| 摘要 |
<p>In a method of establishing a secure data connection, a corporate computer network comprises a LAN to which is connected a first, second and third client computer. At the boundary of the corporate computer network is a firewall computer (hereinafter simply referred to as 'the firewall'). The firewall is configured to prevent incoming data connections being made to the LAN from outside of the corporate computer network. As well as preventing incoming communications with the LAN, the firewall is also configured to control connections requested from within the corporate computer network to external computers. Indeed, for security purposes, the firewall is configured to require authentication of such requests for an external connection (i.e. to verify who is actually making the request) prior to establishing the external connection. This authentication is performed using the SSL protocol. In this case, the Java Secure Sockets Extension (JSSE) version of SSL is used. Multiple SSL sessions are used, firstly to obtain the necessary authentication of the relevant client computer to the firewall, and then to obtain a secure connection between the client computer and a destination computer. These multiple SSL sessions are set-up in a nested manner, the general method being applicable to situations where a larger number of SSL sessions are required. <IMAGE></p> |
