whether said external user is authorized to access said private network element and form a connection to said private network element on behalf of said external user if said user is authorized to access said private network element; and    wherein said device appears as the source of the connection to said external user.    
   
   
       7 . The device of  claim 6 , wherein said device is further configured to compare the source address of said access request against a list of addresses.  
   
   
       8 . The device of  claim 7 , wherein said device is further configured to perform additional verification checks on suspect addresses.  
   
   
       9 . The device of  claim 8 , wherein said device is further configured to perform additional verification based on the suspect addresses' port designation.  
   
   
       10 . The device of  claim 6 , wherein said device is further configured to maintain a transaction log containing information regarding incoming requests.  
   
   
       11 . An apparatus for transparently forming a connection to an element of a private network over an IP-compliant network comprising: 
 means for receiving an access request from an external user over the IP-compliant network to access the private network element;    means for assigning a proxy agent operable within said apparatus to process said access request;    means for determining, by said proxy agent, whether said external user is authorized to access said private network element;    means for forming a connection to said private network element on behalf of said external user if said user is authorized to access said private network element; and    wherein said apparatus appears as the source of the connection to said external user.    
   
   
       12 . The method of  claim 11 , further comprising means for determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.  
   
   
       13 . The method of  claim 12 , further comprising means for performing additional verification checks on suspect addresses.  
   
   
       14 . The method of  claim 13 , further comprising means for performing additional verification based on the suspect addresses' port designation.  
   
   
       15 . The method of  claim 11 , further comprising means for maintaining a transaction log containing information regarding incoming requests.  
   
   
       16 . A computer-readable device containing a set of computer instructions to perform a method for transparently forming a connection to an element of a private network over an IP-compliant network, the method comprising: 
 receiving an access request from an external user over the IP-compliant network to access the private network element;    assigning a proxy agent operable within said firewall to process said access request;    determining, by said proxy agent, whether said external user is authorized to access said private network element;    if said user is authorized to access said private network element, then forming, by said proxy agent, a connection to said private network element on behalf of said external user; and    wherein said firewall appears as the source of the connection to said external user.    
   
   
       17 . The device of  claim 16 , wherein said act of determining whether said external user is authorized to access said private network element further comprises comparing the source address of said access request against a list of addresses.  
   
   
       18 . The device of  claim 17 , said method further comprising the act of performing additional verification checks on suspect addresses.  
   
   
       19 . The device of  claim 18 , said method further comprising the act of performing additional verification based on the suspect addresses' port designation.  
   
   
       20 . The device of  claim 16 , said method further comprising the act of maintaining a transaction log containing information regarding incoming requests.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.