System and method for automatically initiating and dynamically establishing secure internet connections between a fire-walled server and a fire-walled client

Abstract

A system and method for automatically and dynamically initiating and establishing secure connections between a Server and a Client using a session control server (SCS). Both the Server and the Client are connected to an untrusted network (such as the Internet) through a Network Address Translator or Translation (NAT) router or a firewall. The SCS, independently trusted by both the Server and the Client, brokers the required connection parameters to establish a secure connection between the Server and the Client. The system and method does not require any user configuration on the Client and eliminates the need for the Server to accept explicit connection requests or packets from the Client, thereby allowing the Server firewall to always remain closed to all inbound traffic.

Description

RELATED APPLICATION [0001] This application claims priority to U.S. Provisional patent application No. 60 / 561,806 filed Apr. 12, 2004 which is incorporated herein by reference in its entirety.FIELD OF THE INVENTION [0002] The present invention relates to the field of computer networking and network security. More specifically it relates to a method automatically and dynamically initiating and establishing secure connections between a computer (i.e., Server) and a plurality of computers (i.e., clients), each of which is behind a Network Address Translator router and / or firewall. BACKGROUND OF THE INVENTION [0003] The Internet continues undergoing rapid expansion in the numbers of connected computers and it is estimated that the trend towards widely available wireless connectivity and portable computing devices will increase exponentially the number of new computers that connect each day. This rapid expansion has increased radically the need for protecting computers from unauthorized ...

AI Technical Summary

Benefits of technology

[0010] In accordance with an embodiment of the present invention, the method and system automatically and dynamically initiates and establishes connections, preferably secured connections, between a server and a fire-walled client device (Client), both connected to an untrusted network (such as the Internet) through a Network Address Translator or Translation (NAT) router or a firewall. The secure connections of present invention are initiated and established without requiring any user configuration on the Client and without accepting any explicit connection request and/or packets from the Client by the Server, thereby advantageously allowing the Server firewall to always remain closed to all inbound traffic.

[0011] The present invention enables the creation of dynamically instantiated virtual point to point network connections over the Internet to securely connect Servers and Clients on demand, thereby advantag

Problems solved by technology

This rapid expansion has increased radically the need for protecting computers from unauthorized access and has already started causing a number of scalability problems for the Internet network itself.

The practical limit however, is much lower, due to inefficiencies in how IP addresses are allocated and routed.

As such, IPv4 does not provide sufficient unique addresses for the current expansion of the Internet.

However, this is a problem for applications that require Servers to securely connect to Clients, through incoming connections going through their NAT routers, such as file sharing, games applications, video conferencing, voice-over-IP internet telephony or for secure access to computer servers that do not allow clients to directly connect to them from the internet.

When one of these computers is behind a NAT ro

Images