RussianPatents.com

Network architecture for secure data transmission
Network architecture for secure data transmission
IPC classes for russian patent Network architecture for secure data transmission (RU 2504912):
H04L9/32 - including means for verifying the identity or authority of a user of the system (security arrangements for protecting computers or computer systems against unauthorised activity G06F0021000000; dispensing apparatus actuated by coded identity card orcredit card G07F0007080000; specially adapted for wireless communication networks H04W0012000000)
Another patents in same IPC classes:
Electronic certification, identification and transmission of information using coded graphic images Electronic certification, identification and transmission of information using coded graphic images / 2494455
Method of electronic certification, identification during data transmission by means of usage of coded graphic images, including: user registration on a server of a system for electronic certification, identification and transmission of data by means of usage of coded graphical images, where process versions have a client-server architecture; generation of one or several graphical images to the registered user; coding of certain user information in one or several images; coding of a user's message; and classification of correspondence during its transmission between users by means of attachment to the message of one or several specified graphical images, used by the client connected with the second user, in order to confirm authenticity of one or several certifications, identifications and correspondence.
Method for user terminal authentication of interface server and interface server and user terminal therefor Method for user terminal authentication of interface server and interface server and user terminal therefor / 2491771
Method includes receiving authentication request information from an application service providing server in order to request the interface server to authenticate the user terminal receiving an application service provided from the application service providing server; authenticating the user terminal according to the authenticating request information; and transmitting authentication response information including an authentication result of performing the authentication method to the application service providing server. The interface server provides an interface for a network to the application service providing server, wherein the authentication method is selected by the interface server or the user of the user terminal without the intervention of application service provider for successful authentication of the user terminal when the authentication method selected by the application service provider is inapplicable for the interface server, wherein information on the authentication method selected by the user of the user terminal is used together with the interface server.
Method for user terminal authentication and authentication server and user terminal therefor Method for user terminal authentication and authentication server and user terminal therefor / 2491733
Method for user terminal authentication in an authentication server comprises steps of: receiving authentication request information for accessing a network from the user terminal; processing an EAP authentication procedure according to the authentication request information; and transmitting a message related to the EAP authentication procedure to the user terminal, wherein the message includes network rejection information when network rejection is triggered, and the network rejection information includes network rejection reason information and control information related to re-accessing instructions for the user terminal to cope with the network rejection.
Methods for automatic identification of participants for multimedia conference event Methods for automatic identification of participants for multimedia conference event / 2488227
Apparatus to automatically identify participants for a multimedia conference event comprising a content-based annotation component that operates to receive a meeting invitee list for a multimedia conference event; receiving multiple input media streams from multiple meeting consoles, and annotating video content from each input media stream with identifying information for each participant within each input media stream to form a corresponding annotated media stream, wherein the identifying information for each participant moves with that participant when the participant moves within the video content.
Method and apparatus for generating security data and computer program product Method and apparatus for generating security data and computer program product / 2487482
Method of generating security data for conducting a secure communication session between a first entity and at least a second entity on a defined protocol for creating secure communication sessions, wherein the security data are data for executing a SSL protocol or a TLS protocol, the method comprising: said first entity installing a secure smart card associated with said first entity; generating at least a portion of said secure data in said secure smart card based on instructions transmitted by said first entity; transmitting said secure data from said secure smart card to said first entity; and setting up said secure communication session between said first entity and said at least second entity with said transmitted security data.
Methods of transmitting and receiving data, particularly for secure communication between aircraft and ground base, corresponding devices and aircraft equipped with said devices Methods of transmitting and receiving data, particularly for secure communication between aircraft and ground base, corresponding devices and aircraft equipped with said devices / 2481716
Method of transmitting data comprises the following steps: determining an authentication word for said data, wherein said authentication word is linked with said data before processing; processing the data to obtain processed data, wherein processing involves a data encryption step, a step for compressing the encrypted data and a step for converting 8-bit words to 6-bit words; transmitting the processed data over a communication channel.
System and method of recovering password and encrypted data on mobile devices System and method of recovering password and encrypted data on mobile devices / 2481632
System for recovering an information key (K) includes: (a) an information key encryption module for encrypting the information key using a user password and creating information key recovery features which are at least a user identifier and a mobile device identifier, wherein use of said information key recovery features is intended in case of unforeseen actions; (b) a data transmission module; (c) a recovery information storage module for storing information key recovery features for subsequent transmission of the required information key recovery features to the information key recovery module in case of successful user authentication; (d) a recovery module for transmitting user authentication features to the storage module in order to obtain the required information key recovery features.
Method and device intended for software downloads in network Method and device intended for software downloads in network / 2480926
Proposed method of data provision to a gateway device in a network includes stages, at which: the first file, the first element of authentication and the second element of authentication are received, besides, the specified first element of authentication is unique for a client device connected with the gateway device (430, 650), it is defined whether the second element of authentication is valid for the specified gateway device (660), and the specified first element of authentication and the second file are saved for the specified client device, if the specified second element of authentication is valid for the specified gateway device (670).
Method for protection of computer networks Method for protection of computer networks / 2475836
Multiple reference sets of appearances of unauthorised information flows are set, which differ from each other by identifiers SREF={Sj}, and also the threshold value of hit ratio QHIT THRESHOLD is set for a sequence of appearances of an unauthorised information flow with an appropriate reference set, after identification of identifiers from a heading of another received packet of messages and their comparison with reference identifiers, in case of mismatch of a receiver's address in the received packet of messages of an unauthorised information flow with specified false addresses of subscribers of a computer network it is additionally added into a list of preset false addresses of subscribers of a computer network, then the message packet is sent to specified false addresses of computer network subscribers, identifiers of appearance of Ki of the received unauthorised flow are compared with values available in reference sets Sj of appearances of unauthorised information flows, in case of mismatch a new Sj+1 reference set is generated and memorised, afterwards they compare values of the produced hit ratio QHIT with the threshold value QHIT THRESHOLD, and if the condition QHIT≥QHIT THRESHOLD is met, they block the unauthorised information flow, and an attack signal is generated to the computer network.
Unit using operating system and image generation device that uses it Unit using operating system and image generation device that uses it / 2471229
Method to perform cryptographic data exchange in a device, which performs cryptographic data exchange with a unit of control of a replaceable user module (CRUM), installed in a replaceable unit of an image generation device, is carried out with the help of coding, by means of a controller in the specified device, a command and data with usage of a coding logic. And also with the help of generation of a communication message in the controller of the specified device by combination of a message authentication code (MAC) and a coded command and data. Further the communication message is sent from the specified device to the CRUM unit via a user interface.
/ 2253948
/ 2258315
/ 2258324
/ 2259639
/ 2260840
/ 2271613
/ 2273959
/ 2274899
/ 2278477
/ 2282311

FIELD: radio engineering, communication.

SUBSTANCE: network architecture includes a perimetre network connected between an internal network and an external network. The perimetre network includes one or more external edge nodes that are connected to the external network and a plurality of proxy servers that are each connected to one or more of the external edge nodes. One or more internal edge nodes are connected between the plurality of proxy servers and the internal network. The proxy servers are configured to establish a first secure connection between a destination through the external network and a second secure connection to a destination in the internal network. Each of the plurality of proxy servers provides a substantially identical identification for authentication when establishing the first and second secure connections.

EFFECT: high level of accessibility and safety of transmitting data between a secure internal network and a an insecure external network.

20 cl, 13 dwg

 

Cross references to related applications

PCT-application claims priority on the basis of application U.S. No. 12/182613, filed July 30, 2008, entitled "Network Architecture For Secure Data Communications", the entire contents of which is contained in this document by reference.

The technical field to which the invention relates.

This invention relates, in General, to network architecture for secure data transmission, and more particularly, to a network architecture protection and high availability for data transmission between a secure internal network and an insecure external network.

Description of the prior art,

Network peripherals especially vulnerable to unauthorized data transfers and invasions, especially between the internal protected network and the external public network such as the Internet. Unauthorized transfer of data, such as viruses, spyware and other types of malicious software can be introduced from the external network to the internal network during data transmission. In addition, unauthorized intruders from the external network may attempt to access sensitive information on your internal network.

The most urgent threats to the security of internal networks are data theft, data leakage, and the address code to stealing confit is anchialine information which can be used for financial gain. For example, credit card information often is the target of theft. While the virus and phishing can get the credit card information of thousands of card holders, unauthorized access into a single large database on the internal network provides access to millions of accounts of the cardholders.

In response to increased threats were developed by the data protection Standards of the payment card industry (PCI DSS) American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc., to help facilitate the broad adoption of agreed measures of data protection in the internal networks that store data on financial performance. PCI DSS is a comprehensive set of principles and requirements to improve data protection, payment of accounts using the configuration of firewall, anti-virus software, data encryption and more advanced practical methods of protection. The standards Council the PCI security, an independent organization, responsible for developing and monitoring standards. The standards Council the PCI security is an open global forum for the ongoing development, improvement, storage, dissemination and implementation of security standards for the protection of account data. The core of the PCI DSS is a group of principles and accompanying requirements the tion, around which are arranged the specific elements of the DSS. The first principle of the PCI DSS is a "building and maintaining a secure network with the requirement of installing and maintaining a firewall configuration to protect cardholder data". Therefore, there is a need for a network architecture with high availability and security of data transmission between a secure internal network and an unsecured external network, which protects the internal network from unauthorized data transfers and intrusions.

A brief description of several views of the drawings

Fig. 1 is a block diagram of a variant of implementation of the network architecture for data transfer between the internal network and the external network in accordance with the present invention;

Fig. 2 is a diagram of a variant of the method of data transfer between the internal network and the external network in accordance with the present invention;

Fig. 3 is a block diagram of a variant of implementation of proxy in accordance with the present invention;

Fig. 4 is a block diagram of a variant of implementation of the management server in accordance with the present invention;

Fig. 5 is a logic diagram of a variant of the method of establishing a secure connection between the internal network and the external network in accordance with the present invention;

Fig. 6 is a logic diagram of a variant of implementation of the SP is soba data with high availability and load balancing between the internal network and the external network in accordance with the present invention;

Fig. 7 is a block diagram of a variant of implementation of the external boundary node, functioning for load balancing in accordance with the present invention;

Fig. 8 is a block diagram of a variant of implementation of the internal boundary node, functioning for load balancing in accordance with the present invention;

Fig. 9 is a logic diagram of a variant of the method of data with high availability and load balancing between the internal network and the external network in accordance with the present invention;

Fig. 10 is a schematic representation of another embodiment of the network architecture for data with high availability and load balancing between the internal network and the external network in accordance with the present invention;

Fig. 11 is a logic diagram of another embodiment of the method of data with high availability and load balancing between the internal network and the external network in accordance with the present invention;

Fig. 12 is a schematic representation of another embodiment of the network architecture for data with high availability and load balancing between the internal network and the external network in accordance with the present invention; and

Fig. 13 is a logic diagram of another version done by the means of data transmission with high availability and load balancing between the internal network and the external network in accordance with the present invention.

The implementation of the invention

Fig. 1 is a block diagram of a variant of implementation of the network architecture for data transfer between the internal network and the external network in accordance with the present invention. Network architecture 100 includes a demilitarized zone (DMZ) or the network 102 perimeter, connected between the internal network 104 and the external network 106. Network 102 perimeter can be separately managed by the network from the internal network 104 or subnet on the internal network 104. The internal network 104 is a secured network, such as private or corporate local area network (LAN) or wide area network (WAN). External network 106 is a public network such as the Internet or a private network of an unknown third party.

Network 102 perimeter includes one or more external boundary nodes 108a-108n, which are connected with the external network 106. External boundary nodes 108a-n can be gateways, routers, switches, bridges, servers, or their combination. Network 102 perimeter also includes many proxy servers 110a-110n, each of which is connected with one or more external boundary nodes 108a-n. One or more internal boundary nodes 112a-112n are connected between multiple proxy servers 110a-n and the internal network 104. Internal boundary nodes 112a-n can be gateways, marshrutka what ora, switches, bridges, servers, or their combination. Internal boundary nodes 112a-n are connected to one or more internal servers 116 and 118. The internal network 104 additionally includes internal node 114, which may be a gateway, router, switch, bridge, server, or their combination. Internal node 114 connects many proxy servers 110a-n to the server 120 management. The server 120 includes a base 122 of the configuration data to store configuration information 128 for proxy servers 110a-n and the base 124 of the data directory to store authentication information 130 authorized users of the internal network 104. The base 122 of the configuration data and the base 124 of the directory data may be one or more databases included in the server 120 control, or can be a separate device connected to the server 120 of the control.

When working, proxy servers 110a-n control the transmission of data transmitted between the external network 106 and the internal network 104. Data transfer includes the transfer of files or data that is transmitted using the hypertext transfer Protocol (HTTP), file transfer Protocol (FTP) or other Protocol used to transfer files or data. The server 120 control configures each of the multiple proxy servers 110a-n with, essentially, identity is th configuration information 128, stored in the database 122 of the configuration data. Proxy servers 110a-n operate to provide configuration information 128 during authentication to establish a secure data connection between the client device 126a-n and the internal network 104.

When a client device 126 requests data transfer from the internal network 104, one of the many proxy servers 110a-n is selected on the basis of the list of available proxy servers 110a-n. The selected proxy server 110 establishes a first secure connection 140 on the external network 106 between the proxy server 110 and the client device 126. A secure connection is a communication channel, through one or more networks established by using a secure connection, such as secure socket layer (SSL) security Protocol at the transport layer (TLS), which provides authentication of the source or recipient. In the embodiment, the first secure connection 140 includes mutual authentication of the source and destination, for example, the client device 126 and the proxy server 110 in Fig. 1. Mutual authentication of the source and destination provides better security regarding the identity of the device requesting the data transfer. Mutual authentication is performed through the exchange of identification and, such as digital certificates, between source and destination. The proxy server 110 operates to provide identifying information as part of a digital certificate or other form of identification during mutual authentication. Identification information or the digital certificate provided by the proxy server 110 includes, essentially identical to the configuration information 128 that other proxy servers 110a-n, as explained in more detail below. In the embodiment, a secure connection also provides encryption of data.

After a secure connection 140 is established between the client device 126 and the proxy server 110, the proxy server 110 then establishes a second secure connection 142 between itself and the destination data in the internal network 104, such as one of the internal servers 116, 118. The second secure connection 142 is also installed using a Protocol establishing a secure connection with mutual authentication and encryption. After the first and second secure connection is established, data transmission from the client device 126 is received by the first secure connection 142 through the first port 132a-n proxy server 110. The proxy server 110 then reassigns the address data on the address of the recipient from the inner to the tee 104. The proxy server 110 then transmits the data to transfer from the second port 134a-n of the proxy server 110 according to the second secure connection 142. Blocking direct access to the internal network 104, the proxy server 110 provides the security of data transmission from the external network 106 to the internal network 104. In addition, the transmitted data is not stored in the proxy server 110 that provides an additional level of security.

Similarly, when the back-end server 116, 118 queries the data transmission destination on the external network 106, such as one of client devices 126a-n, one of the many proxy servers 110a-n establishes a first secure connection 144 with the internal server 116, 118 using secure socket layer (SSL)security Protocol at the transport layer (TLS) or other Protocol to establish a secure connection. The proxy server 110 then establishes a second secure connection 146 between the proxy server 110 and the client device 126a-n. After the first and second secure connection is established, data transfer from the internal server 116, 118 are accepted by the first secure connection 144 single port 136 of the proxy server 110 and then sent from another port 138 proxy server 110 according to the second secure connection 146 on the external network 106 to the client device 126a-n.

Since the configuration is the information 128, in the form of a digital certificate or other identification provided by proxy servers 110a-n essentially identical when establishing a secure connection, the client device 126a-n is unable to distinguish between proxy servers 110a-n, and a secure connection can be established by any of the many proxy servers 110a-n to transmit data. In addition, data transmission can switch between proxy servers 110a-n in the case when one of the proxy servers becomes unavailable. Thus, the network 102 perimeter ensures high availability and protection of data between the external network 106 and the internal network 104.

The server 120 functions to monitor many proxy servers 110a-n and the status of the protected compounds with many proxy servers 110a-n. The server 120 control continuously monitors the state of protected connections for errors file transfer, exceptions, and successful completions. When a secure connection is not successfully established or is interrupted, the server 120 provides notification or warning to re-initiate the establishment of a secure connection. The server 120 also provides audit logs and reports via a secure connection with many proxy servers 110a-n.

Fig. 2 is a logic diagram of a variant is sushestvennee method 150 secure data transmission with a high level of accessibility between the internal network 104 and the external network 106 in accordance with the present invention. The transmitted data is received by the network 102 perimeter, as shown in step 152. At step 154 one of the many proxy servers is selected to receive data to be transmitted, on the basis of the list of available proxy servers. In the embodiment, the list of available proxy servers can be supported by one or more external boundary nodes 108a-n, one or more of the many proxy servers 110a-n or one or more nodes load balancing, as discussed in more detail below. In other embodiments, implementation of the list of available proxy servers can be supported by another host or network management system. At step 156, the data are transmitted to the selected one of multiple proxy servers 110a-n in the network 102 perimeter. Because each of the many proxy servers 110a-n is configured by using, essentially identical to the configuration information 128, the client device 126a-n is unable to distinguish between proxy servers 110a-n, and the transmitted data can be received by any of the many proxy servers 110a-n.

At step 158 is determined, becoming one of the proxy servers 110a-n are not available. The determination may be performed external boundary nodes or one of the available proxy servers or other devices as described below. When proxy servers 110a-n is available, the process returns who are getting ready for the stage 152, to continue to receive the transferred data. When one of the proxy servers 110a-n becomes unavailable, unavailable, proxy server 110 is removed from the list of available proxy servers, as shown in step 160. Data transfer then continues as shown in step 162. The proxy server 110 is selected to receive the transmitted data on the basis of a list of the remaining one or more of the available proxy servers. At step 164 is unavailable, a proxy server is monitored to determine its status. When it becomes available again, the proxy server is added back to the list of available proxy servers, as shown at step 166. The transferred data can then be received by the proxy server again on the basis of the list of available proxy servers, as shown in step 152.

Thus, the network 102 perimeter provides secure connections high availability for data transfer between the external network 106 and the internal network 104. High availability can be achieved because each of the many proxy servers 110a-n has essentially the same configuration information 128. This similarity between proxy servers 110a-n allows you to transfer data to other available proxy servers 110a-n in case of failure of one of the proxy servers 110a-n.

Fig. 3 is a block diagram of a variant of implementation of the proxy is the server 110 in accordance with the present invention. The proxy server includes a module 170 processing and application module 172 file transfer. Application module 172 file transfer includes configurable memory 174, which stores the configuration information 128 to the proxy server 110 and server 120 management. The configuration information 128 includes identification information 176 and information 178 encryption. Identification information 176 includes server authentication, the CA to verify the identity server, the version number of the format of the certificate, the date on which valid identification information, or other relevant information for the digital certificate or other form of identification to be used when establishing a secure connection. Information 178 encryption includes the public key encryption and private key encryption system public key encryption supported algorithms key exchange ciphers and hash functions. Other information 178 encryption can be configured if necessary, or alternative information 178 encryption can be configured for other methods of encryption used to encrypt data in a secure connection. Application module 172 file transfer module 170 processing function to perform the functions of the lane is giving data and work described in this document.

Fig. 4 is a block diagram of the server 120 management. The server 120 includes a module 180 configuration and tracking module 184 processing. The server 120 also includes a base 122 of the configuration data with the configuration information 128 for each of the multiple proxy servers 110a-n. The configuration information 128 includes identification information 146 and information 148 encryption for each of the proxy servers 110a-n. The server 120 also includes a base 124 data directory, which includes authentication information 130 for authorized users of the internal network 104. Authentication information 130 includes entry 182a-n for each authorized user with authentication information. Each entry 182a-n may include identification information, information encryption, or other information for the authenticated user. The application module 180 configuration and tracking module 184 processing function to perform the functions and operation of the server 120 controls described in this document.

Fig. 5 is a logic diagram of an example method 200 of establishing a secure connection between the internal network 104 and the external network 106. At step 202, the configuration information 128 for each proxy series is EPA 110 is transmitted to the server 120 controls each of the proxy servers 110. Each of the proxy servers 110a-n is configured by using, essentially identical to the configuration information 128 through the server 120 of the control.

Next, the first secure connection is established using a Protocol establishing a secure connection between one of the client devices 126a-n and one of the many proxy servers 110. The method begins when one of the many proxy servers 110 receives a data transfer request from one of client devices 126a-n, as shown in step 204. When the security Protocol includes encryption, the request data includes a list of supported encryption settings, such as algorithms key exchange ciphers, hash functions, etc. for Example, algorithms key exchange may include RSA, the method Diffie-Hellman, DSA, SRP, PSK or other such algorithms. Ciphers may include RC4, Triple DES, AES, Camellia, RC2, IDEA and DES or other ciphers. The hash function may include HMAC-MD5 or HMAC-SHA or other functions. Other parameters may also be specified in the request data.

When the proxy server 110 receives the request data, it selects from among the listed parameters of the Protocol establishing the secure connection, and transmits a notification of the selected parameters to the client device 126, as shown in step 206. The proxy server 110 also PE is edit identification with the configuration information 128, as shown in step 208. The identification may be in the form of a digital certificate, such as a digital certificate ITU-T X.509 standard, or other form of identification. The configuration information 128 in the identification transmitted by the proxy server 110 includes at least identification information 176, such as identifying the proxy server 110. In addition, the identification may also include information 178 encryption, such as public key encryption proxy.

The proxy server 110 then requests the identification, such as a digital certificate, the client device 126a-n at step 210 in order to secure data connection can be mutually authenticated. The client device 126a-n transmits the authentication proxy server 110, as shown in step 212. In the embodiment, the proxy server 110 verifies the identity of a client device 126a-n using the certification of a third party. In another embodiment, the proxy server 110a-n transmits the authentication server 120 of the control to validate, as shown in step 214. The server 120 control verifies identity, by accessing the database 122 data directory of authorized users, as shown in step 216. At step 218, the base 132 of the data catalog provides the requested autentification the information server 130 120 control to determine whether the identified 182a-n authorized user in the database 124 data directory. When the identification is verified, the server 120 control transmits a message about checking the proxy server 110, as shown in step 220.

In order to generate the session keys used for the first secure connection, the client device 126a-n encrypts a random number using the public encryption key of the proxy server and sends the result to the proxy server 110, as shown in step 222. Since each of the proxy servers 110a-n is configured by using, essentially identical to the configuration information 128 that includes public and private encryption keys, any of the proxy servers 110a-n can decrypt the random number using its corresponding private key. From the random number, the client device 126a-n and the proxy server 110 can generate key material for encryption and decryption. This includes establishing a first secure connection between the client device 126a-n and the proxy server 110. When any of the above steps fails, the first secure connection between the proxy server 110 and the client device 126 is not installed, and the error message is transmitted by the proxy server 110 to the client device 126, ka is shown in step 224.

The proxy server 110 transmits a notification of the first secure connection to the server 120, the control at step 226. The notification shall include whether the connection is successfully established, or if an error occurred, and it was not installed. In addition, the notification may include information about the first secure connection, such as the key material for encryption required for each of the many proxy servers 110a-n to communicate over the first secure connection. The server 120 control stores information about the first secure connection to the base 124 of the data directory.

When the first secure connection is established, the proxy server 110 establishes a second secure connection with one of the internal servers 116, 118 using the Protocol establishing the secure connection. The proxy server 110 transmits a request for data transfer to one of the internal servers 116, 118, as shown in step 228. In the embodiment, the request data includes a list of supported Protocol parameters establish a secure connection, such as algorithms key exchange ciphers, hash functions, etc. When the internal server 116, 118 receives the request data, it selects from among the listed parameters of the Protocol establishing the secure connection, and transmits the notification to the selected parameters about the si-server 110a-n, as shown in step 230. In another embodiment, the proxy server 110 and the back-end server 116, 118 is configured via the parameters of the Protocol establishing secure connections for use when establishing a secure connection. In this embodiment, the query only needs to include the configured parameters supported Protocol to establish a secure connection, and the notice from the internal server 116, 118 includes an acknowledgement of preconfigured parameters of the Protocol establishing the secure connection.

Next, the proxy server 110a-n transmits identification, such as a digital certificate, the internal server 116, 118, as shown in step 232. As described above, each of the proxy servers 110a-n is configured by using, essentially identical to the configuration information 128 for digital certificates. Internal servers 116, 118 may request verification of the identity of the proxy server 110 to the server 120 of the control, as shown in step 234. The server 120 performs control access to the database 124 catalog data to verify the identity of the proxy server 110a-n, at step 236. At step 238, the server 120, the control compares the requested identification to determine whether the identification of the authorized user in the database 124 Dunn is x directory. When the identification is verified, the server 120 control transmits a confirmation back-end server 116, 118, as shown in step 240. The proxy server 110 may request identification, such as a digital certificate, the internal server 116, 118, so that a secure data connection can be mutually authenticated, as shown in step 242. Internal server 116, 118 transmits identification, such as a digital certificate, the proxy server 110, as shown in step 244. The proxy server 110 queries the verification server 120 controls as shown in step 246. The server 120 control verifies identity by accessing your database 132 catalog data at step 248 and determining whether the identified 150a-n for the authenticated user in the database 132 data directory, as shown in step 250. The server 120 control transmits a message about checking the proxy server 110a-n, as shown in step 252.

After verification, in order to generate the session keys used for the secure connection, the back-end server 116, 118 encrypts a random number using the public encryption key of the proxy server and sends the result to the proxy server 110, as shown in step 254. Since each of the proxy servers 110a-n is configured by using, essentially identical to the identification information, VK is causa in themselves public and private keys, any of the proxy servers 110a-n can decrypt the random number using its corresponding private key. From a random number of back-end server 116, 118 and the proxy server 110 can generate key material for encryption and decryption. This includes establishing a second secure connection between one of the proxy servers 110a-n and one of the internal servers 116, 118. When any of the above steps fails, the second secure connection is not established, and the error message is transmitted by the proxy server 110a-n internal server 116, 118, as shown in step 256. The proxy server 110 transmits a notification about the second secure connection to the server 120, the control at step 258. The notification shall include whether the connection is successfully established, or an error has occurred, and it was not installed. In addition, the notification may include information about the second secure connection, such as the key material for encryption required for each of the many proxy servers 110a-n to communicate over the second secure connection.

After the first and second secure connection is established, data is encrypted and decrypted using the key material up until a secure connection will not be closed. Data can be received on one of the proxy when rweru 110a-n, as shown in step 260, from one of the client devices 126a-n according to the first secure connection. Data received through the first port of the proxy server 110. The proxy server 110 checks the destination address of the transmission data and transmits the data to the internal network 104 via the second secure connection with the second port, as shown in step 262. In the embodiment, the destination address may be the only network IP address for the internal network 104, which is one of the internal boundary routers 118a-n. In another embodiment, the destination address may be the address of the internal network to one of the internal servers 116, 118. During the above process, the proxy server 110 transmits the status indicators the server 120 management, notification server 120 management on the status of the first and second secure connections and data transfers, as shown in step 264. Proxy server 110a-n provides status indicators relating to the first and second secure connections, for example, when a secure connection is established, completed or during the establishment fails. The proxy server 110 also provides indicators of the status of the server 120 control when data begin, end or abort.

In the embodiment of the present from which Britania high availability data transmission is implemented in the network 102 perimeter using the method of load balancing between multiple proxy servers 110. Fig. 6 is a logic diagram of a variant of the method 300 for high availability and load balancing between a secure internal network and an unsecured external network in accordance with the present invention. At step 302, the request data is received from one of the client devices 126 in the external network 106. At step 304 one of the many proxy servers is selected to receive a request for data transfer on the basis of the list of available proxy servers and load balancing between multiple proxy servers 110a-n. Load balancing can be implemented through various ways, including balancing external boundary nodes 108 and load balancing by using method of clustering servers, as described in more detail below. In every way supported the list of available proxy servers 110a-n for load balancing. At step 306, the request data is transmitted to the selected one of the multiple available proxy servers 110a-n in the network 102 perimeter. At step 306, the proxy server 110 begins to establish a first secure connection with the client device 126 and then a second secure connection with one of the internal servers 116, 118. A secure connection can be established, as described above relative to Fig. 5.

At step 308 determines is settled and the first and second secure connection. In one embodiment, the server 120 performs control definition in response to a notice establishing a secure connection from the proxy server 110 or in response to the error message when establishing a secure connection from the internal server 116, 118. In other variants of implementation, the determination may be performed external boundary node 108 or internal boundary node 112, or internal servers 116, 118. When the first or second secure connection could not be set, determined whether there was a failure due to the proxy server 110, as shown in step 310. In one embodiment, the external edge nodes 108 see for proxy servers 110, to determine a failure of one of the proxy servers. In other embodiments, implementation of the node load balancer or proxy servers 110a-n watched the availability to determine the failure of the proxy server, as explained in more detail below. The proxy server may be unavailable because of a failure in the proxy server or communication with a proxy server or due to planned maintenance of the proxy server or other reasons that cause the failure of the proxy server to respond or to work effectively. When one of the many proxy servers 110 became unavailable, the proxy server is removed from the list of available proxy servers for load balancing n the load, as shown in step 312. The method then continues at step 314 attempting to install the first and second secure connections for data transfer.

When the first and second secure data connection is established, the proxy server 110 notifies the server 120 controls as shown in step 316. Data transfer begins, as shown at step 316. During data transmission server 120 management receives notification from the proxy server 110 and identifies any errors or interruption in the transmission data, as shown at step 318. When a failure or error does not occur, the data transfer is completed, as shown in step 320. When it detects the failure in the transmission data, warning, or notification is provided to the server 120 to re-start or repeated transmission data, as shown at step 322. At step 324 the system determines if one of the proxy servers 110 is not available. When one of the proxy servers 110a-n is determined as unavailable, then the proxy server is removed from the list of available proxy servers for load balancing, as shown in step 326. Data are then transferred again to one or more of the available proxy servers 110a-n, as shown at step 316.

In the embodiment, load balancing for high availability is implemented EXT is their boundary nodes 108a-n and the internal boundary nodes 112a-n. The routing table with a list of available proxy servers 110a-n for load balancing is supported by each of the external boundary nodes 108a-n and the internal boundary nodes 112a-n. Data balancing load between each of the available lots of proxy servers 110a-n external boundary nodes 108a-n and the internal boundary nodes 112a-n.

Fig. 7 is a block diagram of a variant of implementation of the external boundary node 108 that functions for load balancing in accordance with the present invention. External boundary node 108 includes a plane 338 data, which operates to switch the data input port 340a-n to the output ports 342a-n. External boundary node 108 also includes plane 344 administration, which operates to control the shifting of data in the plane 338 data. The control plane includes the module 350 processing, the application module 348 firewall and table 346 routing.

The plane 344 functions to update the table 346 routing using such standard protocols like routing information Protocol (RIP)Protocol internal routing between gateways (IGRP) and Protocol open shortest path routing (OSPF), or other protocols that provide message about updating routes or t is pelagii. When the outer edge node 108 receives the update message routes, which includes changes to the record, it updates its table 346 routing ( see table 1 below)to reflect the new route. Table 346 routing is also updated multiple accounts for a recipient, is determined when more than one route to the destination. For example, table 346 routing includes a mailing list with the address entry for the internal network 104. Table 346 routing then includes a list of available proxy servers 336 on the route to the destination on the internal network 104.

Table 1
An implementation option table entries 346 routing
Destination The list of available proxy servers 336
The address of the internal network 104 Through the address of the proxy server 110a
Through the address of the proxy server 110b
...
Through the address of the proxy server 110n

Additional addresses can be added to seconds additional available proxy servers 110. The list of available proxy servers 336 can be updated via standard routing protocols or through configuration by the system administrator. Table 346 routing may include one or more tables or databases that exist in formats other than the illustrated table, described in this document.

In operation, the outer edge node 108 maintains a list of available proxy servers 336 for recipient's internal network 104. External boundary node 108 uses the load-balancing algorithm to distribute data to the list of available proxy servers 336. The load balancing algorithm may be an algorithm circular service or a different algorithm depending on the desired implementation. Another common algorithm is load balancing based on the content request transmission of data, such as the IP address of the requesting or other information in the request.

The load-balancing algorithm can operate on the basis of each package or each recipient. Load balancing on packet boundary node transmits serial data packets during data transmission via different routes based on the load balancing algorithm. The edge node may choose to transmit one packet with the destination on the internal network 104 to the first proxy with whom rweru 110a-n, the second batch for the same destination - the second proxy server 110a-n, etc. load Balancing guarantees on packet load balancing on multiple proxy servers 110a-n in the internal network 104. Load balancing for each destination edge node distributes the packets based on the packet recipient in the transmission of data and load-balancing algorithm. Packets in the data transmission destination from the same source are transmitted to the same proxy server 110a-n. For example, the edge node sends the packet to the first destination on the internal network to the first proxy server 110a-n packets to the second destination on the internal network to the second proxy server 110a-n, etc.

When a request for data transfer from the internal network 104 arrives at the first port 340 external boundary node 108, the outer edge node 108 sends a request for data transfer through the serial port 342 to one of the many proxy servers 110 on the basis of the list of available proxy servers 336 and load-balancing algorithm.

Load balancing external boundary node 108 also provides high availability. When changes in routing or topology occur in the network, table 346 routing updates through the standard routing protocols or system administrator. In addition, the outer edge node 108 periodically the key tests communication with many proxy servers 110a-n, to determine their availability. When one of the many proxy servers 110a-n becomes unavailable, then the outside edge node 108 removes the address is not available, the proxy server from the list of available proxy servers 336 for load balancing in table 346 routing. Data is then transmitted only remaining available to one or more proxy servers 110. Data are not transmitted not available to the proxy server as long as the proxy server again becomes available and again is not added to the list of available proxy servers 336 for load balancing.

To provide additional protection, the outer edge node 108 includes an application module 348 firewall. Application module 348 firewall may be a separate device or may be combined with the external boundary node 108. Application module 348 firewall functions to prevent the sending TCP/IP packet data transmission to the addressee, if TCP/IP packets do not match the established rule set for the respective recipient. In the embodiment, the application module 348 firewall is an application to condition monitoring and rejects the TCP/IP packet, if it is not authorized by the rule set. If TCP/IP packet in the transmission data does not match an existing secure connection p is suchtelen package he will be evaluated according to a set of rules for new connections. If TCP/IP packet matches an existing secure connection based on a comparison with the state table in the application module 348 firewall, then TCP/IP packet data can pass.

Fig. 8 is a block diagram of a variant of implementation of the internal boundary node 112, functioning for load balancing in accordance with the present invention. Internal boundary node 112 also includes plane 338 data, which operates to switch data from input ports 354a-n to the output ports 356a-n. Internal boundary node 112 also includes plane 344 administration, which operates to control the shifting of data in the plane 338 data.

The plane 344 includes a module 358 processing, the application module 348 firewall and table 346 routing with a list of available proxy servers 336.

In operation, the inner edge node 112 uses the list of available proxy servers 336 for load balancing between the proxy servers 110 for recipients connected with the external network 106, such as client devices 126. When transmission request data from the client device 126 arrives at the first port 354 internal boundary node 112, the inner edge node 112 sends for the ROS data through another port 356 to one of the many proxy servers 110 on the basis of the list of available proxy servers 336 and load-balancing algorithm.

In the embodiment, the inner edge node 112 also includes an application module 352 network address translation (NAT). Application module 352 NAT may be a separate device or can be combined with internal boundary node 112. Application module 352 NAT helps to prevent the disclosure of internal network addresses of the internal network 104 network 102 perimeter or external network 106. Application module 352 NAT functions to provide a single network IP address for the internal network 104. Essentially, the proxy server 110 override incoming data over a secure connection on one network IP address of the internal network 104 and transmit data over the second secure connection. When data transfer to network IP address are accepted by the internal boundary node 112, the application module 352 NAT operates to broadcast the network IP address in one of the many internal IP addresses that correspond to the desired destination on the internal network 104. Thus, even proxy servers 110a-n do not have access to the internal IP address of the internal network 104, such as the IP address of the internal server 116 and the internal server 118.

Fig. 9 illustrates a logic diagram of a variant of the method 400 for high availability with load balancing through external boundary nodes 108 and internal Gras the ranks of the nodes 112 in the network 102 perimeter in accordance with the present invention. The method 400 begins with step 402 when the table 346 routing in the edge node or the external boundary node 108, or the inner edge node 112, is configured with a list of available proxy servers for load balancing 336 load. The list of available proxy servers 336 can be configured boundary node via standard routing protocols or through configuration by the system administrator. At step 402 boundary node accepts data and selects one of the many proxy servers 110a-n on the basis of the list of available proxy servers 336 and load-balancing algorithm. Because each of the many proxy servers 110a-n is essentially similar to the identification information, load balancing, data transmission can be performed between the proxy servers on the established secure connection. Edge node transmits data to the selected proxy server over a secure connection, as shown at step 406. At step 408 edge node monitors the status of many proxy servers 110a-n. To oversee proxy servers 110a-n, the boundary node periodically transmits a status message or checks communication with each of the proxy servers. When the return status message is not received after a predetermined period of time or the Isla status messages, then the edge node determines that the proxy server is not available, at step 410. The proxy server may be unavailable, for example due to refusal proxy refusal communication with a proxy server, scheduled maintenance, proxy, etc. In addition to the observation of proxy servers boundary node can determine that the proxy server is unavailable, in response to the routing message according to standard routing protocols or configuration by the system administrator.

When one of the proxy servers 110a-n becomes unavailable, then the boundary node updates table 346 routing and remove unavailable proxy server from the list of available proxy servers 336, as shown in step 412. The edge node then selects only the proxy server 110a-n for receiving transmission data which remains in the list of available proxy servers 336, as shown in step 414. At step 416 unavailable proxy is observed to determine whether it is still available. When it becomes available again, the proxy server is added to the list of available proxy servers 336, as shown in step 418. The transmitted data can then be received by the proxy server based on the list of available proxy servers 336 and load-balancing algorithm, as shown in step 404.

Other methods for providing balancing on the power load and high availability for multiple proxy servers can also be implemented in accordance with the present invention. Fig. 10 is a schematic representation of another embodiment of the network architecture for data with high availability and load balancing with multiple proxy servers between a secure internal network and an unsecured external network in accordance with the present invention. In the embodiment of Fig. 10 one or more nodes 440a-n load balancing is connected between the external boundary nodes 108a-n and lots of proxy servers 110a-n. One or more nodes 442a-n load balancing can also be placed between the internal boundary nodes 112a-n and lots of proxy servers 110a-n. Nodes 440, 442 load balancing include a processing module and the load balancer module, which function to implement load balance algorithms. The load balancer module also includes a list of available proxy servers 336.

Fig. 11 is a block diagram of a variant of the method 460 data with load balancing and high availability using nodes 440, 442 load balancing. At work, many proxy servers 110a-n function as a cluster of servers to provide load-balancing capabilities of the transmission of data through the nodes 440, 442 load balancing. At step 462 nodes 440, 442 load balancing function is AK, to detect the current load proxy servers 110a-n. At step 464 nodes 440, 442 load balancing distributes data to be transmitted between multiple proxy servers 110a-n in accordance with the load balancing algorithm and a list of available proxy servers 336. At step 466 nodes 440, 442 load balancing direct data transfer of the selected proxy server. At step 468 nodes 440, 442 load balancing also monitor the availability of many proxy servers 110a-n. At step 470 nodes 440, 442 load balancer determines whether one of the many proxy servers available. When the availability of the proxy server is changed, the load balancing nodes update the list of available proxy servers 336, as shown in step 472. For example, nodes 440, 442 load balancing can delete or add a proxy server 110a-n from the list of available proxy servers 336, when the proxy server 110a-n changes the availability status. Nodes 440, 442 load balancer then distributes the data available to the nodes in accordance with the load balancing algorithm and a list of available proxy servers, as shown in step 474. In addition, can also be determined, is whether one of the nodes 440a-n, 442a-n load balancing is not available. The determination may be performed by other nodes load balancing, the cat is who watch each other, or system administrator who receives notifications or warnings from nodes 440, 442 load balancing. When the load balancing host becomes unavailable, the remaining nodes 440, 442 load balancing can continue to provide high availability of data, as shown in step 478. Nodes 440, 442 load balancing, thus, guarantee a high availability data network 102 perimeter.

Fig. 12 is a block diagram of a variant of implementation of the clustering proxy servers for load balancing and high availability in accordance with the present invention. In the embodiment of Fig. 12 each of the many proxy servers 110a-n includes a module 450a-n cluster management. Modules 450a-n cluster-control hold state or the list of available proxy servers 336 in the cluster. Modules 450a-n cluster management function to communicate over a network 474 connecting multiple proxy servers 110a-n.

Fig. 13 is a logical block diagram of a variant of the method 480 clustering proxy servers, functioning to provide load balancing and high availability in accordance with the present invention. In operation, the modules 450a-n cluster management communicate to races is Radelet load data transfers between the available proxy servers 110a-n in the cluster, as shown in step 482. Modules 450a-n cluster management periodically transmit status messages, such as periodic control messages, other modules 450a-n cluster management to detect any failures in many proxy servers 110a-n, as shown in step 484. At step 486 module 450 cluster management determines whether one of the proxy servers is unavailable. The determination may be in response to a failure of communication with a proxy server during the time period, or other indicators. When the module 450 management cluster detects that another proxy server is not available, it sends an update message to other proxy servers, as shown in step 488. Each proxy server updates its list of available proxy servers 336 to remove unavailable proxy server, as shown in step 490. Thus, when one of the many proxy servers 110a-n is unable to respond, the proxy server is removed from the cluster and the list of available proxy servers 336 in each module 450a-n cluster management. Modules 450a-n cluster management remaining available proxy servers then initiate the process of failover failover, as shown in step 492. For example, when the proxy server 110 becomes unavailable, data, managed by the proxy server are forwarded to one or more DOS is available proxy servers in the cluster. When it is determined that the proxy server becomes available again, at step 494, the modules 450a-n cluster management add proxy server 110 in the list of available proxy servers 336, as shown in step 496, and resource groups are moved back to the available proxy server.

Network architecture and methods in accordance with the variants of implementation of the present invention provide a high level of availability and security for data transmission between a secure internal network and an insecure external network. Data protection helps to protect the internal network from unauthorized data transfers and intrusions.

Module 170, 184, 350 and 358 processing in the various devices described herein can be a single processing device or multiple processing devices. Such a processing device may be a microprocessor, microcontroller, digital signal processor, microcomputer, Central processing unit, a user-programmable gate matrix, programmable logic device, state machine, logic circuits, analog circuits, digital circuits, and/or any device that manipulates signals (analog and/or digital) based on hard coding of the circuitry and/or operational instructions. The processing module may have an internal memory and/is whether connected with the external memory. Internal or external memory, each may be a single storage device or multiple storage devices. Such a storage device may be read-only memory, random access memory device, a volatile memory, non-volatile memory, static memory, dynamic memory, flash memory, cache memory, and/or any device that stores digital information. Note that when the processing module implements one or more of its functions via a state machine, analog circuitry, digital circuitry and/or logic circuits, memory, preserving the corresponding operational instructions may be embedded or to be external to the schema that contains the state machine, analog circuit, digital circuit and/or logic. Additionally, we note that the internal memory and/or external memory stores, and the module 170, 184, 350 and 358 processing in various devices performs hard-coded and/or operational instructions corresponding to at least some of the steps and/or functions illustrated in Fig. 1-13 relative to their corresponding device.

When it can be used in this document, the expression "functioning so that indicates that the object includes one or more processing modules, the data in the od(s), output(s), etc. to perform one or more of the described necessary or appropriate functions, and may further include a logical relationship with one or more other objects in order to perform necessary or appropriate functions. As can be further used herein, the phrase "associated with" includes direct and/or indirect relationship of the individual data and/or the same data included in another object.

The present invention has also been described above with steps of the method, illustrating the performance of specific functions and their relationship. The boundaries and sequence of these functional building blocks and steps of the method have been arbitrarily defined herein for the convenience of description. Alternative boundaries and sequences can be determined until specific functions and interactions are performed properly. Any such alternate boundaries or sequence, thus, are within the framework and in conformity with the spirit of the claimed invention.

The present invention has been described using functional blocks constituting illustrating perform certain important functions. The boundaries of these functional components of the blocks have been arbitrarily defined for convenience of description. Alternative boundaries may be defined, while certain important functions are performed properly. Similarly, blocks of the flowchart of the sequence of operations could also be arbitrarily defined in this document to illustrate some important functionality. When used, the boundaries and sequence of the blocks of the flowchart of the sequence of operations could be defined differently and to do some significant functionality. Such alternative definitions of the functional components of the blocks and blocks of the block diagrams and sequences, thus, are within the framework and in conformity with the spirit of the claimed invention. Ordinary specialist in the art also will understand that the functional building blocks and other illustrative blocks, modules, and components herein can be implemented as illustrated, or through one or multiple discrete components, networks, systems, databases or processing modules executing appropriate software and the like, or any combination thereof.

When it can be used in this document, the expression "essentially" provides industry-accepted limits for the corresponding term and/or relations between objects. When can also be used in this document, the expression is of(I) "connected to" and/or "connecting" includes a direct connection between objects and/or indirect coupling between items via a proxy object (for example, the object includes, but not limited to, component, element, circuit, interface, module, node, network, and so on).

1. A secure transmission method containing the steps are:
- take indicator on the transfer of data from the external network at the network perimeter, and the perimeter network includes one or more external boundary nodes, one or more internal boundary nodes and lots of proxy servers, connected between one or more external boundary nodes and one or more internal boundary nodes;
- choose one of the many proxy servers to receive data via the first secure connection, with many proxy servers configured using essentially the same configuration information;
- take at least part of the data transmitted by the first secure connection through one or more external boundary nodes and the selected proxy server; and
- when the selected proxy server becomes unavailable, choose another of the many proxy servers to receive the remaining part of the data transferred by the first secure connection.

2. The method according to claim 1, further comprising stages, which are:
- transfer data from the selected one of the many proxy servers in the internal network protected by the second connected to the Y.

3. The method according to claim 2, additionally comprising stages, which are:
- establish a first secure connection, with the first secure connection includes a stage on which provide identification through one of the many proxy servers, which includes, essentially the same configuration information; and
- establish a second secure connection, while adding a second secure connection includes a stage on which provide identification through one of the many proxy servers, which includes, essentially the same configuration information.

4. The method according to claim 3, in which the identification is a digital certificate for authentication, and in which, essentially the same configuration information includes identification information.

5. The method according to claim 3, in which the identification is a digital certificate for authentication, and in which, essentially the same configuration information includes information encryption.

6. The method according to claim 4, additionally comprising stages, which are:
- when the first secure connection and the second secure connection is not established successfully, determine whether one of the many proxy servers available; when one of the many proxy servers available, remove unavailable proxy server from the list of available proxy servers; and
- establish a first secure connection and the second secure connection with one of the remaining one or more of the available proxy servers.

7. The method according to claim 1, in which the choice of one of the many proxy servers to receive data via the first secure connection includes a step in which:
- choose one of the many proxy servers to receive the data transmission on the basis of the list of available proxy servers for load balancing and load balancing algorithm between multiple proxy servers.

8. The method according to claim 7, additionally comprising stages, which are:
- maintain a list of available proxy servers for load balancing; and,
when one of the many proxy servers becomes unavailable, remove unavailable proxy server from the list of available proxy servers for load balancing.

9. The method of claim 8 in which each of the one or more external boundary node maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive the data transmission on the basis of the list of available proxy servers for load-balancing algorithm and load balancing is.

10. The method according to claim 9, in which one or more load balancing nodes, connected between one or more external boundary nodes and lots of proxy servers, maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive the data transmission on the basis of the list of available proxy servers for load balancing and load balancing algorithm.

11. The method according to claim 10, in which each of multiple proxy servers includes a control module cluster, which maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive the data transmission on the basis of the list of available proxy servers for load balancing and load balancing algorithm.

12. Network system, comprising:
one or more external boundary nodes, which are connected with the external network;
one or more internal boundary nodes connected to the internal network; and
many proxy servers, connected between the external boundary nodes and internal boundary nodes, where each of the set of proxy functions to accept data on the first secure connection from the external network and transfer data according to the second secure connection is s internal network.

13. Network system according to item 12, in which each of the one or more external boundary node maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive data on the first secure connection, based on the list of available proxy servers for load balancing and load balancing algorithm.

14. The network system of item 13, in which each of the one or more external boundary nodes operates to monitor the status of multiple proxy servers, and when one of proxy servers becomes unavailable, removes unavailable proxy server from the list of available proxy servers for load balancing.

15. The network system 14, in which each of the one or more internal boundary node maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive the data transmission on the second secure connection, based on the list of available proxy servers for load balancing and load balancing algorithm.

16. The network system of item 12, further comprising:
one or more load balancing nodes, connected between one or more external boundary nodes and lots of proxy servers, one or b is more of the load balancing nodes maintains a list of available proxy servers for load balancing and selects one of the many proxy servers, to take data on the first secure connection, based on the list of available proxy servers for load balancing and load balancing algorithm.

17. The network system of item 16, further comprising:
one or more load balancing nodes, connected between multiple proxy servers and one or more internal boundary nodes, one or more nodes of the load balancer maintains a list of available proxy servers for load balancing and selects one of multiple proxy servers to receive the data transmission on the second secure connection, based on the list of available proxy servers for load balancing and load balancing algorithm.

18. Network system according to item 12, in which each of multiple proxy servers includes a control module cluster, which maintains a list of available proxy servers and chooses one of multiple proxy servers to receive the data transmission on the basis of the list of available proxy servers.

19. The network system of item 12, further comprising:
a management server connected with lots of proxy servers, the management server configures each of the multiple proxy servers with the help of essentially identical configuration information for establishing pervogo second secure connections.

20. Network system according to claim 19, in which the management server includes:
- configuration database that stores configuration information for multiple proxy servers; and
- catalog database of authorized users on the internal network.

 
© 2013-2014 Russian business network RussianPatents.com - Special Russian commercial information project for world wide. Foreign filing in English.