1. Field of the Invention
The present invention relates generally to techniques for data communication, and more specifically to a method and system for extending a communication port over a general purpose network that may include a firewall.
2. Description of the Prior Art
Many devices have imbedded computers or processors that can communicate with a software application running on a personal computer (PC). Examples of such devices include climate control systems, appliances, vending machines, alarm systems, and other similar systems that can have their operation configured or monitored through a data communication connection with a personal computer (PC). The data communication connection typically uses a short range communication link, which may use a cable connected from a communication port on the PC to a compatible communication port on the device.
A common communication port or interface used for communicating with devices is an Electronic Industries Alliance (EIA) standard RS-232 port, which provides a means for establishing a serial communication link using a cable. Serial cable communication links are common because they are simple and inexpensive. However, other types of communications ports may be used in special situations. For example, when increased data transfer speed is needed, a parallel communication port may be selected. Examples of parallel communication ports include the American National Standards Institute (ANSI) small computer system interface (SCSI) port and the Centronics industry standard parallel protocol interface commonly referred to as the parallel printer port. In situations where it is difficult to run wires, a radio frequency or infrared communications port may be used. When electrical interference on a communication cable is likely, an optical communications port may be used.
The communication links used to communicate with the devices frequently requires the PC to be close to the equipment, such as when a service person travels to the device to make a service call. To reduce the need to take a PC to the device, it is desirable to communicate with the device over long distances as if the PC and device were close enough to connect with a cable. This would allow a single worker at home or at a remote location to configure devices that once required long business trips, or required a team of workers providing local configuration for each device.
There are several methods of providing serial communications over long distances. For example, modems have provided connectivity for many years. However, a modem connection requires a dedicated phone line run to the device, and a modem at both ends of the connection. Modems also require a significant amount of time to dial and establish the connection. A modem typically handles only one connection at a time.
With the Internet bringing global connectivity to computers and devices everywhere, it is possible to connect a device's serial port to the Internet and access it from anywhere in the world. U.S. Pat. No. 6,047,319 to Olson describes a method for extending a communications interface from a client PC to a remote device using a computer network, such as the Internet. Olson solves the problem of extending a communications interface from a client to a device when the device's network address is visible or available to the client on a computer network. However, if the device is located behind a firewall that blocks or otherwise prevents attempts to establish a connection, the device will not be visible to the client and the system will fail.
A firewall is a common networking tool used to isolate and protect smaller sub-networks from malicious users or programs on a larger, connected computer network. A network administrator can configure a firewall to allow only certain types of connections to occur through the firewall. In one firewall configuration, no device outside the firewall can initiate a connection with a device inside the firewall. However, the firewall may let devices inside the firewall initiate connections with devices outside the firewall. Once a connection has been initiated, the two devices can communicate bi-directionally. An example of a connection would be a web browser on a PC inside a firewall that requests a web page from a known web server on the Internet outside the local firewall protected network. The web server can only send the web page back to is the PC's web browser if it is using the connecting that the web browser first established.
In another firewall configuration, devices inside the firewall are not allowed to initiate a connection to devices outside the firewall. Instead, a local proxy server inside the firewall is granted special privileges by the firewall and is used to connect to devices outside the firewall. Devices inside the firewall can ask the proxy server to connect to devices on their behalf. Furthermore, a proxy server is usually set up to allow only requests that use the HTTP protocol (the protocol used by web browsers and web servers) to access the outside network.
A possible solution for connecting to devices behind a firewall is to modify the firewall so that it does not block outside connection requests aimed at a specific IP address or a specified port on the firewall. However, this requires the network administrator to loosen the network security settings, effectively creating a hole or a point of vulnerability in the wall. This problem grows larger as the number of devices requiring a special hole in the firewall increases. The situation can become politically difficult if the owner of the device is not affiliated with the owner of the network to which the device is connected.
U.S. Pat. No. 6,601,086 to Howard et al. describes a system for communicating with embedded devices over a network using a centralized server. The embedded devices can be connected to the central server via the Internet. Client applications can access the central server from anywhere on the Internet and ask the server to perform a task involving an embedded device on behalf of the client. This task can be sending data to an embedded device or retrieving data from an embedded device. The advantage of the Howard invention is that the client and embedded device do not need to be able to see each other on the Internet and can therefore be located behind firewalls. However, Howard does not extend a communications interface from the client PC to the device. The interface with the device is between an application on the central server and the device, and the client merely controls an application on the central server.
Therefore, it should be apparent that a need exists for an improved method and system that extends the communication of a port on a computer so that an application on the computer for communicating with equipment can communicate with remotely located equipment via a general purpose network, wherein the equipment may be protected by a firewall.