On-premises data access and firewall tunneling

US 10,623,377 B1
Filed: 07/16/2018
Issued: 04/14/2020
Est. Priority Date: 10/15/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

transmitting, by a host device situated behind a network separation device, an initialization request to a server, the initialization request initiating a first channel associated with the host device and the server through the network separation device;

receiving, by the host device, a notification message from the server via the first channel, the notification message indicating that a client device is requesting to communicate with the host device;

responsive to receiving the notification message via the first channel, initiating, by the host device, a second channel associated with the host device and the client device through the network separation device; and

communicating data between the host device and the client device via the second channel.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for tunneling through a network separation device such as a firewall or a Network Address Translator including a first server receiving an access request from a client device to communicate with a host device, where the host device is behind the network separation device. The first server sending a message to a second server in response to receiving the access request, the message including host data for the host device. The second server is configured to send a notification to the host device, and the notification includes instructions for the host device to initialize a pass-through channel with the first server. The first server receiving a pass-through initialization request from the host device and establishing the pass-through channel for communication between the client device and the host device in response to receiving the pass-through initialization request.

54 Citations

20 Claims

1. A method comprising:
- transmitting, by a host device situated behind a network separation device, an initialization request to a server, the initialization request initiating a first channel associated with the host device and the server through the network separation device;
  
  receiving, by the host device, a notification message from the server via the first channel, the notification message indicating that a client device is requesting to communicate with the host device;
  
  responsive to receiving the notification message via the first channel, initiating, by the host device, a second channel associated with the host device and the client device through the network separation device; and
  
  communicating data between the host device and the client device via the second channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the server is configured to:
    - responsive to receiving the initialization request from the host device, register host data of the host device with the server.
  - 3. The method of claim 2, wherein the host data of the host device includes one or more of a host identifier of the host device and a connection port on which the host device is connected to the server.
  - 4. The method of claim 1, further comprising:
    - maintaining the first channel between the host device and the server using one or more keep-alive packets.
  - 5. The method of claim 4, wherein maintaining the first channel between the host device and the server includes:
    - exchanging the one or more keep-alive packets between the host device and the server at a frequency less than a timeout period.
  - 6. The method of claim 4, wherein maintaining the first channel between the host device and the server includes:
    - transmitting the one or more keep-alive packets bidirectionally between the host device and the server.
  - 7. The method of claim 4, wherein maintaining the first channel between the host device and the server includes:
    - transmitting the one or more keep-alive packets unidirectionally from one of the host device to the server and the server to the host device.
  - 8. The method of claim 1, wherein the server is configured to:
    - receive a first message specifying the host device with which the client device is requesting to communicate;
      
      responsive to receiving the first message, determine that the host device has host data of the host device registered with the server and that the first channel between the host device and the server is maintained; and
      
      responsive to determining that the host device has the host data of the host device registered with the server and the first channel between the host device and the server is maintained, transmit the notification message to the host device via the first channel.
  - 9. The method of claim 1, wherein communicating the data between the host device and the client device via the second channel includes:
    - receiving, by the host device, a query of the client device via the second channel; and
      
      transmitting, by the host device, a response for the query of the client device via the second channel.
  - 10. The method of claim 1, further comprising:
    - maintaining the second channel associated with the host device and the client device using one or more keep-alive packets.

11. A system comprising:
- one or more processors; and
  
  a memory storing instructions that, when executed by the one or more processors, cause a device, which is situated behind a network separation device, to;
  
  transmit an initialization request to a server, the initialization request initiating a first channel associated with the device and the server through the network separation device;
  
  receive a notification message from the server via the first channel, the notification message indicating that a client device is requesting to communicate with the device;
  
  responsive to receiving the notification message via the first channel, initiate a second channel associated with the device and the client device through the network separation device; and
  
  communicate data between the device and the client device via the second channel.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the server is configured to:
    - responsive to receiving the initialization request from the device, register data of the device with the server.
  - 13. The system of claim 12, wherein the data of the device includes one or more of a host identifier of the device and a connection port on which the device is connected to the server.
  - 14. The system of claim 11, further including instruction that, when executed, cause the system to:
    - maintain the first channel between the device and the server using one or more keep-alive packets.
  - 15. The system of claim 14, wherein maintaining the first channel between the device and the server includes:
    - exchanging the one or more keep-alive packets between the device and the server at a frequency less than a timeout period.
  - 16. The system of claim 14, wherein maintaining the first channel between the device and the server includes:
    - transmitting the one or more keep-alive packets bidirectionally between the device and the server.
  - 17. The system of claim 14, wherein maintaining the first channel between the device and the server includes:
    - transmitting the one or more keep-alive packets unidirectionally from one of the device to the server and the server to the device.
  - 18. The system of claim 11, wherein the server is configured to:
    - receive a first message specifying the device with which the client device is requesting to communicate;
      
      responsive to receiving the first message, determine that the device has data of the device registered with the server and that the first channel between the device and the server is maintained; and
      
      responsive to determining that the device has the data of the device registered with the server and the first channel between the device and the server is maintained, transmit the notification message to the device via the first channel.
  - 19. The system of claim 11, wherein communicating the data between the device and the client device via the second channel includes:
    - receive, by the device, a query of the client device via the second channel; and
      
      transmit, by the device, a response for the query of the client device via the second channel.
  - 20. The system of claim 11, further including instructions that, when executed, cause the system to:
    - maintain the second channel associated with the device and the client device using one or more keep-alive packets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Progress Software Corporation
Original Assignee
Progress Software Corporation
Inventors
Hensley, John Alan, Fischer, Robert Christian
Primary Examiner(s)
Su, Sarah

Application Number

US16/036,205
Time in Patent Office

638 Days
Field of Search
US Class Current
CPC Class Codes

H04L 61/2553   Binding renewal aspects, e....

H04L 61/256   NAT traversal

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/141   Setup of application sessio...

H04L 67/145   avoiding end of session, e....

On-premises data access and firewall tunneling

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

On-premises data access and firewall tunneling

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links