Method and apparatus for tunneling TCP/IP over HTTP and HTTPS

US 20030217149A1
Filed: 05/20/2002
Published: 11/20/2003
Est. Priority Date: 05/20/2002
Status: Abandoned Application

First Claim

Patent Images

1. A packet switched network communications system comprising:

a first network including a client running at least one client application;

a second network including a server supporting a plurality of resources; and

a direct, port forwarding function implemented on the client for a tunnel operation in which a secure connection is made to the server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A tunneling infrastructure provides TCP port forwarding from a client running on a client network to a server running on a server network, where the client and servers can be behind separate firewalls. To tunnel TCP, a “server socket” capability is provided, allowing the client to establish a connection to the server across the tunnel. A direct, port forwarding scheme is implemented. The client side is the driver for the tunnel operation. The client maintains multiple URL (Universal Resource Locator) connections to the server side tunnel allowing data to flow in both directions. The client'"'"'s SendToServer connection(s) use the HTTP POST method to send data from the client side to the server side. The client'"'"'s ReceiveFromServer connection(s) use the HTTP GET method, and allow data to be sent from the server side to the client side.

120 Citations

18 Claims

1. A packet switched network communications system comprising:
- a first network including a client running at least one client application;
  
  a second network including a server supporting a plurality of resources; and
  
  a direct, port forwarding function implemented on the client for a tunnel operation in which a secure connection is made to the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The packet switched network communication system recited in claim 1, further comprising:
    - a firewall guarding computer resources of the first network and including an application or mechanism that enables connections from inside to outside the firewall.
  - 3. The packet switched network communication system recited in claim 1, further comprising:
    - a firewall guarding computer resources of the second network and wherein the connection to the server is through a pre-determined HTTP (Hypertext Transfer Protocol) port in the firewall.
  - 4. The packet switched network communication system recited in claim 1, further comprising:
    - a first firewall guarding computer resources of the first network and including an application or mechanism that enables connections from inside to outside the first firewall; and
      
      a second firewall guarding computer resources of the second network and wherein the connection to the server is through a pre-determined HTTP (Hypertext Transfer Protocol) port in the second firewall.
  - 5. The packet switched network communication system recited in claim 1, wherein the client maintains multiple URL (Universal Resource Locator) connections to server side servlets allowing data to flow in both directions between the client and the server.
  - 6. The packet switched network communication system recited in claim 5, wherein the direct, port forwarding function is implemented in a client-side application providing port forwarding, the client-side application multiplexing and demultiplexing TCP (Transfer Control Protocol) data to and from the server so as to support a plurality of simultaneous TCP connections.
  - 7. The packet switched network communication system recited in claim 5, wherein the client uses an HTTP POST request method to send data from the client to the server and the client uses an HTTP GET request method to allow data to be sent from the server to the client.
  - 8. The packet switched network communication system recited in claim 1, wherein the direct, port forwarding function is implemented in a client-side application providing port forwarding.
  - 9. The packet switched network communication system recited in claim 8, wherein the client-side application creates ServerSockets to allow other client-side applications to connect to the server.
  - 10. The packet switched network communication system recited in claim 1, further comprising a client-side tunneling application which allows server-side clients to access client-side resources.
  - 11. The packet switched network communication system recited in claim 1, further comprising a server-side tunneling application which is embeddable inside a standard Web environment.
  - 12. The packet switched network communication system recited in claim 1, further comprising a server-side tunneling application which multiplexes and demultiplexes TCP (Transfer Control Protocol) data to and from the client so as to support a plurality of simultaneous TCP connections.
  - 13. The packet switched network communication system recited in claim 1, further comprising a connectivity function wherein if the client cannot maintain a connection to the server, all of the client-side and server-side socket connections are maintained for a timeout period.
  - 14. The packet switched network communication system recited in claim 13, wherein if the client restores contact with the server during the timeout period, the client and server synchronize their respective data streams and tunnelling continues.
  - 15. The packet switched network communication system recited in claim 1, further comprising an authentication function on the client wherein a time-encoded token is used to authenticate requests that emanate from the client and terminate with the server.
  - 16. The packet switched network communication system recited in claim 15, wherein the time encoded token is obtained by the client during a login phase, prior to allowing establishment of a tunnel.

17. In a packet switched network communications system including a first network including a client running at least one client application and a second network including a server supporting a plurality of resources, a first firewall guarding computer resources of the first network and including an application that enables connections from inside to outside the first firewall and a second firewall guarding computer resources of the second network and including an application that enables connection from inside to outside the second firewall, a method for tunneling implemented on the client for a tunnel operation in which a connection is made to a pre-determined HTTP (Hypertext Transfer Protocol) port in the second firewall comprising the steps of:
- opening by the client a URL (Universal Resource Locator) connection to the server;
  
  creating a tunnel message by the client and writing the tunnel message as data for a POST request;
  
  reading by the server data from the POST request and acknowledging each tunnel message in response to the POST request;
  
  creating by the server a tunnel message and writing tunnel messages to a response data stream; and
  
  reading by the client the response data stream sent by the server in response to a GET request from the client.

18. A computer-readable storage medium accessible by a client in a packet switched network communications system including a first network including the client running at least one client application and a second network including a server supporting a plurality of resources, a first firewall guarding computer resources of the first network and including an application that enables connections from inside to outside the first firewall and a second firewall guarding computer resources of the second network and including an application that enables connection from inside to outside the second firewall, said storage medium having stored therein instructions for performing a method for tunneling in which a connection is made to a pre-determined HTTP (Hypertext Transfer Protocol) port in the second firewall, the method comprising the steps of:
- opening by the client a URL (Universal Resource Locator) connection to the server;
  
  creating a tunnel message by the client and writing the tunnel message as data for a POST request;
  
  reading by the server data from the POST request and acknowledging each tunnel message in response to the POST request;
  
  creating by the server a tunnel message and writing tunnel messages to a response data stream; and
  
  reading by the client the response data stream sent by the server in response to a GET request from the client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Shao, Schuman Min, Staten, Jeffrey W., Crichton, Joseph M.

Application Number

US10/152,281
Publication Number

US 20030217149A1
Time in Patent Office

Days
Field of Search
US Class Current

709/225
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 67/02   based on web technology, e....

H04L 69/16   Implementation or adaptatio...

H04L 69/162   involving adaptations of so...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/329   in the application layer [O...

Method and apparatus for tunneling TCP/IP over HTTP and HTTPS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

120 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for tunneling TCP/IP over HTTP and HTTPS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links