Establishing secure sessions for stateful cloud services

US 10,686,886 B2
Filed: 10/19/2016
Issued: 06/16/2020
Est. Priority Date: 10/19/2016
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a communication session between a client device and a stateful host, comprising:

determining that a unique identifier has been added to an instruction queue, the unique identifier being associated with a client identification token and a client authorization token;

generating a stateful host on a virtual machine;

associating the unique identifier with the stateful host;

determining an internet protocol address associated with the stateful host;

associating the internet protocol address with the unique identifier to create a name-value pair, the name-value pair being used to establish the communication session between the client device and the stateful host; and

providing the name-value pair for securely storing in the cloud service.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present disclosure relate to establishing a secure session between a client device and a stateful backend server or host. The system described herein uses an identity token and an authorization token to generate a globally unique identifier that is associated with the client device. The globally unique identifier is then used to create a one-to-one mapping between the client device and the backend server.

25 Citations

20 Claims

1. A method for establishing a communication session between a client device and a stateful host, comprising:
- determining that a unique identifier has been added to an instruction queue, the unique identifier being associated with a client identification token and a client authorization token;
  
  generating a stateful host on a virtual machine;
  
  associating the unique identifier with the stateful host;
  
  determining an internet protocol address associated with the stateful host;
  
  associating the internet protocol address with the unique identifier to create a name-value pair, the name-value pair being used to establish the communication session between the client device and the stateful host; and
  
  providing the name-value pair for securely storing in the cloud service.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the authorization token and the unique identifier are received from the client device.
  - 3. The method of claim 2, further comprising establishing a subsequent secure communication session with the stateful host using the unique identifier.
  - 4. The method of claim 3, wherein the unique identifier is used to determine the name-value pair associated with the stateful host.
  - 5. The method of claim 1, wherein the authorization token is encrypted.
  - 6. The method of claim 1, wherein the unique identifier is used to create a one-to-one mapping between the client device and the stateful host.
  - 7. The method of claim 1, wherein the name-value pair is stored in a secure global storage device.

8. A system, comprising:
- a processor; and
  
  a memory for storing instructions which, when executed by the processor, performs a method for establishing a communication session between a client device and stateful host, comprising;
  
  receiving a unique identifier from the client device, the unique identifier being associated with a client identification token and a client authorization token;
  
  using the unique identifier to determine an internet protocol address for the stateful host associated with the client device by accessing a storage cache that stores a name-value pair comprising the unique identifier associated with the client device and the internet protocol address associated with the stateful host; and
  
  establishing the communication session between the client device and the stateful host using the unique identifier, the client identification token and the client authorization token.
- View Dependent Claims (9, 10, 11, 12, 13, 20)
- - 9. The system of claim 8, wherein the stateful host is instantiated by a virtual machine.
  - 10. The system of claim 8, further comprising instructions for reestablishing a connection between the client device and the stateful host when a connection between the client device and the stateful host is lost, wherein the connection is reestablished by using the unique identifier to determine the internet protocol address for the stateful host.
  - 11. The system of claim 10, further comprising instructions for determining whether the stateful host is inactive.
  - 12. The system of claim 11, further comprising instructions for causing a virtual machine to create a new instantiation of the stateful host when it is determined the stateful host is inactive.
  - 13. The system of claim 11, further comprising instructions for loading a last known state of the content hosted by the stateful host using, at least, the unique identifier.
  - 20. The system of claim 8, wherein the unique identifier is used to create a one-to-one mapping between the client device and the stateful host.

14. A computer-readable storage medium comprising computer-executable instructions which, when executed by a processor, performs a method for establishing a communication session between a client and a stateful host, comprising:
- determining that a unique identifier has been added to an instruction queue, the unique identifier being associated with an authorization token;
  
  using the unique identifier to instantiate the stateful host on a virtual machine;
  
  determining an internet protocol address associated with the stateful host; and
  
  associating the internet protocol address with the unique identifier to create a name-value pair, the name-value pair being used to establish the communication session between the client and the stateful host.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer-readable storage medium of claim 14, wherein the unique identifier is associated with the client.
  - 16. The computer-readable storage medium of claim 14, further comprising instructions for determining whether the stateful host is inactive.
  - 17. The computer-readable storage medium of claim 14, further comprising instructions for determining a last known state of the stateful host using the unique identifier when a connection to the stateful host is reestablished.
  - 18. The computer-readable storage medium of claim 14, the unique identifier being further associated with an authentication token associated with the client.
  - 19. The computer-readable storage medium of claim 18, further comprising receiving the authorization token, the authentication token and the unique identifier when the client seeks to reestablish a connection with the stateful host.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Fransazov, Mariyan D., Flutre, Arnaud Christian, Overholt, Mark David
Primary Examiner(s)
Cox, Natisha D

Application Number

US15/298,044
Publication Number

US 20180109628A1
Time in Patent Office

1,336 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/335   for accessing specific reso...

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/10   for controlling access to d...

H04L 67/141   Setup of application sessio...

H04L 67/59   Providing operational suppo...

H04L 69/40   for recovering from a failu...

H04W 12/06   Authentication

H04W 12/068   using credential vaults, e....

Establishing secure sessions for stateful cloud services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Establishing secure sessions for stateful cloud services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links