1. Field of the Invention
This invention relates to communications in networks. In particular, the invention relates to a system and method for remotely accessing a home server while preserving end-to-end security.
2. Description of Related Art
Home networking is a fast emerging trend spurred by the availability of broadband access and networked devices for use in the home or office. Small office/home office (SOHO) and residential computers may permanently connect to external networks such as the Internet via these broadband connections. The computers within a SOHO or a residential environment can be connected together by private or home networks to share resources including the broadband connection. A private/home network can be connected to the broadband connection via a gateway device such as a personal computer running gateway software or a special purpose gateway device. A common configuration that is seen in private/home networks involves an Internet Gateway device (IGD) running Network Address Translation (NAT) software.
Basically, gateways utilizing NAT allow a user to share a public (routable) Internet Protocol (IP) address obtained from an Internet Service Provider (ISP) between multiple IP devices that use private (non-routable) IP addresses in the private/home network. Gateways using NAT map connections from within the private network to connections outside the network to the Internet. NAT allows the private network to set up one set of Internet Protocol (IP) addresses for use on the private network and another set of IP addresses (typically one) for use on the Internet. The IP addresses for use on the private network are reserved IP addresses set aside for use on the private network and are not valid routable IP addresses on the Internet.
Thus, currently, private/home networks work fine for applications that initiate connections to the Internet (e.g. a Web browser). Unfortunately, an application (like a Web server) cannot service connections that originate from the Internet, because NAT blocks all incoming connections. Moreover, although there are some work-around solutions being proposed to remedy this, they either require re-configuration of the IGD or the splitting of the point-to-point session by an intermediary system, thus breaking end-to-end security models.