METHOD FOR CONNECTING MULTIPLE HETEROGENEOUS COMPUTERS TO PUBLIC ETWORKS USING A SINGLE PHYSICAL CONNECTION.
This application claims priority under 35 U.S. C. § 119(e) from U.S. Provisional Application Number 60/035,630, filed Jan 16, 1997, by applicants Bruce W. Cornett and Michael Harding, entitled METHOD OF TRANSMITTING SENSITIVE MESSAGES ACROSS PUBLIC NETWORKS BETWEEN TRUSTED OR UNTRUSTED TRANSMITTERS AND TRUSTED SERVER, and U.S. Provisional Application Number 60/036,756, filed Jan 27, 1997, by applicants Michael A. Harding and Bruce W. Cornett, entitled METHOD OF CONNECTION MULTIPLE, HETEROGENEOUS COMPUTERS TO PUBLIC NETWORK USING A SINGLE MODEM BASED CONNECTION. The invention description contained in those provisional applications are incorporated by reference into this description.
BACKGROUND OF THE INVENTION - FIELD OF INVESTIGATION
This invention relates to computer inter-networking, specifically a method of connecting multiple heterogeneous computers configured as a local area network (LAN) to a public network using one physical connection.
BACKGROUND OF THE INVENTION - DESCRIPTION OF PRIOR ART
The current state of the art consists of using data packet routing as the interconnection between two or more networks . This method uses the Network layer in the OSI model as the driver in determining actions. Indeed, there are at least a dozen hardware devices and nearly as many software solutions to this problem in available today. Two methods exist for connecting multiple computers to public networks, leased line solutions and multiple access solutions. Both of these methods rely on
data packet routing for communications. There are over 130 prior art references related to data packet routing listed under US Patent Class 395/200.15.
The typical data packet routing solution for connecting multiple heterogeneous computers to a public network involves procuring some sort of physical connection, most often a leased line of 56kb bandwidth or higher. This solution uses a data packet router as the interface between the LAN and the public network. Additionally, most entities using this method of inter-connection install and maintain some sort of security mechanism most often a firewall.
This practice of using data packet routing for network interconnection works well but has several disadvantages. The first is that in using data packet routing for access, routing devices must be very specific and have software written specifically for each type and version of device in existence. This is resource intensive and much of the same work is repeated over and over creating an opportunity for operation anomalies to be introduced at each revision for each type and version of device.
Data packet routing also requires a knowledgeable technician to install, configure, and maintain each device and oversee the interaction of all nodes on the network for proper performance and configuration. It is very demanding work to keep the LAN and the public network as discreet entities using data packet routing, though it can be accomplished. This is an expensive and time-consuming process.
Finally, data packet routing evaluates each data packet and then sends it to the appropriate destination. This method is ineffective for handling requests since a data request consists of many individual packets. It is unrealistic and very difficult to use a data packet routing method to evaluate requests as a resul .
Using data packet routing for a small number of computers is not cost effective today due to its complexity, the cost of the components, and the need for skilled technicians to design, install, configure, and maintain this method of connecting multiple heterogeneous computers to public networks.
Another more common approach to gain public network access among small groups of heterogeneous computers connected in a LAN is to install a modem on each computer, an additional telephone line for each computer, and procure a public network access account for each computer. While this approach negates the need for a skilled technician, expensive leased line and equipment, and sophisticated maintenance; it does have the following disadvantages.
Since there is no common access point for the computers in the LAN, there is no opportunity to provide consistent protection or enact a security policy for each computer. This can pose a problem for the entity as private resources can be publicly exposed to anyone else on the public network. This is like leaving the door to a store open for any person to walk in, look around, and perhaps leave with whatever items they want without even the storekeeper's knowledge.
Additionally, since there is, in effect, a single connection for each computer in the LAN, an ineffective allocation of resources for the entity is the result. This may be more cost effective than a leased line solution for a small organization, but it is certainly not an ideal solution because each phone line and access account creates additional operating expense and each modem creates additional capital expense for the entity.
Finally, this multiple access solution does not result in a full time connection to the public network. Access is on demand, but not continuous. This is necessarily disadvantageous, as there will be a
communication lag when a message arrives and the receiving computer is not connected.
OBJECTS AND ADVANTAGES
Accordingly, several objects and advantages of this invention are:
a) to provide a method which does not require proprietary hardware and is thus device independent;
b) to provide a method which is simple to install, configure, and use;
c) to provide a method which relies on an application request relay computer program rather than data packet routing for communication;
d) to provide a method which utilizes stock components like computers running operating systems from Microsoft, Apple, IBM, etc.;
e) to provide a method which uses a single physical connection over any medium (ISDN, ADSL, cable modem, plain old telephone lines, etc.) as the physical connection to the public network;
f) to provide a method which has a "firewall" effect at the Application layer rather than the Network layer (FIG. 1) ;
g) to provide a method which enables a real time connection to the public network.
Further objects and advantages are to provide a central point of entry for a LAN to the public network, where specific security features may be employed, which does not require a highly skilled technician to enact, is economical, and results in an effective use of resources. Still further objects and advantages will become apparent from a consideration of the ensuing description and drawings .
BRIEF DESCRIPTION OF THE DRAWINGS
FIG. 1 shows the OSI Model with associated layers.
FIGS. 2 and 3 show a network topology that represents the current methods for connecting LANs to a public network.
FIG. 4 shows a network topology that represents the new method for connecting LANs to a public network.
FIG. 5 shows a flow chart detailing the method.
FIGS. 6, 7, 8, 9,10, and 11 show a network topology that demonstrates the method contained in the ARR computer program using a single physical connection to a public network.
FIG. 12 shows a network topology that demonstrates the method contained in the ARR computer program to deny requests originating from a computer outside the LAN.
FIG. 13 shows a flow chart detailing the components of the ARR computer program.
SUMMARY OF THE INVENTION
In accordance with the present invention, a method of connecting a plurality of heterogeneous computers, each capable of running an application program, to a public network using one physical connection, this method consists of a LAN, capable of communicating via TCP/IP protocol, with one computer running the application request relay (ARR) computer program, and a physical connection from the computer running the ARR computer program to the public network. The physical connection may be a dial up modem connecting over the public telephone network, a
wireless connection, ISDN, or leased lines, but is not limited to these connections. Applications needing network services on any computer on the LAN are configured to send requests for network services to the computer running the ARR software. The ARR software communicates the request to the public network and returns the result to the requesting computer on the LAN.
The present invention provides a method for filtering content from the public network to computers of aforesaid LAN, by providing a filter to evaluate requests from computers on the LAN and allow or deny such requests as appropriate. Further, said filter evaluates content of requests returned from the public network to the ARR software and may allow or deny such content as appropriate.
The present invention provides a method for secure data transmission between computers of aforesaid LAN and computers external to the LAN, through the public network, by providing a security mechanism to evaluate the identification of computers sending requests to the ARR software. The security mechanism evaluates requests returned from the public network to the ARR software and may allow or deny such requests as appropriate .
DESCRIPTION OF PRACTICAL APPLICATION Definition Of Technical Terms As Used In This Document
application request relay - a mechanism for evaluating and fulfilling requests (logical groups of data packets) from point to point using the Application layer of the Open Systems Interconnection (OSI) Model.
content - information contained in an internet resource, such as a "web page " .
data packet - a small piece of digital information encapsulated with routing information to denote origin and destination.
firewall - a device (computer/router) that uses data packet filtering to determine if a particular data packet should be allowed to transit between two or more computer networks . This is the primary method used to provide security to LANs/WANs attached to public networks.
Java virtual machine - the part of the Java runtime environment responsible for interpreting Java bytecodes
listener - a computer server resource that waits for a client request
local area network (LAN) - a network where all nodes are located in close physical proximity to one another.
network - a group of computers physically connected to one another using some established protocol (e.g. TCP/IP) to communicate amongst themselves.
node - a computer or device physically connected to a network.
open systems interconnection (OSI) model - a layered model used by computer network communication protocols (e.g. TCP/IP). This model breaks each function from physical connection to application into seven "layers" which are inter-dependent.
public network - a group of networks connected to one another that exist for public access to resources available in the connected networks. These networks share a common communication protocol (e.g. TCP/IP) and use routing to send data packets from point to point on the network. The "Internet" is one example of a public network.
requests - logical groups of data packets (this may be content or other information as may be requested by a computer connected to a LAN)
transmission control protocol/internet protocol (TCP/IP) - a well known and defined mechanism used by computers and other devices to communicate with one another.
routing - a mechanism for evaluating data packets for delivery from one node to another on any computer network using the Network layer of the OSI Model.
small office/home office (SOHO) - a location consistent with the US Government's definition of a small business with multiple computers configured as a LAN.
wide area network (WAN) - a network where nodes are physically located in a widely dispersed geographical area and are connected to the same physical network.
Practical Application
FIG. 3 shows a typical example of the application of this method is a small office with 5 computers sharing a single modem connection to gain Internet access.
The following conditions must be met:
Two or more computers configured as a LAN connected to one another by a persistent network connection running the TCP/IP protocol. The computers may be of any manufacture, architecture, or origin with the proviso that a Java virtual machine is available for the one computer connected to the public network.
One physical connection to a public network attached to a computer on the LAN. This could be an analog modem, ISDN, ADSL, cable, or other physical connection.
Access to a public network and services desired.
Proprietary, platform neutral, ARR computer program an example of which is illustrated in the flow chart shown in FIG. 13.
An example of the method is shown in the flow chart in FIG. 5. and is described as follows:
1) Verify that computers on the LAN can communicate via TCP/IP and can resolve hostnames locally.
2) Use the computer attached to the physical connection medium to establish a connection to a public network.
3 ) Start ARR computer program on that same computer .
4) Configure applications on all of the computers to request services from the computer running the ARR computer program, (i.e. Electronic mail client sends all requests to the computer running the ARR computer program, or a web browser is configured to the use the computer running the ARR computer program as a proxy)
5) Monitor the physical connection and re-establish if necessary.
6) Computers inside the LAN make requests to ARR computer program.
7) ARR computer program evaluates the -request.
8) If the request is valid, ARR computer program communicates with a public network to fulfill requests on behalf of the nodes on the LAN.
9) ARR computer program communicates results from the requests to the computers on the LAN.
The key component in this method is the ARR computer program. It uses application request relay algorithms for passing service requests and answers from the LAN to a public network over the modem. It is important to note that the physical connection/service sharing is entirely software based and requires no special hardware interface and the same ARR computer program will run on virtually all computer systems without modification.
This method is enabled by ARR computer program, which is currently written in the Java computer programming language. The use of TCP/IP for the communications protocol enables almost any computer to communicate with any other computer. It is important to note that although TCP/IP is used to communicate both inside the LAN and on a public network that there is no data packet routing occurring in ARR computer program.
The ARR computer program "listens" for requests from the LAN connected computers and connects to the location where the request may be fulfilled. In certain instances, the ARR computer program may work in conjunction with proxy servers or services on the public network.
The ARR computer program is not a member of a well-known protocol family. It is a new layer positioned between TCP/IP and any other protocol the request may require .
These special attributes of ARR computer program make this method not only possible, but a reality. It is a simple, yet very effective solution to sharing public network resources and connections.
DESCRIPTION OF OPERATION
The manner of using the method for connecting multiple heterogeneous computers to a public network using a single physical connection is revealed in FIGS. 6 through 11. The first five (5) steps of the method shown in FIG. 5. must be performed properly prior to actual operation. Steps six (6) through nine (9) are repeated as often as necessary and form the basis of operation. The following procedure clearly highlights the operation of this method using a typical situation in which a computer on the LAN requests a particular web page.
A request is made from the computer on the LAN to ARR in FIG. 6.
In FIG. 7. the request is evaluated and the corresponding resource is requested from a public network. During this step, rules or filters regarding the request may be consulted and acted upon by ARR. In FIG. 8. the ARR may fulfill or deny the request using this feature.
The results of the request are returned to ARR in FIG. 9.
The results of the request are returned to the initiating computer on the LAN from ARR in FIG. 10. During this step, rules or filters regarding the request may be consulted and acted upon by ARR. In FIG. 11. the ARR may modify, fulfill, or deny the request using this feature.
FIG 12 shows that requests originating from a computer outside the LAN will not be fulfilled.
CONCLUSION, RAMIFICATIONS AND SCOPE
Accordingly, the reader can see that the method can be used to connect multiple heterogeneous computers to public networks using a single physical connection in a secure and user friendly manner, using standard hardware and software, while effectively using an entity's resources, providing this capability in a very economical manner. The application request relay has additional advantages in that
• it provides public network access without utilizing data packet routing;
• it permits public network access with consideration given to security rules ;
• it may be used over any medium of physical connection to a public network;
• it enables full time connection to a public network.
Although the description above contains many specific actions, these should not be construed as limiting the scope of the method but merely as providing illustrations of some of the presently preferred embodiments of the method. For example, the method can be used for implementing an intelligent network content filter, as a basis for electronic commerce, or as a strategy for linking many branch offices together.
Thus the scope of this method should be determined by the appended claims and their legal equivalents, rather than by the examples given.