A system that provides a secured connection between servers on the lan and clients on the WAN comprises the lan (which includes lan server and lan controller) and the dmz (which includes dmz server and dmz Stack Pool Service). Wherein the client request reaches the dmz server it stores it in the dmz Stack Pool Service and the lan controller establishes outbound TCP based connection to the dmz Stack Pool Service that passes the client connection Information to the lan server via the lan controller. Then the lan server then generates a connection between the Service and dmz server.

PTO Wrapper PDF
Dossier Espace Google
Patent
   RE50113
Priority
Feb 19 2012
Filed
Apr 02 2020
Issued
Sep 03 2024
Expiry
Feb 13 2033
Inventors
Mizhar, Am…
Assg.orig
RSACCESS L…
Assg.curr
NETNUT LTD
Entity
Small
Referenced by
0
References
13
Maint.:
currently ok
0. 13. A method for reverse access, said method comprising:
storing requests received from a client in a De-Militarized Zone (dmz) Stack Pool Service at a TCP/IP level using a TCP/IP level-based protocol, wherein said dmz Stack Pool Service is executing on a device in a dmz;
checking, at the TCP/IP level, said dmz Stack Pool Service for existence of said requests, wherein said checking is performed by a local area network (lan) controller located in a lan;
establishing an outbound connection from a lan server of said lan and routing by a dmz server, client request data, responsive to said requests, to said client;
wherein said storing and routing occurs at the TCP/IP level using a TCP/IP level-based protocol and said dmz server does not change data of said requests; and
wherein said method requires no administrative management of the lan server after initial installation and configuration.
3. A method for reverse access, said method comprising:
storing requests received from a client, wherein said requests are stored in a De-Militarized zone Zone (dmz) Stack Pool Service at the a TCP/IP level using a TCP/IP protocol, wherein said dmz Stack Pool Service is located executing on a device in a De-Militarized Zone dmz;
checking, at the TCP/IP level, said dmz Stack Pool Service for existence of said requests, wherein said checking is performed by a local area network (lan) controller located in a lan; and
receiving said requests establishing an outbound connection from a lan server of said lan and routing said requests client request data, responsive to said requests, by a dmz server to said client;
wherein said storing and routing occurs at the TCP/IP level using the TCP/IP protocol and said storing and routing dmz server does not change data of said requests; and
wherein said method requires no administrative management of the lan server after initial installation and configuration.
0. 14. A system for reverse access, said system comprising:
a De-Militarized Zone (dmz) Stack Pool Service executing on a device so that the dmz Stack Pool Service is located in a dmz, the dmz Stack Pool Service being configured to store requests received from a client, wherein said requests are stored at a TCP/IP level;
a local area network (lan) controller located in a lan, the lan controller being configured to check for existence of the requests in said dmz Stack Pool Service, wherein said checking is performed at the TCP/IP level; and
a dmz server configured to receive said requests from a lan server of said lan, and, responsive to the requests, to stream client request data, to said client, wherein the receiving and streaming by said dmz server occurs at the TCP/IP level;
wherein said dmz server does not change the data of said requests and the system requires no administrative management after initial installation and configuration.
1. A system for reverse access, said system comprising:
a De-Militarized Zone (dmz) Stack Pool Service executing on a device so that the dmz Stack Pool Service is located in a De-Militarized Zone dmz, the dmz Stack Pool Service being arranged configured to store requests received from a client, wherein said requests are stored at the a TCP/IP level using a TCP/IP protocol;
a local area network (lan) controller located in a lan, the lan controller being configured to check for existence of the requests in said dmz Stack Pool Service of said requests, wherein said checking is performed at the TCP/IP level and said lan controller is located in a lan; and
a dmz server configured to receive said requests from a lan server of said lan, and, responsive to the requests, to route said requests stream client request data, to said client, wherein the receiving and routing streaming by said dmz server occurs at the TCP/IP level using the TCP/IP protocol;
wherein said dmz Stack Pool Service, said lan controller, and said dmz server do does not change the data of said requests and the system requires no administrative management after initial installation and configuration.
2. The system of claim 1, wherein computer programs and sensitive data of said lan server reside only in the lan.
4. The method of claim 3, wherein computer programs and sensitive data of said lan server, reside only in the lan.
0. 5. The method of claim 3, wherein the client request data is routed over the outbound connection.
0. 6. The method of claim 3, further comprising:
establishing a connection from the lan server to a destination service in the lan that supplies the client request data, wherein the client request data is initially transmitted from a destination service in the lan that supplies the client request data and is thereafter routed over the outbound connection.
0. 7. The method of claim 3, further comprising:
establishing a connection from the lan server to a destination service in the lan that supplies the client request data; and
binding the connection from the lan server to the destination service in the lan that supplies the client request data to the outbound connection.
0. 8. The method of claim 7, wherein the connection from the lan server to the destination service in the lan is established at a TCP/IP level to use a TCP/IP protocol.
0. 9. The method of claim 3, wherein the outbound connection is established to a dmz server.
0. 10. The method of claim 9, wherein the outbound connection is further established at a TCP/IP level to use a TCP/IP protocol.
0. 11. The method of claim 9, wherein the outbound connection is bound by the dmz server to one of the requests stored in the dmz Stack Pool Service.
0. 12. The system of claim 1, wherein using the TCP/IP protocol comprises using information associated with the TCP/IP protocol.

5For the sake of clarity and for simplifying the explanation of the System, the following terms are used: WAN: Wide Area Network (10); DMZ: De-5 Militarized Zone (20); LAN: Local Area Network (30); LAN Server: Server running in the LAN (31); DMZ Server: Server running in the DMZ (21); DMZ Stack Pool Service: Stores and handles Client's Requests (22) in the DMZ; Client Request: HTTP/HTTPS (Web browser)/

SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS, and any other TCP/IP based protocols; 10 Client Connection Information: IP-address/Port number of the relevant destination service inside the LAN; LAN Controller: a controller running in the LAN that manages the Client Connection Information (32); Connection Binder: Handshake between two TCP/IP sockets; Service: HTTP/HTTPS (Web Server)/SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS, and any other TCP/IP 15 based services.

For the sake of clarity and for simplifying the explanation of the System, the following terms are used: WAN: Wide Area Network (10); DMZ: De-Militarized Zone (20); LAN: Local Area Network (30); LAN Server: Server running in the LAN (31); DMZ Server: Server running in the DMZ (21); DMZ Stack Pool Service: Stores and handles Client's Requests (22) in the DMZ; Client Request: HTTP/HTTPS (Web browser)/SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS, and any other TCP/IP based protocols; Client Connection Information: IP-address/Port number of the relevant destination service inside the LAN; LAN Controller: a controller running in the LAN that manages the Client Connection Information (32); Connection Binder: Handshake between two TCP/IP sockets; Service: HTTP/HTTPS (Web Server)/SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS, and any other TCP/IP based services.

The objective of this invention is to provide a secured connection between servers in the LAN and the clients in the WAN.

FIG. 1 describes the main components of the System. The LAN (30) includes the Service (33), the LAN Server (31) and the LAN Controller (32); The DMZ (20) includes the DMZ Server (21), the DMZ Stack Pool Service (22); and the WAN (10) that by its nature includes the clients and the ‘outside’ world. In addition, FIG. 1 describes the connections between the System components.

The connections between the System components will be described while 10 describing the System flow. The connection flow of the System is as follow follows:

First step: The Client Request (of the client (11)) reaches the DMZ Server (21). Second step: The DMZ Server (21) stores the Client Request in the DMZ Stack Pool Service (22). Third step: The LAN Controller (32) establishes outbound 15 TCP based connection (41) to the DMZ Stack Pool Service (22). One of the innovative aspects of the System is that the LAN Controller (32) constantly, and/or on a predefined set of time basis, checks for Client Requests stored in the DMZ Stack Pool Service (22). Fourth step: The DMZ Stack Pool Service (22) then passes the Client Connection Information, to the LAN Server (31) via 20 the LAN Controller (32).

The Fifth step: The LAN Server (31) then generates two TCP/IP connections: One connection is to the Service (33), which is the destination service, based on 5 the Client Connection Information. The second connection is an outbound connection (42) to the DMZ Server (21). In addition the LAN Server (31) creates a Connection Binder in the LAN Server between the Service (33) and the outbound connection (42). The Sixth step: The DMZ Server (21) then creates a Connection Binder in the DMZ Server between the incoming Client 10 Request (that is stored in the DMZ Stack Pool Service (22)) and the outbound connection (42) arriving from the LAN Server (31), and by that completes the route of the Client Request.

Once the Connection Binder, in the DMZ Server, binds the Client Request and 15 the outbound connection (42) arriving from the LAN Server, the Client Request is then streamed through the DMZ Server and the LAN Server over the System, and then the client request data (50) streams from the Service (33) to the Client (11). In other words, client request data (50) is able to stream from the Service (33) to the Client (11) as a result of the net effect of the establishment of the two TCP/IP connections by the LAN server and the two connection binders.

In accordance with this invention as described above, no administrative management is required in the LAN Server (31) to establish or maintain 5 communications after it is initially installed and configured on the LAN (30) and on the DMZ (20). The LAN Controller (32) permanently or periodically queries the DMZ Stack Pool Service (22) for incoming Client Requests. The DMZ Server (20) will accept all Client Requests and route them to the LAN-Server (31), without changing the data that the Client Requests contains. For 10 example, if a Client Request uses the HTTPS connection protocol, then the HTTPS connection protocol will be transmitted over the System, as with any other common protocols such as SSH/SFTP/FTP/FTPS/RDP/SMTP/TLS/ or any other TCP/IP based protocols.

INVENTORS:

Mizhar, Amir

THIS PATENT IS REFERENCED BY THESE PATENTS:
Patent Priority Assignee Title
THIS PATENT REFERENCES THESE PATENTS:
Patent Priority Assignee Title
6470386, Sep 26 1997 Verizon Patent and Licensing Inc Integrated proxy interface for web based telecommunications management tools
7181493, Dec 23 2003 Unisys Corporation Platform independent model-based framework for exchanging information in the justice system
7707628, Aug 04 2004 Fuji Xerox Co., Ltd. Network system, internal server, terminal device, storage medium and packet relay method
20030204613,
20050240994,
20060031929,
20060200547,
20070050843,
20090064307,
20100131616,
CN1731786,
EP1324565,
EP2031817,
ASSIGNMENT RECORDS    Assignment records on the USPTO
////
Executed onAssignorAssigneeConveyanceFrameReelDoc
Aug 18 2014MIZHAR, AMIRRSACCESS LTDASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0676310606 pdf
Sep 06 2017RSACCESS LTDSAFE-T DATA A R LTD MERGER SEE DOCUMENT FOR DETAILS 0676370114 pdf
Apr 02 2020NetNut, Ltd.(assignment on the face of the patent)
Dec 31 2022SAFE-T DATA A R LTD NETNUT LTD ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS 0626030014 pdf
MAINTENANCE FEES AND DATES:    Maintenance records on the USPTO
Date Maintenance Fee Events
Apr 02 2020BIG: Entity status set to Undiscounted (note the period is included in the code).
Apr 02 2020SMAL: Entity status set to Small.


Date Maintenance Schedule
Sep 03 20274 years fee payment window open
Mar 03 20286 months grace period start (w surcharge)
Sep 03 2028patent expiry (for year 4)
Sep 03 20302 years to revive unintentionally abandoned end. (for year 4)
Sep 03 20318 years fee payment window open
Mar 03 20326 months grace period start (w surcharge)
Sep 03 2032patent expiry (for year 8)
Sep 03 20342 years to revive unintentionally abandoned end. (for year 8)
Sep 03 203512 years fee payment window open
Mar 03 20366 months grace period start (w surcharge)
Sep 03 2036patent expiry (for year 12)
Sep 03 20382 years to revive unintentionally abandoned end. (for year 12)