1. Technical Field
The invention relates to communication on an electronic network. More particularly, the invention relates to a method and system for sending documents through a firewall and/or proxy server to a recipient on the Internet.
2. Description of the Prior Art
The Internet is increasingly being used for communications. It is now possible on the Internet for a sender to direct a document to a specific recipient, regardless of platform, operating system, or email system. Such communication is possible even when the recipient is not a computer but, rather, a fax machine or printer connected to the Internet.
In many instances, the sender of a document will reside on a local area network, referred to as an intranet. The sender""s computer may be connected to the Internet directly, or through the intranet""s server. An intranet is frequently protected and insulated from the Internet by a firewall or proxy server. A firewall is software and/or hardware which limits access to an intranet or a desktop computer. A proxy server is dedicated software and/or hardware which intercepts requests between machines running inside an intranet and machines outside the intranet.
Such firewall provides one or more of a few basic services. First, a firewall prevents intranet users from accessing specific information on the Internet. Thus, an office worker is restricted from accessing non-work-related Internet sites. Second, a firewall restricts outside access to the information available on the intranet. Third, a firewall prevents intranet users from sending confidential information from the intranet to the Internet. Typically, blocking unsolicited outside access to the intranet also blocks information transfer from intranet to Internet.
Various methods have been used to transfer data on the Internet between intranets protected by firewalls. One such method is the key management scheme described in Aziz, Method and Apparatus for Key-Management Scheme for Use With Internet Protocols at Site Firewalls, U.S. Pat. No. 5,416,842 (May 16, 1995). In this method, intersite traffic is encrypted at the Internet Protocol (IP) layer by using a Skip scheme to prevent detection of a source and destination address of a communicating node.
IP packets are encrypted only from site firewall to site firewall, such that only firewall servers need to participate in the Skip scheme. When a firewall receives from an interior site node an IP packet intended for a remote firewall, it encrypts the IP packet and sends it encapsulated in another IP packet destined for the remote firewall. The remote firewall decrypts the encapsulated packet and sends it in the clear to the destination node on the interior side of the remote firewall.
Such method, however, requires the encrypted IP packet to be received by a remote firewall server that is configured to decrypt the packet. The encrypted information cannot be directly sent to a computer or intranet system that does not use such firewall server, or to a device such as a fax machine or printer.
A security system for connecting computer networks is described in Gelb, Security System for Preventing Unauthorized Communications Between Networks by Translating Communications Received in IP Protocol to Non-IP Protocol to Remove Address and Routing Services Information, U.S. Pat. No. 5,550,984 (Aug. 27, 1996). However, Gelb does not address how documents may be sent through a firewall or proxy server.
It would therefore be an advantage to provide a method and system for sending documents through a series of firewalls and/or proxy servers. It would be a further advantage if such method and system permitted the documents to be transmitted to a device such as a fax machine or a printer. It would be yet another advantage if such method and system did not require the receiving computer of device to be served by a decrypting firewall.
The invention provides a method and system for sending documents from a desktop computer inside an intranet through a series of firewalls and/or proxy servers to a server residing on the Internet. Firewalls presume that HTTP for textual data is a valid operation that allows users to fill in HTML forms. Thus, firewalls do not block HTTP for textual data. The invention circumvents the security provided by firewalls by using this feature of HTTP to move a document through the firewall.
A computer in an intranet system protected by a firewall or proxy server uses a software application to access the Internet. The software also encodes binary data to be sent as text. This binary data may be subdivided into smaller text packets. The text packets are sent, using HTTP, to a server outside the firewall, which has been configured to accept such text packets. The server converts the text packets back to the original binary data representation. The binary data, once resident on the internet server, can then be forwarded directly to other internet servers, internet desktop computers, printers, or fax machines.