WO1998032077A1 - Method for connecting multiple heterogeneous computers to public networks using a single physical connection - Google Patents

Method for connecting multiple heterogeneous computers to public networks using a single physical connection Download PDF

Info

Publication number
WO1998032077A1
WO1998032077A1 PCT/US1998/001248 US9801248W WO9832077A1 WO 1998032077 A1 WO1998032077 A1 WO 1998032077A1 US 9801248 W US9801248 W US 9801248W WO 9832077 A1 WO9832077 A1 WO 9832077A1
Authority
WO
WIPO (PCT)
Prior art keywords
computers
public network
network
computer
physical connection
Prior art date
Application number
PCT/US1998/001248
Other languages
French (fr)
Inventor
Bruce Cornett
Mike Harding
Original Assignee
Bruce Cornett
Mike Harding
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bruce Cornett, Mike Harding filed Critical Bruce Cornett
Priority to AU62471/98A priority Critical patent/AU6247198A/en
Publication of WO1998032077A1 publication Critical patent/WO1998032077A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/104Grouping of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/289Intermediate processing functionally located close to the data consumer application, e.g. in same machine, in same home or in same sub-network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/564Enhancement of application control based on intercepted application data

Definitions

  • This invention relates to computer inter-networking, specifically a method of connecting multiple heterogeneous computers configured as a local area network (LAN) to a public network using one physical connection.
  • LAN local area network
  • the current state of the art consists of using data packet routing as the interconnection between two or more networks .
  • This method uses the Network layer in the OSI model as the driver in determining actions. Indeed, there are at least a dozen hardware devices and nearly as many software solutions to this problem in available today. Two methods exist for connecting multiple computers to public networks, leased line solutions and multiple access solutions. Both of these methods rely on data packet routing for communications. There are over 130 prior art references related to data packet routing listed under US Patent Class 395/200.15.
  • the typical data packet routing solution for connecting multiple heterogeneous computers to a public network involves procuring some sort of physical connection, most often a leased line of 56kb bandwidth or higher.
  • This solution uses a data packet router as the interface between the LAN and the public network. Additionally, most entities using this method of inter-connection install and maintain some sort of security mechanism most often a firewall.
  • Data packet routing also requires a knowledgeable technician to install, configure, and maintain each device and oversee the interaction of all nodes on the network for proper performance and configuration. It is very demanding work to keep the LAN and the public network as discreet entities using data packet routing, though it can be accomplished. This is an expensive and time-consuming process.
  • data packet routing evaluates each data packet and then sends it to the appropriate destination. This method is ineffective for handling requests since a data request consists of many individual packets. It is unrealistic and very difficult to use a data packet routing method to evaluate requests as a resul .
  • Using data packet routing for a small number of computers is not cost effective today due to its complexity, the cost of the components, and the need for skilled technicians to design, install, configure, and maintain this method of connecting multiple heterogeneous computers to public networks.
  • FIG. 1 shows the OSI Model with associated layers.
  • FIGS. 2 and 3 show a network topology that represents the current methods for connecting LANs to a public network.
  • FIG. 4 shows a network topology that represents the new method for connecting LANs to a public network.
  • FIG. 5 shows a flow chart detailing the method.
  • FIGS. 6, 7, 8, 9,10, and 11 show a network topology that demonstrates the method contained in the ARR computer program using a single physical connection to a public network.
  • FIG. 12 shows a network topology that demonstrates the method contained in the ARR computer program to deny requests originating from a computer outside the LAN.
  • FIG. 13 shows a flow chart detailing the components of the ARR computer program.
  • a method of connecting a plurality of heterogeneous computers, each capable of running an application program, to a public network using one physical connection this method consists of a LAN, capable of communicating via TCP/IP protocol, with one computer running the application request relay (ARR) computer program, and a physical connection from the computer running the ARR computer program to the public network.
  • the physical connection may be a dial up modem connecting over the public telephone network, a wireless connection, ISDN, or leased lines, but is not limited to these connections.
  • Applications needing network services on any computer on the LAN are configured to send requests for network services to the computer running the ARR software.
  • the ARR software communicates the request to the public network and returns the result to the requesting computer on the LAN.
  • the present invention provides a method for filtering content from the public network to computers of aforesaid LAN, by providing a filter to evaluate requests from computers on the LAN and allow or deny such requests as appropriate. Further, said filter evaluates content of requests returned from the public network to the ARR software and may allow or deny such content as appropriate.
  • the present invention provides a method for secure data transmission between computers of aforesaid LAN and computers external to the LAN, through the public network, by providing a security mechanism to evaluate the identification of computers sending requests to the ARR software.
  • the security mechanism evaluates requests returned from the public network to the ARR software and may allow or deny such requests as appropriate .
  • application request relay - a mechanism for evaluating and fulfilling requests (logical groups of data packets) from point to point using the Application layer of the Open Systems Interconnection (OSI) Model.
  • OSI Open Systems Interconnection
  • content - information contained in an internet resource such as a "web page " .
  • data packet - a small piece of digital information encapsulated with routing information to denote origin and destination.
  • firewall - a device (computer/router) that uses data packet filtering to determine if a particular data packet should be allowed to transit between two or more computer networks . This is the primary method used to provide security to LANs/WANs attached to public networks.
  • Java virtual machine the part of the Java runtime environment responsible for interpreting Java bytecodes
  • LAN local area network
  • network - a group of computers physically connected to one another using some established protocol (e.g. TCP/IP) to communicate amongst themselves.
  • some established protocol e.g. TCP/IP
  • node - a computer or device physically connected to a network.
  • OSI open systems interconnection
  • TCP/IP computer network communication protocols
  • public network a group of networks connected to one another that exist for public access to resources available in the connected networks. These networks share a common communication protocol (e.g. TCP/IP) and use routing to send data packets from point to point on the network.
  • TCP/IP Transmission Control Protocol/IP
  • the "Internet" is one example of a public network. requests - logical groups of data packets (this may be content or other information as may be requested by a computer connected to a LAN)
  • TCP/IP transmission control protocol/internet protocol
  • routing - a mechanism for evaluating data packets for delivery from one node to another on any computer network using the Network layer of the OSI Model.
  • SOHO small office/home office
  • WAN wide area network
  • nodes are physically located in a widely dispersed geographical area and are connected to the same physical network.
  • FIG. 3 shows a typical example of the application of this method is a small office with 5 computers sharing a single modem connection to gain Internet access.
  • Two or more computers configured as a LAN connected to one another by a persistent network connection running the TCP/IP protocol.
  • the computers may be of any manufacture, architecture, or origin with the proviso that a Java virtual machine is available for the one computer connected to the public network.
  • ARR computer program evaluates the -request.
  • ARR computer program communicates with a public network to fulfill requests on behalf of the nodes on the LAN. 9) ARR computer program communicates results from the requests to the computers on the LAN.
  • the key component in this method is the ARR computer program. It uses application request relay algorithms for passing service requests and answers from the LAN to a public network over the modem. It is important to note that the physical connection/service sharing is entirely software based and requires no special hardware interface and the same ARR computer program will run on virtually all computer systems without modification.
  • the ARR computer program "listens" for requests from the LAN connected computers and connects to the location where the request may be fulfilled.
  • the ARR computer program may work in conjunction with proxy servers or services on the public network.
  • the ARR computer program is not a member of a well-known protocol family. It is a new layer positioned between TCP/IP and any other protocol the request may require .
  • FIGS. 6 through 11 The manner of using the method for connecting multiple heterogeneous computers to a public network using a single physical connection is revealed in FIGS. 6 through 11.
  • the first five (5) steps of the method shown in FIG. 5. must be performed properly prior to actual operation.
  • Steps six (6) through nine (9) are repeated as often as necessary and form the basis of operation.
  • the following procedure clearly highlights the operation of this method using a typical situation in which a computer on the LAN requests a particular web page.
  • a request is made from the computer on the LAN to ARR in FIG. 6.
  • the request is evaluated and the corresponding resource is requested from a public network. During this step, rules or filters regarding the request may be consulted and acted upon by ARR. In FIG. 8. the ARR may fulfill or deny the request using this feature.
  • the results of the request are returned to the initiating computer on the LAN from ARR in FIG. 10.
  • rules or filters regarding the request may be consulted and acted upon by ARR.
  • the ARR may modify, fulfill, or deny the request using this feature.
  • FIG 12 shows that requests originating from a computer outside the LAN will not be fulfilled.
  • the method can be used to connect multiple heterogeneous computers to public networks using a single physical connection in a secure and user friendly manner, using standard hardware and software, while effectively using an entity's resources, providing this capability in a very economical manner.
  • the application request relay has additional advantages in that • it provides public network access without utilizing data packet routing;
  • the method can be used for implementing an intelligent network content filter, as a basis for electronic commerce, or as a strategy for linking many branch offices together.

Abstract

A system for connecting multiple heterogeneous computers (24) on a network to a public network (34) using a single physical connection (39). The computers (24) on the network are using TCP/IP protocol and an application request relay running on a gateway computer (38). A method of connecting the computers to the public network comprising the steps of: making a connection to the public network through said gateway (38); executing an application request relay program at the gateway computer; applications running on the computers on the network are configured to request for a resource located on the public network through the application request relay; application request relay evaluating the resource request and if it is appropriate based on rules, making the request on behalf of the requesting computer. Request will be accepted or denied according to the rules. Application request relay may allow requests from known computers or deny requests from unknown computers.

Description

METHOD FOR CONNECTING MULTIPLE HETEROGENEOUS COMPUTERS TO PUBLIC ETWORKS USING A SINGLE PHYSICAL CONNECTION.
This application claims priority under 35 U.S. C. § 119(e) from U.S. Provisional Application Number 60/035,630, filed Jan 16, 1997, by applicants Bruce W. Cornett and Michael Harding, entitled METHOD OF TRANSMITTING SENSITIVE MESSAGES ACROSS PUBLIC NETWORKS BETWEEN TRUSTED OR UNTRUSTED TRANSMITTERS AND TRUSTED SERVER, and U.S. Provisional Application Number 60/036,756, filed Jan 27, 1997, by applicants Michael A. Harding and Bruce W. Cornett, entitled METHOD OF CONNECTION MULTIPLE, HETEROGENEOUS COMPUTERS TO PUBLIC NETWORK USING A SINGLE MODEM BASED CONNECTION. The invention description contained in those provisional applications are incorporated by reference into this description.
BACKGROUND OF THE INVENTION - FIELD OF INVESTIGATION
This invention relates to computer inter-networking, specifically a method of connecting multiple heterogeneous computers configured as a local area network (LAN) to a public network using one physical connection.
BACKGROUND OF THE INVENTION - DESCRIPTION OF PRIOR ART
The current state of the art consists of using data packet routing as the interconnection between two or more networks . This method uses the Network layer in the OSI model as the driver in determining actions. Indeed, there are at least a dozen hardware devices and nearly as many software solutions to this problem in available today. Two methods exist for connecting multiple computers to public networks, leased line solutions and multiple access solutions. Both of these methods rely on data packet routing for communications. There are over 130 prior art references related to data packet routing listed under US Patent Class 395/200.15.
The typical data packet routing solution for connecting multiple heterogeneous computers to a public network involves procuring some sort of physical connection, most often a leased line of 56kb bandwidth or higher. This solution uses a data packet router as the interface between the LAN and the public network. Additionally, most entities using this method of inter-connection install and maintain some sort of security mechanism most often a firewall.
This practice of using data packet routing for network interconnection works well but has several disadvantages. The first is that in using data packet routing for access, routing devices must be very specific and have software written specifically for each type and version of device in existence. This is resource intensive and much of the same work is repeated over and over creating an opportunity for operation anomalies to be introduced at each revision for each type and version of device.
Data packet routing also requires a knowledgeable technician to install, configure, and maintain each device and oversee the interaction of all nodes on the network for proper performance and configuration. It is very demanding work to keep the LAN and the public network as discreet entities using data packet routing, though it can be accomplished. This is an expensive and time-consuming process.
Finally, data packet routing evaluates each data packet and then sends it to the appropriate destination. This method is ineffective for handling requests since a data request consists of many individual packets. It is unrealistic and very difficult to use a data packet routing method to evaluate requests as a resul . Using data packet routing for a small number of computers is not cost effective today due to its complexity, the cost of the components, and the need for skilled technicians to design, install, configure, and maintain this method of connecting multiple heterogeneous computers to public networks.
Another more common approach to gain public network access among small groups of heterogeneous computers connected in a LAN is to install a modem on each computer, an additional telephone line for each computer, and procure a public network access account for each computer. While this approach negates the need for a skilled technician, expensive leased line and equipment, and sophisticated maintenance; it does have the following disadvantages.
Since there is no common access point for the computers in the LAN, there is no opportunity to provide consistent protection or enact a security policy for each computer. This can pose a problem for the entity as private resources can be publicly exposed to anyone else on the public network. This is like leaving the door to a store open for any person to walk in, look around, and perhaps leave with whatever items they want without even the storekeeper's knowledge.
Additionally, since there is, in effect, a single connection for each computer in the LAN, an ineffective allocation of resources for the entity is the result. This may be more cost effective than a leased line solution for a small organization, but it is certainly not an ideal solution because each phone line and access account creates additional operating expense and each modem creates additional capital expense for the entity.
Finally, this multiple access solution does not result in a full time connection to the public network. Access is on demand, but not continuous. This is necessarily disadvantageous, as there will be a communication lag when a message arrives and the receiving computer is not connected.
OBJECTS AND ADVANTAGES
Accordingly, several objects and advantages of this invention are:
a) to provide a method which does not require proprietary hardware and is thus device independent;
b) to provide a method which is simple to install, configure, and use;
c) to provide a method which relies on an application request relay computer program rather than data packet routing for communication;
d) to provide a method which utilizes stock components like computers running operating systems from Microsoft, Apple, IBM, etc.;
e) to provide a method which uses a single physical connection over any medium (ISDN, ADSL, cable modem, plain old telephone lines, etc.) as the physical connection to the public network;
f) to provide a method which has a "firewall" effect at the Application layer rather than the Network layer (FIG. 1) ;
g) to provide a method which enables a real time connection to the public network.
Further objects and advantages are to provide a central point of entry for a LAN to the public network, where specific security features may be employed, which does not require a highly skilled technician to enact, is economical, and results in an effective use of resources. Still further objects and advantages will become apparent from a consideration of the ensuing description and drawings . BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows the OSI Model with associated layers.
FIGS. 2 and 3 show a network topology that represents the current methods for connecting LANs to a public network.
FIG. 4 shows a network topology that represents the new method for connecting LANs to a public network.
FIG. 5 shows a flow chart detailing the method.
FIGS. 6, 7, 8, 9,10, and 11 show a network topology that demonstrates the method contained in the ARR computer program using a single physical connection to a public network.
FIG. 12 shows a network topology that demonstrates the method contained in the ARR computer program to deny requests originating from a computer outside the LAN.
FIG. 13 shows a flow chart detailing the components of the ARR computer program.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method of connecting a plurality of heterogeneous computers, each capable of running an application program, to a public network using one physical connection, this method consists of a LAN, capable of communicating via TCP/IP protocol, with one computer running the application request relay (ARR) computer program, and a physical connection from the computer running the ARR computer program to the public network. The physical connection may be a dial up modem connecting over the public telephone network, a wireless connection, ISDN, or leased lines, but is not limited to these connections. Applications needing network services on any computer on the LAN are configured to send requests for network services to the computer running the ARR software. The ARR software communicates the request to the public network and returns the result to the requesting computer on the LAN.
The present invention provides a method for filtering content from the public network to computers of aforesaid LAN, by providing a filter to evaluate requests from computers on the LAN and allow or deny such requests as appropriate. Further, said filter evaluates content of requests returned from the public network to the ARR software and may allow or deny such content as appropriate.
The present invention provides a method for secure data transmission between computers of aforesaid LAN and computers external to the LAN, through the public network, by providing a security mechanism to evaluate the identification of computers sending requests to the ARR software. The security mechanism evaluates requests returned from the public network to the ARR software and may allow or deny such requests as appropriate .
DESCRIPTION OF PRACTICAL APPLICATION Definition Of Technical Terms As Used In This Document
application request relay - a mechanism for evaluating and fulfilling requests (logical groups of data packets) from point to point using the Application layer of the Open Systems Interconnection (OSI) Model.
content - information contained in an internet resource, such as a "web page " . data packet - a small piece of digital information encapsulated with routing information to denote origin and destination.
firewall - a device (computer/router) that uses data packet filtering to determine if a particular data packet should be allowed to transit between two or more computer networks . This is the primary method used to provide security to LANs/WANs attached to public networks.
Java virtual machine - the part of the Java runtime environment responsible for interpreting Java bytecodes
listener - a computer server resource that waits for a client request
local area network (LAN) - a network where all nodes are located in close physical proximity to one another.
network - a group of computers physically connected to one another using some established protocol (e.g. TCP/IP) to communicate amongst themselves.
node - a computer or device physically connected to a network.
open systems interconnection (OSI) model - a layered model used by computer network communication protocols (e.g. TCP/IP). This model breaks each function from physical connection to application into seven "layers" which are inter-dependent.
public network - a group of networks connected to one another that exist for public access to resources available in the connected networks. These networks share a common communication protocol (e.g. TCP/IP) and use routing to send data packets from point to point on the network. The "Internet" is one example of a public network. requests - logical groups of data packets (this may be content or other information as may be requested by a computer connected to a LAN)
transmission control protocol/internet protocol (TCP/IP) - a well known and defined mechanism used by computers and other devices to communicate with one another.
routing - a mechanism for evaluating data packets for delivery from one node to another on any computer network using the Network layer of the OSI Model.
small office/home office (SOHO) - a location consistent with the US Government's definition of a small business with multiple computers configured as a LAN.
wide area network (WAN) - a network where nodes are physically located in a widely dispersed geographical area and are connected to the same physical network.
Practical Application
FIG. 3 shows a typical example of the application of this method is a small office with 5 computers sharing a single modem connection to gain Internet access.
The following conditions must be met:
Two or more computers configured as a LAN connected to one another by a persistent network connection running the TCP/IP protocol. The computers may be of any manufacture, architecture, or origin with the proviso that a Java virtual machine is available for the one computer connected to the public network. One physical connection to a public network attached to a computer on the LAN. This could be an analog modem, ISDN, ADSL, cable, or other physical connection.
Access to a public network and services desired.
Proprietary, platform neutral, ARR computer program an example of which is illustrated in the flow chart shown in FIG. 13.
An example of the method is shown in the flow chart in FIG. 5. and is described as follows:
1) Verify that computers on the LAN can communicate via TCP/IP and can resolve hostnames locally.
2) Use the computer attached to the physical connection medium to establish a connection to a public network.
3 ) Start ARR computer program on that same computer .
4) Configure applications on all of the computers to request services from the computer running the ARR computer program, (i.e. Electronic mail client sends all requests to the computer running the ARR computer program, or a web browser is configured to the use the computer running the ARR computer program as a proxy)
5) Monitor the physical connection and re-establish if necessary.
6) Computers inside the LAN make requests to ARR computer program.
7) ARR computer program evaluates the -request.
8) If the request is valid, ARR computer program communicates with a public network to fulfill requests on behalf of the nodes on the LAN. 9) ARR computer program communicates results from the requests to the computers on the LAN.
The key component in this method is the ARR computer program. It uses application request relay algorithms for passing service requests and answers from the LAN to a public network over the modem. It is important to note that the physical connection/service sharing is entirely software based and requires no special hardware interface and the same ARR computer program will run on virtually all computer systems without modification.
This method is enabled by ARR computer program, which is currently written in the Java computer programming language. The use of TCP/IP for the communications protocol enables almost any computer to communicate with any other computer. It is important to note that although TCP/IP is used to communicate both inside the LAN and on a public network that there is no data packet routing occurring in ARR computer program.
The ARR computer program "listens" for requests from the LAN connected computers and connects to the location where the request may be fulfilled. In certain instances, the ARR computer program may work in conjunction with proxy servers or services on the public network.
The ARR computer program is not a member of a well-known protocol family. It is a new layer positioned between TCP/IP and any other protocol the request may require .
These special attributes of ARR computer program make this method not only possible, but a reality. It is a simple, yet very effective solution to sharing public network resources and connections.
DESCRIPTION OF OPERATION The manner of using the method for connecting multiple heterogeneous computers to a public network using a single physical connection is revealed in FIGS. 6 through 11. The first five (5) steps of the method shown in FIG. 5. must be performed properly prior to actual operation. Steps six (6) through nine (9) are repeated as often as necessary and form the basis of operation. The following procedure clearly highlights the operation of this method using a typical situation in which a computer on the LAN requests a particular web page.
A request is made from the computer on the LAN to ARR in FIG. 6.
In FIG. 7. the request is evaluated and the corresponding resource is requested from a public network. During this step, rules or filters regarding the request may be consulted and acted upon by ARR. In FIG. 8. the ARR may fulfill or deny the request using this feature.
The results of the request are returned to ARR in FIG. 9.
The results of the request are returned to the initiating computer on the LAN from ARR in FIG. 10. During this step, rules or filters regarding the request may be consulted and acted upon by ARR. In FIG. 11. the ARR may modify, fulfill, or deny the request using this feature.
FIG 12 shows that requests originating from a computer outside the LAN will not be fulfilled.
CONCLUSION, RAMIFICATIONS AND SCOPE
Accordingly, the reader can see that the method can be used to connect multiple heterogeneous computers to public networks using a single physical connection in a secure and user friendly manner, using standard hardware and software, while effectively using an entity's resources, providing this capability in a very economical manner. The application request relay has additional advantages in that • it provides public network access without utilizing data packet routing;
• it permits public network access with consideration given to security rules ;
• it may be used over any medium of physical connection to a public network;
• it enables full time connection to a public network.
Although the description above contains many specific actions, these should not be construed as limiting the scope of the method but merely as providing illustrations of some of the presently preferred embodiments of the method. For example, the method can be used for implementing an intelligent network content filter, as a basis for electronic commerce, or as a strategy for linking many branch offices together.
Thus the scope of this method should be determined by the appended claims and their legal equivalents, rather than by the examples given.

Claims

We claim :
1. A method for connecting a plurality of heterogeneous computers to a public network using a single physical connection, each computer capable of running at least one application program, comprising the steps of:
(a) providing a network comprising of said computers, wherein said computers are capable of communicating via a network protocol ;
(b) providing a physical connection to a public network connected to a first computer of said computers;
(c) providing an application request relay running on said first computer;
(d) configuring an application on any of said computers to use said application request relay;
(e) monitoring said physical connection to ensure good working order;
(f) whereby said computers communicate said requests to said application request relay which is communicated to said public network; and,
(g) whereby content resulting from said request is communicated from said public network to said application request relay which is communicated to said computers .
2. A method for filtering content requested from a public network over a single physical connection by a plurality of computers, comprising the steps of:
(a) providing a network comprising said computers wherein said computers are capable of communicating via a network protocol ;
(b) providing a physical connection to a public network connected to the first computer of said computers;
(c) providing an application request relay running on said first computer;
(d) providing a filter for content contained in said application request relay; (e) configuring an application on any of said computers to use said application request relay and filter;
(f) monitoring said physical connection to ensure good working order ;
(g) whereby said computers communicate said request to said application request relay which is evaluated by said filter; and,
(h) whereby said request passes said filter and is communicated to said public network; and,
(i) whereby said request is communicated from said public network to said application request relay where said content resulting from said request is evaluated by said filter; a,nd,
(j) whereby said content passes said filter and is communicated to said computers .
3. A method for a secure data transmission requested from a computer or a network through a public network over a single physical connection by a plurality of computers, comprising the steps of :
(a) providing a network comprising said computers wherein said computers are capable of communicating via a network protocol ;
(b) providing a physical connection to a public network connected to the first computer of said computers;
(c) providing an application request relay running on said first computer;
(d) providing a security mechanism for said data transmission contained in said application request relay;
(e) configuring an application on said computers to use said security mechanism on said application request relay;
(f) monitoring said physical connection to ensure good working order; (g) whereby said computers communicate said request to said application request relay which is protected by said security mechanism;
(h) whereby said request is communicated to said public network; and,
(I) whereby said request is communicated from said public network to said application request relay where said content is communicated to said computers .
PCT/US1998/001248 1997-01-16 1998-01-16 Method for connecting multiple heterogeneous computers to public networks using a single physical connection WO1998032077A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU62471/98A AU6247198A (en) 1997-01-16 1998-01-16 Method for connecting multiple heterogeneous computers to public networks using a single physical connection

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US3563097P 1997-01-16 1997-01-16
US60/035,630 1997-01-16
US3675697P 1997-01-27 1997-01-27
US60/036,756 1997-01-27

Publications (1)

Publication Number Publication Date
WO1998032077A1 true WO1998032077A1 (en) 1998-07-23

Family

ID=26712328

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1998/001248 WO1998032077A1 (en) 1997-01-16 1998-01-16 Method for connecting multiple heterogeneous computers to public networks using a single physical connection

Country Status (2)

Country Link
AU (1) AU6247198A (en)
WO (1) WO1998032077A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG81299A1 (en) * 1998-09-02 2001-06-19 Ibm Virtual client to gateway connection over multiple physical connections
US6317837B1 (en) * 1998-09-01 2001-11-13 Applianceware, Llc Internal network node with dedicated firewall
US7844746B2 (en) 2008-02-01 2010-11-30 International Business Machines Corporation Accessing an effective address and determining whether the effective address is associated with remotely coupled I/O adapters
US7921261B2 (en) 2007-12-18 2011-04-05 International Business Machines Corporation Reserving a global address space
US7925842B2 (en) 2007-12-18 2011-04-12 International Business Machines Corporation Allocating a global shared memory
US8893126B2 (en) 2008-02-01 2014-11-18 International Business Machines Corporation Binding a process to a special purpose processing element having characteristics of a processor

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5706434A (en) * 1995-07-06 1998-01-06 Electric Classifieds, Inc. Integrated request-response system and method generating responses to request objects formatted according to various communication protocols

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5706434A (en) * 1995-07-06 1998-01-06 Electric Classifieds, Inc. Integrated request-response system and method generating responses to request objects formatted according to various communication protocols

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"INSTALLING THE TIS PROXY SERVER", XP002913442, Retrieved from the Internet <URL:HTTP://WWW.THEOCHEM.UNI-DUESSELDORF...U/LINUX-HOWTO/FIREWALL-HOWTO-7.HTM> [retrieved on 19980413] *
WACK J: "INTRODUCTION TO FIREWALLS", XP002913443, Retrieved from the Internet <URL:HTTP://CSR.NCSL.NIST.GOV/NISTPUBS/800-10/NODE30.HTM> [retrieved on 19980413] *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6317837B1 (en) * 1998-09-01 2001-11-13 Applianceware, Llc Internal network node with dedicated firewall
US7739302B2 (en) 1998-09-01 2010-06-15 Stacy Kenworthy Network attached device with dedicated firewall security
US8306994B2 (en) 1998-09-01 2012-11-06 Robust Networks, Llc Network attached device with dedicated firewall security
US8892600B2 (en) 1998-09-01 2014-11-18 Robust Networks, Llc Network attached device with dedicated firewall security
SG81299A1 (en) * 1998-09-02 2001-06-19 Ibm Virtual client to gateway connection over multiple physical connections
US7921261B2 (en) 2007-12-18 2011-04-05 International Business Machines Corporation Reserving a global address space
US7925842B2 (en) 2007-12-18 2011-04-12 International Business Machines Corporation Allocating a global shared memory
US7844746B2 (en) 2008-02-01 2010-11-30 International Business Machines Corporation Accessing an effective address and determining whether the effective address is associated with remotely coupled I/O adapters
US8893126B2 (en) 2008-02-01 2014-11-18 International Business Machines Corporation Binding a process to a special purpose processing element having characteristics of a processor

Also Published As

Publication number Publication date
AU6247198A (en) 1998-08-07

Similar Documents

Publication Publication Date Title
EP0986229B1 (en) Method and system for monitoring and controlling network access
US7296292B2 (en) Method and apparatus in an application framework system for providing a port and network hardware resource firewall for distributed applications
US7315903B1 (en) Self-configuring server and server network
JP4545925B2 (en) Method of mediating connection by agent system in computer network and medium storing software agent program
US6832321B1 (en) Public network access server having a user-configurable firewall
US5550984A (en) Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information
US7733795B2 (en) Virtual network testing and deployment using network stack instances and containers
US7739729B2 (en) Electronic security system and scheme for a communications network
CA2323766C (en) Providing secure access to network services
US6003084A (en) Secure network proxy for connecting entities
US7174378B2 (en) Co-location service system equipped with global load balancing (GLB) function among dispersed IDCS
US6233688B1 (en) Remote access firewall traversal URL
US20020078213A1 (en) Method and system for management of resource leases in an application framework system
US20060130133A1 (en) Automated generation of configuration elements of an information technology system
US20080130897A1 (en) Method and system for transmitting information across a firewall
EP1328102A1 (en) Method and system for managing the access to a communication network based on authentication data
US7269647B2 (en) Simplified network packet analyzer for distributed packet snooper
JP4873960B2 (en) Method for facilitating application server functions and access nodes including application server functions
US6651174B1 (en) Firewall port switching
US20050125511A1 (en) Intelligent local proxy for transparent network access from multiple physical locations
US6029201A (en) Internet application access server apparatus and method
EP1274011B1 (en) A method and system for routing and logging a request
WO1998032077A1 (en) Method for connecting multiple heterogeneous computers to public networks using a single physical connection
US20070033641A1 (en) Distributed Network Security System
KR100359559B1 (en) Method of real private network service

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM GW HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1998534719

Format of ref document f/p: F

122 Ep: pct application non-entry in european phase