Secure remote access to an Internet Web server
TL;DR: In this paper, the authors address the problem of secure remote access to a site's internal Web server from outside the firewall using a one-time password scheme for client authentication and secure socket layer (SSL) for confidentiality.
Abstract: We address the problem of secure remote access to a site's internal Web server from outside the firewall The goal is to give authorized users access to sensitive information, while protecting the information from others We implemented our solution using a one-time password scheme for client authentication and secure socket layer (SSL) for confidentiality Our main design considerations were security, performance, ease of use, availability, and scale We were further constrained by the desire to leave our firewall and local infrastructure unchanged
Citations
More filters
Patent•
29 Oct 1999TL;DR: In this article, a load balancer that distributes packets across different transmission paths according to transmission path quality is introduced, along with a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry.
Abstract: A plurality of computer nodes communicate using seemingly random Internet Protocol source and destination addresses. Data packets matching criteria defined by a moving window of valid addresses are accepted for further processing, while those that do not meet the criteria are quickly rejected. Improvements to the basic design include (1) a load balancer that distributes packets across different transmission paths according to transmission path quality; (2) a DNS proxy server that transparently creates a virtual private network in response to a domain name inquiry; (3) a large-to-small link bandwidth management feature that prevents denial-of-service attacks at system chokepoints; (4) a traffic limiter that regulates incoming packets by limiting the rate at which a transmitter can be synchronized with a receiver; and (5) a signaling synchronizer that allows a large number of nodes to communicate with a central node by partitioning the communication function between two separate entities.
786 citations
Patent•
13 Sep 2012
TL;DR: A secure domain name service for a computer network is disclosed that includes a portal connected to the Internet, and a domain name database that stores secure computer network addresses for the computer network as discussed by the authors.
Abstract: A secure domain name service for a computer network is disclosed that includes a portal connected to a computer network, such as the Internet, and a domain name database connected to the computer network through the portal. The portal authenticates a query for a secure computer network address, and the domain name database stores secure computer network addresses for the computer network. Each secure computer network address is based on a non-standard top-level domain name, such as .scom, .sorg, .snet, .snet, .sedu, .smil and .sint.
294 citations
Patent•
16 Aug 2007
TL;DR: In this article, a technique for establishing a secure communication link between a first computer and a second computer over a computer network has been described, where one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.
Abstract: A technique is disclosed for establishing a secure communication link between a first computer and a second computer over a computer network. Initially, a secure communication mode of communication is enabled at a first computer without a user entering any cryptographic information for establishing the secure communication mode of communication. Then, a secure communication link is established between the first computer and a second computer over a computer network based on the enabled secure communication mode of communication. The secure communication link is a virtual private network communication link over the computer network in which one or more data values that vary according to a pseudo-random sequence are inserted into each data packet.
270 citations
Patent•
20 Apr 2001
TL;DR: In this article, a framework for automatically provisioning computing devices includes a central database system and a central file system, where information stored in the database comprises a model of the individual devices, as well as the interconnections of the devices.
Abstract: A framework for automatically provisioning computing devices includes a central database system and a central file system. Information stored in the database comprises a model of the individual devices, as well as the interconnections of the devices. The central file system stores the software components to be installed on the devices. When provisioning is carried out, the database sends commands to agents located on each device which cause them to retrieve and install the software components from the file system, and to configure the components according to the stored model.
220 citations
Patent•
21 Jul 2001TL;DR: In this article, a method for providing user interfaces in a first network to a remote access device, including first devices interconnected via a communication medium, and at least one interface device for communication with the remote access devices, was proposed.
Abstract: A method for providing user interfaces in a first network to a remote access device, the first network including first devices interconnected via a communication medium, and at least one interface device for communication with the remote access device, the user interfaces for controlling the devices that are currently connected to the first network The remote access device establishes communication with the first network via the interface device; the remote access device sends a request to the interface device for accessing the first network; at least one of the first devices in the first network obtains information from one or more of said first devices currently connected to the first network, said information including device information, and generating a user interface description including at least one reference associated with the device information of each of said one or more first devices; the interface device sends the user interface description to the remote access device; and the remote access device displays a user interface based on the user interface description, for user interaction with the first network
219 citations
References
More filters
Book•
01 Jan 1996TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Abstract: From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols; more than 200 tables and figures; more than 1,000 numbered definitions, facts, examples, notes, and remarks; and over 1,250 significant references, including brief comments on each paper.
13,597 citations
Proceedings Article•
01 Apr 1992
TL;DR: This document describes the MD5 message-digest algorithm, which takes as input a message of arbitrary length and produces as output a 128-bit "fingerprint" or "message digest" of the input.
Abstract: This document describes the MD5 message-digest algorithm. The
algorithm takes as input a message of arbitrary length and produces as
output a 128-bit "fingerprint" or "message digest" of the input. This
memo provides information for the Internet community. It does not
specify an Internet standard.
3,514 citations
TL;DR: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system.
Abstract: A method of user password authentication is described which is secure even if an intruder can read the system's data, and can tamper with or eavesdrop on the communication between the user and the system. The method assumes a secure one-way encryption function and can be implemented with a microcomputer in the user's terminal.
2,874 citations
Journal Article•
TL;DR: Presentation de la norme americaine de codage des donnees informatisees (DES: Data Encryption Standard) permet de proteger lesDonnees selon des criteres qui sont developpes dans ce texte.
Abstract: Presentation de la norme americaine de codage des donnees informatisees (DES: Data Encryption Standard). Adaptee par l'Agence nationale de securite en janvier 1988, elle permet de proteger les donnees selon des criteres qui sont developpes dans ce texte
1,240 citations