1. Technical Field
The present invention relates generally to the exchange of data between networks. More particularly, the invention relates to sending information beyond a firewall.
2. Related Art
Firewalls, while protecting data behind them, can be cumbersome to coordinate during the transfer of information between networks using them. Generally, port 80 or 8080 is open to traffic sent to and received from the Internet. To establish a path of communication between computers separated by a firewall, either additional ports need to be opened or a Virtual Private Network (VPN) by Alcatel Data Network, U.S. Pat. No. 5,768,271, with additional open ports needs to be established. Due to regulations imposed by a company's information system department preventing reduced security, it may not be possible to establish a VPN due to requirements to modify a firewall or open additional ports for a direct connection between the clients. Accordingly, a system is needed to permit communication between two computers in which one or more firewalls exist between them that is easy to establish and maintain without affecting the security features of the existing firewalls as well as efficiently transferring data between end users.
In short, if two computers are each behind firewalls, there is no way for them to exchange data directly because firewalls hide them from each other and from the public Internet. By placing a server on the public Internet, both computers can access the public server and the public server can relay the data between the two computers. The Hyper-Text Transfer Protocol (HTTP) allows bi-directional communication between a computer behind a firewall and an HTTP server computer on the other side of the firewall (usually on the public Internet). HTTP does not allow communications between two computers, each behind their own firewalls as it is always a client-server/server-client communication paradigm. At least one problem associated with repeated posting and retrievals is the number of delays associated with attempting to retrieve repeatedly posted information. Simply put, having a sender post information, the central server expose the information for downloading, then waiting for an end user to download the posted information leads to undesirable delays.
U.S. Pat. No. 6,104,716 to Crichton et al. relates to SOCKs-aware firewall, server and clients. One of the difficulties with the approach used in this patent is the need to modify the various transmitting and receiving entities to accommodate SOCKs as well as permit firewalls to accommodate SOCKs requests to open holes in the firewalls. However, firewall administrators do not want to permit programs to open new holes in firewalls, as this lessens the security provided by the firewall. Notably, Crichton requires the modification of the firewalls to be SOCKs-compatible. The proxy software communicates with the SOCKs proxy software existent on the firewall. Without the SOCKs proxy software on the firewall, Crichton's communications are disabled or cannot be established. This requirement of the SOCKs proxy software forces firewall administrators to explicitly configure the firewall and maintain a list of authorized users to enable SOCKs communications.
Internet Relay Chat (IRC) is another data transfer system using the Internet that end users may use to communicate with each other. However, IRC fails to protect the exchanged messages as they are transmitted without encryption. Further, various intermediary servers that intercept the chat messages may determine the sender's address, the receiver's address, and the content of the message. In some cases, the combination of these three pieces of information is sensitive if not confidential, thereby rendering this process unusable for information that needs to remain secure. Accordingly, IRC does not provide a satisfactory level of encryption for information. In addition, IRC protocol typically communicates uses TCP port 194, which is often blocked by network firewalls.