Transparent and secure network gateway

5 downloads 4470 Views 1MB Size Report
Jul 14, 1998 - The intercepted packet is diverted to a proxy server. ' ' ' ' ' ' ' ' ' operating in .... an 1P address 16 of a host C broadcasts the address IC over the.
USOO5781550A

United States Patent [191

[11] Patent Number: {45] Date of Patent:

Templin et a]. [54]

TRANSPARENT AND SECURE NETWORK

5,657,452

GATEWAY

5,781,550 Jul. 14, 1998

8/1997 Kralowetz ........................ .. 395/200.57

OTHER PUBLICATIONS

[75] Inventors: Fred L. Templin. L08 films; Ajay

Bellovin & Chesick. “Ntework Firewalls.” [EEE Commu

g‘lpta; Gzrgolyag-o?|El;ll]l;l‘~l;)°lh 0f ountain iew. ' .; ernlot

nications Mag. vol. 32. No. 9. pp. 50-57. Sep. 1994.

Matthew Tynan Galway_ Ireland

Primary Examiner—Douglas W. Olms Assistant Examiner-Matthew C. Phillips

[73] Assignee: Digital Equipment Corporation.

Attorney, Agent» 0' Firm—Di-Yk Bfinkman [57] ABSTRACT

Maynard. Mass.

[21] Appl. No; 594,632 ' [22] Fllcd: Feb‘ 2’ 1996 [51] Int. GL6 ................................................... ..

In a computer implemented method. packets are transpar ently and securely communicated between a trusted com

puter and an untrusted computer connected by a gateway. H04L 12/56

Each Pack“ including a source address‘ a destination

37o/401_ 395118701

address and a payload. The gateway. according to rules

"""""""""""" " 3’70/4014b5 [53] Fi' I'd ot'. e “370903 915 315: 395,187 o‘l 186 206 02 ‘200 (‘)6 26012’ 20014‘ 26016‘ ZOO'U‘ 200‘55‘ 2O0'57‘ 2 5 2O 5 206 200' 67‘ 206 7

stored in a con?guration database. intercepts a packet received in an Internet protocol layer of the gateway. The

Us Cl

'



'



'



'

'



Refemnces Cited

[56]

packet has a source address of the trusted computer. a destination address of the untrusted computer and a first payload. The intercepted packet is diverted to a proxy server operating in an application protocol layer of the gateway.

The intercepted packet is consumed by the proxy server. and the proxy server generates a second packet having a source

U.S. PATENT DOCUMENTS

address of the gateway and the destination address of the

untrusted computer and the ?rst payload. The second packet is sent to the untrusted computer to enable the trusted

5’442’633

8/1995

computer to communicate with the untrusted computer

5,548,646

8/1996

“surely

5,550,984 5,623,601

4/1997 8/1996 Vu .................................... .. 395/187.01

15 Claims, 5 Drawing Sheets

{ 50!

f 502

A ——v C

B ———> C

300

'50 N

HOST A

GATEWAY

C ——> A

s04

HOST C

C ——> B

750?,

'60

US. Patent

Jul. 14, 1998

Sheet 1 of 5

5,781,550

Ow

0.5 : ON. N9

VEOPCMZ

/\

0 m NMN

/

5m

m2520

6. ,

02\

HvEoFEz \\\o: _

.LNmw/?m

om __

an.3mK2.9“.

\