US2009044261A1PendingUtilityA1

System and method for secure dual channel communication through a firewall

47
Assignee: STERLING COMMERCE INCPriority: Sep 5, 2000Filed: Oct 10, 2008Published: Feb 12, 2009
Est. expirySep 5, 2020(expired)· nominal 20-yr term from priority
H04L 61/2564H04L 61/2514H04L 61/2517H04L 63/029H04L 63/166H04L 67/06
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A server including a dual channel communications module operable to establish a communication session between the server and a client is provided. The server may be operable to receive a dual channel communication packet from the client. In a particular embodiment, the dual channel communication packet may include a header in a data payload. The header includes a client external IP address, and the data payload includes an encoded port command having a client internal IP address and a client data port number. A codec operable to decode the port command may also be provided. The server may also include a translation module for retrieving the client external IP address from the header. In a particular embodiment, the server is operable to establish data channel coordinates including the client external IP address, the client data port number, a server internal IP address and a server data port number.

Claims

exact text as granted — not AI-modified
1 . A server comprising:
 a communications module operable to receive a dual communication packet from the client over a first channel, the dual communication packet including a header having a client external IP address and a data payload having an encoded port command having a client internal IP address and a client data port number;   a codec operable to decode the port command;   a translation module operable to retrieve the client external IP address from the header and to generate a modified port command including the external IP address; and   the server operable to establish a second channel based on the modified port command.   
     
     
         2 . The server of  claim 1 , further comprising a packet filtering server firewall. 
     
     
         3 . The server of  claim 2 , further comprising a network address associated with the server firewall, the network address translator operable to include a static network address translation entry for each of the client and the server. 
     
     
         4 . The server of  claim 1 , further comprising a file transfer protocol (FTP) communication module wherein the communication session between the server and the client over the second channel is conducted in secure FTP. 
     
     
         5 . The server of  claim 1 , wherein the codec is operable to decode based on secure socket layer (SSL) encryption technology. 
     
     
         6 . A client, comprising:
 a communications module operable to receive a communication packet from the server over a first channel, the dual communication packet including a header having a server external IP address and a data payload having an encoded port command having a server internal IP address and a server data port number;   a codec operable to decode the port command;   a translation module operable to retrieve the server external IP address from the header and to generate a modified port command including the external IP addresses; and   the server operable to establish a second channel based on the modified port command.   
     
     
         7 . The client of  claim 6 , further comprising a packet filtering client firewall. 
     
     
         8 . The client of  claim 2 , further comprising a network address translator associated with the client firewall, the network address translator operable to include a static network address translation entry for each of the client and the server. 
     
     
         9 . The client of  claim 6 , further comprising a file transfer protocol (FTP) communication module wherein the communication session between the server and the client over the second channel is conducted in secure FTP. 
     
     
         10 . The client of  claim 6 , wherein the codec is operable to decode based on secure socket layer (SSL) encryption technology. 
     
     
         11 . A method for establishing a data socket between first and second peers, comprising:
 receiving an IP Packet from the first peer, the IP packet including a header and a port command;   the header including a first peer IP address and the port command including an encoded second peer IP address;   decoding the encoded second peer IP address; retrieving the first peer IP address from the header;   generating a modified port command including the first peer address in place of the second peer IP address; and   using the modified port command to establish a data socket between the first and second peers.   
     
     
         12 - 20 . (canceled) 
     
     
         21 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.