A PERSISTENT AND RELIABLE SESSION SECURELY TRAVERSING NETWORK COMPONENTS USING AN ENCAPSULATING PROTOCOL

US 20050198380A1
Filed: 09/30/2004
Published: 09/08/2005
Est. Priority Date: 02/26/2002
Status: Active Grant

First Claim

Patent Images

1. A method for re-connecting a client to a host service, the method comprising:

providing a communication session between a client and a host service via a first connection between the client and a first protocol service, and a second connection between the first protocol service and the host service;

detecting a disruption in one of the first connection and the second connection, and maintaining the other of one of the first connection and the second connection;

obtaining, at the first protocol service, a first ticket and a second ticket;

validating the first ticket to re-establish the disrupted connection;

validating the second ticket to continue use of the maintained connection; and

linking the re-established connection to the maintained connection.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to systems and methods for reestablishing client communications by securely traversing network components using an encapsulating communication protocol to provide session persistence and reliability. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network to provide session persistence and a reliable connection between a client and a host service via a first protocol service. A ticket authority generates a first ticket and a second ticket associated with the client. The first ticket is provided to the client and the client uses the first ticket to establish a communication session with the first protocol service. The second ticket is provided to the first protocol service and the first protocol service uses the second ticket to establish a communication session with the host service.

265 Citations

35 Claims

1. A method for re-connecting a client to a host service, the method comprising:
- providing a communication session between a client and a host service via a first connection between the client and a first protocol service, and a second connection between the first protocol service and the host service;
  
  detecting a disruption in one of the first connection and the second connection, and maintaining the other of one of the first connection and the second connection;
  
  obtaining, at the first protocol service, a first ticket and a second ticket;
  
  validating the first ticket to re-establish the disrupted connection;
  
  validating the second ticket to continue use of the maintained connection; and
  
  linking the re-established connection to the maintained connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 19)
- - 2. The method of claim 1, further comprising maintaining the communication session during the disruption in the disrupted connection.
  - 3. The method of claim 1, further comprising generating one of the first ticket and the second ticket by at least one of the first protocol service and a ticket authority.
  - 4. The method of claim 1, further comprising validating, by the ticket authority, at least one of the first ticket and the second ticket.
  - 5. The method of claim 1, further comprising authenticating the client to a web server.
  - 6. The method of claim 1, further comprising transmitting, by a web server, the first ticket to the client.
  - 7. The method of claim 1, further comprising transmitting, by the client, the first ticket to the first protocol service.
  - 8. The method of claim 1, further comprising authenticating, by the host service, the client upon establishment of the communication session.
  - 9. The method of claim 1, wherein the first protocol service comprises a proxy server.
  - 10. The method of claim 1, wherein the first protocol service comprises a security gateway.
  - 11. The method of claim 1, wherein the client and the first protocol service communicate using a first protocol encapsulating a second protocol, and the first protocol service and the host service communicate using the second protocol.
  - 12. The method of claim 1, wherein the first ticket is valid for the first connection and the second ticket is valid for the second connection.
  - 13. The method of claim 1, wherein the second ticket is disabled until the first ticket is validated.
  - 14. The method of claim 1, wherein the re-established connection is linked to the maintained connection after the first ticket and the second ticket are validated.
  - 15. The method of claim 1, wherein one of the first connection and the second connection comprises a plurality of connections connected via one of an intermediary node and one or more first protocol services.
  - 16. The method of claim 15, wherein a third ticket is generated for at least one of the plurality of connections.
  - 17. The method of claim 16, wherein the third ticket is valid for the least one of the plurality of connections.
  - 19. The system of claim 17, further comprising a ticket authority generating at least one of the first ticket and the second ticket.

18. A system for re-connecting a client to a host service, the system comprising:
- a client establishing a communication session with a host service via a first connection;
  
  a first protocol service establishing the first connection with the client and a second connection with the host service;
  
  the first protocol service maintaining a connection comprising at least one of the first connection and the second connection;
  
  the first protocol service validating a first ticket to re-establish a disrupted connection in one of the first connection and the second connection, and validating a second ticket to use the other of the one of the first connection and the second connection; and
  
  the first protocol service linking the re-established connection to the maintained connection.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
- - 20. The system of claim 18, wherein the first protocol service maintains the communication session during a disruption in the disrupted connection.
  - 21. The system of claim 18, wherein the first protocol service generates at least one of the first ticket and the second ticket.
  - 22. The system of claim 18, wherein the ticket authority validates at least one of the first ticket and the second ticket.
  - 23. The system of claim 18, further comprising a web server, the web server authenticating the client.
  - 24. The system of claim 23, wherein the web server transmits the first ticket to the client.
  - 25. The system of claim 18, wherein the client transmits the first ticket to the first protocol service.
  - 26. The system of claim 18, wherein the host service authenticates the client upon establishment of the communication session.
  - 27. The system of claim 18, wherein the first protocol service comprises a proxy server.
  - 28. The system of claim 18, wherein the first protocol service comprises a security gateway.
  - 29. The system of claim 18, wherein the client and the first protocol service communicate using a first protocol encapsulating a second protocol, and the first protocol service and the host service communicate using the second protocol.
  - 30. The system of claim 18, wherein the first ticket is valid for the first connection and the second ticket is valid for the second connection.
  - 31. The system of claim 18, wherein the second ticket is disabled until the first ticket is validated.
  - 32. The system of claim 18, wherein the first protocol service links the re-established connection to the maintained connection after the first ticket and the second ticket are validated.
  - 33. The system of claim 18, wherein one of the first connection and the second connection comprises a plurality of connections connected via one of an intermediary node and one or more first protocol services.
  - 34. The system of claim 33, wherein a third ticket is generated for at least one of the plurality of connections.
  - 35. The system of claim 34, wherein the third ticket is valid for the least one of the plurality of connections.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Panasyuk, Anatoliy, Treder, Terry, Stone, David Sean, Pedersen, Bradley Jay, Kramer, Andre

Granted Patent

US 7,984,157 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/239
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 63/0209   Architectural arrangements,...

H04L 63/0272   Virtual private networks

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/166   at the transport layer

A PERSISTENT AND RELIABLE SESSION SECURELY TRAVERSING NETWORK COMPONENTS USING AN ENCAPSULATING PROTOCOL

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

265 Citations

35 Claims

Specification

Use Cases

Quick Links

Others

A PERSISTENT AND RELIABLE SESSION SECURELY TRAVERSING NETWORK COMPONENTS USING AN ENCAPSULATING PROTOCOL

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

265 Citations

35 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others