Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Using a SOCKS tunnel for remote authentication

IP.com Disclosure Number: IPCOM000018743D
Original Publication Date: 2003-Aug-05
Included in the Prior Art Database: 2003-Aug-05
Document File: 2 page(s) / 53K

Publishing Venue

IBM

Abstract

We propose a SOCKS tunnel; this will operate at a gateway from a client intranet, and permit a standard SOCKSified client to authenticate itself directly with a SOCKS proxy at a remote server site. Once a SOCKS tunnel is deployed for a client intranet, this permits powerful authentication from any client within the client intranet to a remote site. No deployment is required for each individual client beyond standard SOCKSification.

This text was extracted from a PDF file.
At least one non-text object (such as an image or picture) has been suppressed.
This is the abbreviated version, containing approximately 55% of the total text.

Page 1 of 2

Using a SOCKS tunnel for remote authentication

A SOCKS proxy is a network service, used within a firewall to control access to applications on an external network. Most SOCKS proxies are based on the SOCKS V5.0 protocol (see RFC 1928 "SOCKS Protocol Version 5"), which is an extension of the SOCKS V4.0 protocol, to include userid authentication, amongst other enhancements. RFC 1929 "Username/Password Authentication for SOCKS V5" defines the userid authentication in more detail.

    A SOCKS V5.0 proxy can provide a local authentication process to go out through a firewall to access a remote application, but the remote application may need to perform it's own authentication. A SOCKS tunnel would allow the SOCKS handshaking process to be performed remotely, using the same authentication process as a SOCKS proxy.

    A remote gateway can be replaced with a SOCKS proxy, using existing protocols to perform authentication.

    A client using standard socksification can benefit from a SOCKS tunnel without making any changes.

    A socksified client can send a userid and password as part of the Socks handshaking process, to the SOCKS proxy. It is the responsibility of the SOCKS proxy to perform authentication with the supplied userid and password and either reject or accept the connection request. The socksified client has previously been configured with a known userid and password.

    Within an enterprise solution, a client may need to access a remote application across an external network.In the following sample network diagram, the remote gateway relies on the SOCKS proxy, local to the client application, to perform authentication. In fact, the remote gateway may even perform its own authentication, based on the client connection request properties, for example, client IP address and port address.

DMZ

SOCKS Remoteproxy server

Intranet

Intranet

Internet

Firewall Firewall

Firewall

DMZ

auth req

data

auth ok

Firewall

data data

    This invention is for the...