Secure traversal of network components

US 20030163569A1
Filed: 02/26/2002
Published: 08/28/2003
Est. Priority Date: 02/26/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a client to a content server comprising the steps of:

generating a ticket associated with said client, said ticket comprising a first ticket and a second ticket wherein said second ticket is disabled from use;

transmitting said first ticket to said client;

validating said first ticket;

using said first ticket to establish a communication session with a content server proxy after said first ticket is validated;

enabling said second ticket for use upon said validation of said first ticket; and

using said enabled second ticket to establish a communication session with said content server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating a client to a content server. A ticket authority generates a ticket associated with the client. The ticket comprises a first ticket and a second ticket. The ticket authority transmits the first ticket to the client and the client uses the first ticket to establish a communication session with an content server proxy. The ticket authority then transmits a second ticket to the content server proxy and the content server proxy uses the second ticket to establish a communication session with the content server.

193 Citations

View as Search Results

68 Claims

1. A method of authenticating a client to a content server comprising the steps of:
- generating a ticket associated with said client, said ticket comprising a first ticket and a second ticket wherein said second ticket is disabled from use;
  
  transmitting said first ticket to said client;
  
  validating said first ticket;
  
  using said first ticket to establish a communication session with a content server proxy after said first ticket is validated;
  
  enabling said second ticket for use upon said validation of said first ticket; and
  
  using said enabled second ticket to establish a communication session with said content server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 wherein, prior to generating said ticket associated with said client, said client is authenticated to a web server.
  - 3. The method of claim 1 wherein said ticket authority transmits said first ticket to a web server and said web server transmits said first ticket to said client.
  - 4. The method of claim 1 wherein said client transmits said first ticket to said content server proxy.
  - 5. The method of claim 1 wherein said content server proxy transmits said first ticket to said ticket authority and said ticket authority transmits said second ticket to said content server proxy upon validation of said first ticket.
  - 6. The method of claim 1 wherein said content server proxy transmits said second ticket to said content server upon said enabling of said second ticket.
  - 7. The method of claim 1 wherein said content server validates said second ticket with said ticket authority.
  - 8. The method of claim 7 wherein said content server makes a request to said ticket authority to validate said second ticket.
  - 9. The method of claim 7 wherein said ticket authority pushes said second ticket to said content server for validation.
  - 10. The method of claim 1 wherein said ticket authority transmits said second ticket to a web server and said web server pushes said second ticket to said content server for validation.
  - 11. The method of claim 1 wherein said ticket authority transmits said first ticket and said disabled second ticket to a web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 12. The method of claim 11 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 13. The method of claim 1 further comprising transmitting said disabled second ticket to at least one of said content server proxy and a web server.
  - 14. The method of claim 1 further comprising transmitting said enabled second ticket to said content server proxy.
  - 15. The method of claim 1 wherein a communication session protocol is established between said client and said content server.
  - 16. The method of claim 1 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said content server proxy and said content server.
  - 17. The method of claim 16 wherein said first communication session protocol is different from said second communication session protocol.
  - 18. The method of claim 1 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said client and a web server.
  - 19. The method of claim 18 wherein said first communication session protocol is different from said second communication session protocol.
  - 20. The method of claim 1 wherein said client comprises a web based browser.
  - 21. The method of claim 1 wherein said content server proxy is a secure socket layer relay.
  - 22. The method of claim 1 wherein said transmitting of said second ticket to said content server proxy further comprises transmitting an address of said content server to said content server proxy.

23. A system for authenticating a user comprising:
- a client;
  
  a ticket authority;
  
  a content server; and
  
  a content server proxy in communication with said client, said ticket authority, and said content server, wherein said ticket authority generates a ticket associated with said client, said ticket comprising a first ticket and a second ticket, wherein said first ticket is transmitted to said client and used to establish a first communication session with said content server proxy, and wherein said second ticket is transmitted to said content server proxy and used to establish a second communication session with said content server.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 24. The system of claim 23 wherein, prior to said ticket authority generating said ticket associated with said client, said client is authenticated to a web server.
  - 25. The system of claim 23 wherein said ticket authority transmits said first ticket to a web server and said web server transmits said first ticket to said client.
  - 26. The system of claim 23 wherein said client transmits said first ticket to said content server proxy.
  - 27. The system of claim 23 wherein said content server proxy transmits said first ticket to said ticket authority and said ticket authority transmits said second ticket to said content server proxy.
  - 28. The system of claim 23 wherein said content server proxy transmits said second ticket to said content server.
  - 29. The system of claim 23 wherein said content server validates said second ticket with said ticket authority.
  - 30. The system of claim 29 wherein said content server makes a request to said ticket authority to validate said second ticket.
  - 31. The system of claim 29 wherein said ticket authority pushes said second ticket to said content server for validation.
  - 32. The system of claim 23 wherein said ticket authority transmits said second ticket to a web server and said web server pushes said second ticket to said content server for validation.
  - 33. The system of claim 23 wherein a disabled second ticket is transmitted with said first ticket to said client.
  - 34. The system of claim 33 wherein said ticket authority transmits said first ticket and said disabled second ticket to a web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 35. The system of claim 33 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 36. The system of claim 33 wherein said content server proxy transmits said first ticket and said disabled second ticket to said ticket authority and said ticket authority enables said disabled second ticket.
  - 37. The system of claim 36 further comprising transmitting said enabled second ticket to said content server proxy.
  - 38. The system of claim 23 wherein a communication session protocol is established between said client and said content server.
  - 39. The system of claim 23 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said content server proxy and said content server.
  - 40. The system of claim 39 wherein said first communication session protocol is different from said second communication session protocol.
  - 41. The system of claim 23 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said client and a web server.
  - 42. The system of claim 41 wherein said first communication session protocol is different from said second communication session protocol.
  - 43. The system of claim 23 wherein said client comprises a web based browser.
  - 44. The system of claim 23 wherein said content server proxy is a secure socket layer relay.

45. A system for authenticating a user comprising:
- a client;
  
  a ticket authority generating a ticket associated with said client, said ticket comprising a first ticket and a second ticket wherein said second ticket is disabled from use;
  
  a content server;
  
  a content server proxy in communication with said client, said ticket authority, and said content server and receiving said first ticket; and
  
  a web server in communication with said client and said ticket authority, wherein said content server proxy establishes a first communication session protocol between said client and said content server proxy after said ticket authority validates said first ticket, wherein said ticket authority enables said second ticket after said validation of said first ticket, and wherein said content server proxy uses said enabled second ticket to establish a second communication session protocol being different from said first communication session protocol.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 46. The system of claim 45 wherein said client is authenticated to said web server.
  - 47. The system of claim 45 wherein said ticket authority transmits said first ticket to said web server.
  - 48. The system of claim 45 wherein said web server transmits said first ticket to said client.
  - 49. The system of claim 45 wherein said client transmits said first ticket to said content server proxy.
  - 50. The system of claim 45 wherein said content server proxy transmits said first ticket to said ticket authority.
  - 51. The system of claim 45 wherein said ticket authority transmits said second ticket to said content server proxy.
  - 52. The system of claim 45 wherein said content server proxy transmits said second ticket to said content server.
  - 53. The system of claim 45 wherein said content server validates said enabled second ticket with said ticket authority.
  - 54. The system of claim 53 wherein said content server makes a request to said ticket authority to validate said enabled second ticket.
  - 55. The system of claim 53 wherein said ticket authority pushes said enabled second ticket to said content server for validation.
  - 56. The system of claim 45 wherein said ticket authority transmits said second ticket to said web server and said web server pushes said second ticket to said content server for validation.
  - 57. The system of claim 45 wherein a disabled second ticket is transmitted with said first ticket to said client.
  - 58. The system of claim 57 wherein said ticket authority transmits said first ticket and said disabled second ticket to said web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 59. The system of claim 57 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 60. The system of claim 57 wherein said content server proxy transmits said first ticket and said disabled second ticket to said ticket authority and said ticket authority enables said disabled second ticket.
  - 61. The system of claim 60 further comprising transmitting said enabled second ticket to said content server proxy.
  - 62. The system of claim 45 wherein a communication session protocol is established between said client and said content server.
  - 63. The system of claim 45 wherein a third communication session protocol is established between said content server proxy and said content server.
  - 64. The system of claim 63 wherein said first communication session protocol is different from said third communication session protocol.
  - 65. The system of claim 45 wherein said client comprises a web based browser.
  - 66. The system of claim 45 wherein said content server proxy is a secure socket layer relay.

67. A system for authenticating a user comprising:
- a client;
  
  a first ticket authority;
  
  a second ticket authority;
  
  a content server; and
  
  a content server proxy in communication with said client, said first ticket authority, and said content server, wherein said first ticket authority generates a first ticket associated with said client, wherein said second ticket authority generates a second ticket associated with said content server, wherein said first ticket is transmitted to said client and used to establish a first communication session with said content server proxy, and wherein said second ticket is transmitted to said content server proxy and used to establish a second communication session with said content server.

68. A system for authenticating a user comprising:
- means for generating a ticket associated with a client, said ticket comprising a first ticket and a second ticket;
  
  means for transmitting said first ticket to said client;
  
  means for using said first ticket to establish a first communication session with a content server proxy;
  
  means for transmitting said second ticket to said content server proxy; and
  
  means for using said second ticket to establish a second communication session with a content server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Panasyuk, Anatoliy, Pedersen, Bradley Jay, Kramer, Andre

Granted Patent

US 7,661,129 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04L 63/0838 using one-time-passwords

Secure traversal of network components

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

193 Citations

68 Claims

Specification

Use Cases

Quick Links

Others

Secure traversal of network components

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

193 Citations

68 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others