On-premises data access and firewall tunneling

US 10,038,673 B1
Filed: 11/16/2016
Issued: 07/31/2018
Est. Priority Date: 10/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a notification server, an initialization request from a host device situated behind a network separation device;

transmitting a plurality of keep-alive packets between the host device and the notification server such that the plurality of keep-alive packets maintain an open communication channel between the notification server and the host device through the network separation device;

receiving, by the notification server, a first message including a host identifier identifying the host device, the first message received responsive to a client requesting access to data from the host device; and

sending, by the notification server, a second message through the open communication channel, which is maintained by the keep-alive packets, to the host device, the host device initiating a pass-through channel subsequent to receiving the second message, wherein the client may communicate with the host device via the pass-through channel.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for tunneling through a network separation device such as a firewall or a Network Address Translator including a first server receiving an access request from a client device to communicate with a host device, where the host device is behind the network separation device. The first server sending a message to a second server in response to receiving the access request, the message including host data for the host device. The second server is configured to send a notification to the host device, and the notification includes instructions for the host device to initialize a pass-through channel with the first server. The first server receiving a pass-through initialization request from the host device and establishing the pass-through channel for communication between the client device and the host device in response to receiving the pass-through initialization request.

33 Citations

20 Claims

1. A method comprising:
- receiving, by a notification server, an initialization request from a host device situated behind a network separation device;
  
  transmitting a plurality of keep-alive packets between the host device and the notification server such that the plurality of keep-alive packets maintain an open communication channel between the notification server and the host device through the network separation device;
  
  receiving, by the notification server, a first message including a host identifier identifying the host device, the first message received responsive to a client requesting access to data from the host device; and
  
  sending, by the notification server, a second message through the open communication channel, which is maintained by the keep-alive packets, to the host device, the host device initiating a pass-through channel subsequent to receiving the second message, wherein the client may communicate with the host device via the pass-through channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the first message is received by the notification server from an on-premise server responsive to the client requesting access to the data from the host device.
  - 3. The method of claim 2, wherein the client requests access to the data from the host device using an HTTP request.
  - 4. The method of claim 1, wherein the second message includes instructions to configure the pass-through channel such that the client may communicate with the host device via the pass-through channel by receiving a query initiated by the client and sending a response from the host device.
  - 5. The method of claim 1, wherein maintaining the open communication channel includes exchanging the plurality of keep-alive packets at a frequency less than a timeout period.
  - 6. The method of claim 1, wherein the plurality of keep-alive packets are transmitted bidirectionally between the host device and the notification server.
  - 7. The method of claim 1, wherein the plurality of keep-alive packets are transmitted unidirectionally from one of the host device to the notification server and the notification server to the host device.
  - 8. The method of claim 1, wherein the initialization request includes host data associated with the host device and the notification server is further configured to:
    - register the host data associated with the host device responsive to receiving the initialization request from the host device.
  - 9. The method of claim 8, wherein the notification server is further configured to:
    - determine that the host device has host data registered responsive to receiving the first message; and
      
      determine that the open communication channel between the notification server and the host device is maintained responsive to receiving the first message.
  - 10. The method of claim 1, wherein the network separation device is one of a firewall and a network address translator.

11. A system comprising:
- a notification server comprising a processor and a memory, wherein the notification server is configured to;
  
  receive an initialization request from a host device situated behind a network separation device;
  
  transmit a plurality of keep-alive packets between the host device and the notification server such that the plurality of keep-alive packets maintain an open communication channel between the notification server and the host device through the network separation device;
  
  receive a first message including a host identifier identifying the host device, the first message received responsive to a client requesting access to data from the host device; and
  
  send a second message through the open communication channel, which is maintained by the keep-alive packets, to the host device, the host device initiating a pass-through channel subsequent to receiving the second message, wherein the client may communicate with the host device via the pass-through channel.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The system of claim 11, wherein the first message is received by the notification server from an on-premise server responsive to the client requesting access to the data from the host device.
  - 13. The system of claim 12, wherein the client requests access to the data from the host device using an HTTP request.
  - 14. The system of claim 11, wherein the second message includes instructions to configure the pass-through channel such that the client may communicate with the host device via the pass-through channel by receiving a query initiated by the client and sending a response from the host device.
  - 15. The system of claim 11, wherein maintaining the open communication channel includes exchanging the plurality of keep-alive packets at a frequency less than a timeout period.
  - 16. The system of claim 11, wherein the plurality of keep-alive packets are transmitted between the host device and the notification server one of unidirectionally and bidirectionally.
  - 17. The system of claim 11, wherein the initialization request includes host data associated with the host device and the notification server is further configured to:
    - register the host data associated with the host device responsive to receiving the initialization request from the host device.
  - 18. The system of claim 17, wherein the notification server is further configured to:
    - determine that the host device has host data registered responsive to receiving the first message; and
      
      determine that the open communication channel between the notification server and the host device is maintained responsive to receiving the first message.
  - 19. The system of claim 11, wherein the network separation device is one of a firewall and a network address translator.

20. A method comprising:
- receiving, by a notification server, an initialization request from a host device situated behind a network separation device, the initialization request including host data associated with the host device;
  
  registering, by the notification server, the host data associated with the host device;
  
  transmitting a plurality of keep-alive packets between the host device and the notification server such that the plurality of keep-alive packets maintain an open communication channel between the notification server and the host device through the network separation device responsive to receiving the initialization request;
  
  receiving, by the notification server, a first message including a host identifier identifying the host device, the first message received responsive to a client requesting access to data from the host device;
  
  determining, by the notification server, that the host device is registered by using the host identifier to identify the registered host data associated with the host device;
  
  determining, by the notification server, that the open communication channel between the notification server and the host device is maintained; and
  
  sending, by the notification server, a second message through the open communication channel, which is maintained by the keep-alive packets, to the host device, the host device initiating a pass-through channel subsequent to receiving the second message, wherein the client may communicate with the host device via the pass-through channel.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Progress Software Corporation
Original Assignee
Progress Software Corporation
Inventors
Hensley, John Alan, Fischer, Robert
Primary Examiner(s)
Su, Sarah

Application Number

US15/353,588
Time in Patent Office

622 Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/2553   Binding renewal aspects, e....

H04L 61/256   NAT traversal

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 67/145   avoiding end of session, e....

On-premises data access and firewall tunneling

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

33 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

On-premises data access and firewall tunneling

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links