In-line modification of protocol handshake by protocol aware proxy

US 20060075114A1
Filed: 09/30/2004
Published: 04/06/2006
Est. Priority Date: 09/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method for network communications, the method comprising the steps of:

transmitting, by one of a client and a first proxy via a proxy protocol, a handshake request packet to a second proxy, the handshake request packet comprising one or more data blocks;

initiating, by the second proxy, a change to the handshake request packet, the change comprising one of modifying, adding and deleting a data block of the one or more data blocks;

forwarding, by the second proxy via the proxy protocol, the changed handshake request packet to one of a third proxy and a destination server;

receiving, by the second proxy via the proxy protocol, a handshake response packet representing a result from forwarding the handshake request to the destination server; and

replying, by the second proxy via the proxy protocol, to the handshake request packet sent by one of the client and the first proxy with the handshake response packet.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to systems and methods for network communication between a client and server via multiple proxies. A network protocol is used to establish and control an end-to-end connection between the client and the server via a single handshake mechanism. Through the protocol and end-to-end handshake, the proxies can participate in the establishment of the end-to-end connection. The present invention also provides a method and system by which a connection from one end-point to another end-point can be independently controlled and configured by the proxies along the connection path. Furthermore, the protocol is forward-compatible so that different proxies can be upgraded to different protocol versions at different times and the end-to-end connection control continues to operate.

Citations

43 Claims

1. A method for network communications, the method comprising the steps of:
- transmitting, by one of a client and a first proxy via a proxy protocol, a handshake request packet to a second proxy, the handshake request packet comprising one or more data blocks;
  
  initiating, by the second proxy, a change to the handshake request packet, the change comprising one of modifying, adding and deleting a data block of the one or more data blocks;
  
  forwarding, by the second proxy via the proxy protocol, the changed handshake request packet to one of a third proxy and a destination server;
  
  receiving, by the second proxy via the proxy protocol, a handshake response packet representing a result from forwarding the handshake request to the destination server; and
  
  replying, by the second proxy via the proxy protocol, to the handshake request packet sent by one of the client and the first proxy with the handshake response packet.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein at least one of the one or more data blocks comprises a field indicating the total length of the block.
  - 3. The method of claim 1, wherein at least one of the one or more data blocks comprises data describing the type of data block.
  - 4. The method of claim 1, wherein at least one of the one or more data blocks represents a capability of one of the first proxy, the second proxy and the third proxy.
  - 5. The method of claim 4, wherein at least one of the one or more data block comprises information describing one or more of the following capabilities:
    - compression, security and encryption.
  - 6. The method of claim 1, wherein at least one of the one or more data blocks represents a policy to be applied to the connection between the client and the destination server.
  - 7. The method of claim 6, wherein the policy comprises rules associated with one or more of the following:
    - compression, security, and encryption.
  - 8. The method of claim 1, further comprising the step of recognizing, by the second proxy, the type of at least one of the one or more data blocks.
  - 9. The method of claim 1, further comprising the step of ignoring, by the second proxy, one of the one or more data blocks.
  - 10. The method of claim 1, further comprising initiating, by the second proxy, a change to the handshake response packet.
  - 11. The method of claim 1, wherein the handshake request packet comprises a request from the client to connect to the destination server.
  - 12. The method of claim 1, wherein the handshake response packet comprises a reply from the destination server to a request from the client to connect to the destination server.
  - 13. The method of claim 1, wherein the proxy protocol comprises the Common Gateway Protocol.
  - 14. The method of claim 1, wherein the proxy protocol comprises the SOCKS protocol.
  - 15. The method of claim 1, wherein the proxy protocol is forward-compatible.

16. A method for establishing a connection between a client and a destination server via a handshake across multiple proxies, the method comprising the steps of:
- sending, by a client via a proxy protocol to a first proxy, a connection request to connect to a destination server, the connection request comprising at least one data block;
  
  forwarding, by the first proxy via the proxy protocol, the connection request to a second proxy;
  
  forwarding, by the second proxy via the proxy protocol, the connection request to the destination server;
  
  receiving, by the second proxy via the proxy protocol, a reply to the connection request from the destination server, the reply comprising at least one data block;
  
  forwarding, by the second proxy via the proxy protocol, the reply to the first proxy; and
  
  replying, by the first proxy via the proxy protocol, to the connection request of the client with the reply from the destination server.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 17. The method of claim 16, further comprising the step of taking, by one of the first proxy and the second proxy, an action to perform one of the following changes to the connection request:
    - adding a data block, modifying the least one data block, and removing the least one data block.
  - 18. The method of claim 16, further comprising the step of taking, by one of the first proxy and the second proxy, an action to perform one of the following changes to the reply:
    - adding a data block, modifying the least one data block, and removing the least one data block.
  - 19. The method of claim 16, further comprising the step of establishing a connection between the client and the destination server.
  - 20. The method of claim 19, further comprising the step of forwarding, by the first proxy and the second proxy, communications from the client to the destination server via the connection.
  - 21. The method of claim 19, wherein the connection request comprises at least one data block representing an operational characteristic of the connection to be connected between the client and the destination server.
  - 22. The method of claim 19 wherein the connection request comprises at least one data block representing a policy to be enforced for the connection between the client and the destination server.
  - 23. The method of claim 22, wherein the policy comprises one or more rules associated with one of compression, security and encryption.
  - 24. The method of claim 22, further comprising the step of enforcing, by one of the first proxy and the second proxy, the policy represented by the least one data block.
  - 25. The method of claim 17, wherein the least one data block of one of the connection request and the reply represents a capability to be configured within a proxy.
  - 26. The method of claim 25, wherein one of the first proxy and the second proxy reads the least one data block and takes an action to apply the capability in handling the connection between the client and the destination server.
  - 27. The method of claim 16, wherein the first proxy comprises a version of the proxy protocol different than the version of the proxy protocol of one of the second proxy and the destination server.
  - 28. The method of claim 27, wherein one of the second proxy and the destination server ignore at least one of the data blocks in communications from the first proxy comprising the different version of the proxy protocol.
  - 29. The method of claim 27, wherein at least one of the data blocks of one of the connection request and reply comprises a ticket.

30. A system for establishing a connection between a client and a destination server through a plurality of proxies, the system comprising:
- a client communicating, via a proxy protocol, a connection request to establish a connection with a destination server, the connection request comprising one or more data blocks;
  
  a first proxy, in communication with the client via the proxy protocol, receiving the connection request and forwarding the connection request;
  
  a second proxy, in communication with the first proxy via the proxy protocol, receiving the connection request forwarded by the first proxy, the second proxy forwarding the connection request to the destination server;
  
  the destination server, in communication with the second proxy via the proxy protocol, replying to the connection request by communicating a reply to the second proxy, the reply comprising one or more data blocks;
  
  the second proxy receiving the reply and forwarding the reply to the first proxy;
  
  the first proxy receiving the reply and communicating the reply to the client in response to the connection request by the client.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 31. The system of claim 30, wherein one of the first proxy and the second proxy perform a change to the one or more data blocks of the connection request, the change comprising one of the following:
    - adding a data block, modifying one of the one or more data blocks, removing one of the one or more data blocks.
  - 32. The system of claim 30, wherein one of the first proxy and the second proxy perform a change to the one or more data blocks of the reply, the change comprising one of the following:
    - adding a data block, modifying one of the one or more data blocks, removing one of the one or more data blocks.
  - 33. The system of claim 30, wherein the first proxy and the second proxy establish a connection between the client and the destination server.
  - 34. The system of claim 33, wherein the first proxy and the second proxy forward communications from the client to the destination server via the connection.
  - 35. The system of claim 30, wherein the connection request comprises at least one data block representing an operational characteristic of the connection between the client and the destination server.
  - 36. The system of claim 30, wherein the connection request comprises at least one data block representing a policy to be enforced for the connection between the client and the destination server.
  - 37. The system of claim 36, wherein the policy comprises one or more rules associated with one of compression, security and encryption.
  - 38. The system of claim 37, wherein one of the first proxy and the second proxy enforces the policy on the connection.
  - 39. The system of claim 30, wherein the least one data block of one of the connection request and the reply represents a capability to be configured by a proxy.
  - 40. The system of claim 39, wherein one of the first proxy and the second proxy reads one of the one or more data blocks and takes an action to apply the capability in handling the connection between the client and the destination server.
  - 41. The system of claim 30, wherein the first proxy uses a version of the proxy protocol different than the version of the proxy protocol used by of one of the second proxy and the destination server.
  - 42. The system of claim 41, wherein one of the second proxy and the destination server ignore one of the one or more data blocks in communications from the first proxy comprising the different version of the proxy protocol.
  - 43. The system of claim 30, wherein one of the one or more data blocks of one of the connection request and the reply comprises a ticket.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Panasyuk, Anatoliy, Stone, David Sean, Pedersen, Bradley Jay

Application Number

US10/957,165
Publication Number

US 20060075114A1
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 67/14   Session management for real...

H04L 67/288   Distributed intermediate de...

H04L 67/56   Provisioning of proxy servi...

H04L 69/24   Negotiation of communicatio...

H04L 69/326   in the transport layer [OSI...

In-line modification of protocol handshake by protocol aware proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

In-line modification of protocol handshake by protocol aware proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links