Facilitating a secure 3 party network session by a network device

US 10,630,784 B2
Filed: 07/03/2018
Issued: 04/21/2020
Est. Priority Date: 05/03/2013
Status: Active Grant

First Claim

Patent Images

1. An application delivery controller, comprising:

a processor; and

a memory for storing executable instructions, the processor being configured to execute the instructions to;

receive, from a client device, a SYN data packet intended for an application server;

determine, based on the SYN data packet, that the client device is a trusted source; and

based on the determination, transmit a SYN/ACK packet to the client device, the SYN/ACK packet comprising information for the client device to authenticate the client device to the application server directly as the trusted source, the information to authenticate the client device to the application server including at least server information preliminarily sent by the application server to the application delivery controller, the server information including at least transmission control protocol (TCP) options provided by the application server, the TCP options including at least a maximum segment size, a window scale, a selective ACK, and a timestamp.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Facilitation of secure network traffic over an application session by an application delivery controller is provided herein. A method for secure network traffic transmission over an application session may include receiving, from a client device, a SYN data packet intended for an application server. The method may continue with determining, based on the SYN data packet, that the client device is a trusted source. The method may further include transmitting, based on the determination that the client device is the trusted source, a SYN/ACK packet to the client device. The SYN/ACK packet may include information for the client device to authenticate the client device to the application server directly as the trusted source.

7 Citations

20 Claims

1. An application delivery controller, comprising:
- a processor; and
  
  a memory for storing executable instructions, the processor being configured to execute the instructions to;
  
  receive, from a client device, a SYN data packet intended for an application server;
  
  determine, based on the SYN data packet, that the client device is a trusted source; and
  
  based on the determination, transmit a SYN/ACK packet to the client device, the SYN/ACK packet comprising information for the client device to authenticate the client device to the application server directly as the trusted source, the information to authenticate the client device to the application server including at least server information preliminarily sent by the application server to the application delivery controller, the server information including at least transmission control protocol (TCP) options provided by the application server, the TCP options including at least a maximum segment size, a window scale, a selective ACK, and a timestamp.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The application delivery controller of claim 1, wherein the SYN data packet includes a request to establish a TCP session with the application server.
  - 3. The application delivery controller of claim 2, wherein upon authentication of the client device to the application server directly as the trusted source, the client device returns the ACK data packet directly to the application server to establish the TCP session.
  - 4. The application delivery controller of claim 1, wherein the processor is further configured to:
    - ascertain network capabilities of the application server; and
      
      based on the determination that the client device is the trusted source, modify an Internet Protocol header of the SYN data packet according to the network capabilities of the application server.
  - 5. The application delivery controller of claim 4, wherein the modifying the IP header of the SYN data packet includes adding an encoded value from an index table.
  - 6. The application delivery controller of claim 1, wherein the determination that the client device is the trusted source includes determining that the client device is not a botnet.
  - 7. The application delivery controller of claim 1, wherein the processor is further configured to perform at least one of compression, caching, connection multiplexing, application layer security, and content switching.
  - 8. The application delivery controller of claim 1, wherein the processor is further configured to pass parameters from the SYN data packet to the application server to ensure compatibility of communications between the client device and the application server.
  - 9. The application delivery controller of claim 8, wherein the parameters include at least one of sequence numbers, a source information, and a destination information.
  - 10. The application delivery controller of claim 1, wherein the processor is further configured to:
    - collect application server information from the application server;
      
      generate, based on the application server information, the information for the client device to authenticate the client device to the application server directly as the trusted source.

11. A method for secure network traffic transmission over an application session, the method comprising:
- receiving, by an application delivery controller (ADC), from a client device, a SYN data packet intended for an application server;
  
  determining, by the ADC, based on the SYN data packet, that the client device is a trusted source; and
  
  based on the determination, transmitting, by the ADC, a SYN/ACK packet to the client device, the SYN/ACK packet comprising information for the client device to authenticate the client device to the application server directly as the trusted source, the information to authenticate the client device to the application server including at least server information preliminarily sent by the application server to the application delivery controller, the server information including at least transmission control protocol (TCP) options provided by the application server, the TCP options including at least a maximum segment size, a window scale, a selective ACK, and a timestamp.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The method of claim 11, wherein the SYN data packet includes a request to establish a TCP session with the application server.
  - 13. The method of claim 12, wherein upon authentication of the client device to the application server directly as the trusted source, the client device returns the ACK data packet directly to the application server to establish the TCP session.
  - 14. The method of claim 11, further comprising:
    - ascertaining, by the ADC, network capabilities of the application server; and
      
      based on the determination that the client device is the trusted source, modifying, by the ADC, an Internet Protocol header of the SYN data packet according to the network capabilities of the application server.
  - 15. The method of claim 14, wherein the modifying the IP header of the SYN data packet includes adding an encoded value from an index table.
  - 16. The method of claim 11, wherein the determination that the client device is the trusted source includes determining that the client device is not a botnet.
  - 17. The method of claim 11, wherein the ADC is configured to perform at least one of compression, caching, connection multiplexing, application layer security, and content switching.
  - 18. The method of claim 11, wherein the ADC is configured to pass parameters from the SYN data packet to the application server to ensure compatibility of communications between the client device and the application server.
  - 19. The method of claim 11, further comprising:
    - collecting, by the ADC, application server information from the application server;
      
      generating, by the ADC, based on the application server information, the information for the client device to authenticate the client device to the application server directly as the trusted source.

20. An application delivery controller, comprising:
- a processor; and
  
  a memory for storing executable instructions, the processor being configured to execute the instructions to;
  
  collect application server information from an application server;
  
  receive, from a client device, a SYN data packet intended for the application server;
  
  determine, based on the SYN data packet, that the client device is a trusted source;
  
  generate, based on the application server information, information for the client device to authenticate the client device to the application server directly as the trusted source;
  
  based on the determination, transmit a SYN/ACK packet to the client device, the SYN/ACK packet comprising the information for the client device to authenticate the client device to the application server directly as the trusted source;
  
  ascertain network capabilities of the application server;
  
  based on the determination that the client device is the trusted source, modify an Internet Protocol header of the SYN data packet according to the network capabilities of the application server; and
  
  pass parameters from the SYN data packet to the application server to ensure compatibility of communications between the client device and the application server, the information to authenticate the client device to the application server including at least server information preliminarily sent by the application server to the application delivery controller, the server information including at least transmission control protocol (TCP) options provided by the application server, the TCP options including at least a maximum segment size, a window scale, a selective ACK, and a timestamp.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
A10 Networks Incorporated
Original Assignee
A10 Networks Incorporated
Inventors
Jalan, Rajkumar, Kamat, Gurudeep
Primary Examiner(s)
Book, Phyllis A

Application Number

US16/027,051
Publication Number

US 20180316767A1
Time in Patent Office

658 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/0892   by using authentication-aut...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04L 63/166   at the transport layer

H04L 67/141   Setup of application sessio...

Facilitating a secure 3 party network session by a network device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

7 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Facilitating a secure 3 party network session by a network device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

7 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links