SERVER MESSAGE BLOCK (SMB) SECURITY SIGNATURES SEAMLESS SESSION SWITCH

US 20090089873A1
Filed: 09/29/2008
Published: 04/02/2009
Est. Priority Date: 10/01/2007
Status: Active Grant

First Claim

Patent Images

1. A method of securely transmitting data between a client and a server, the method comprising:

receiving, at a client proxy, an initial security message from the client, wherein the security message is to establish security between the server and the client, and wherein the client'"'"'s security parameters are set to enabled and not required;

forwarding the initial security message to the server;

intercepting, at a proxy server, a security response from the server, wherein the response includes security data and security parameters set to enabled and required;

extracting the security data from the security response, and using the security data to establish a secure socket connection between the proxy server and the server;

altering the request by changing the security parameters to not enabled and not required; and

transmitting the altered request to the client and establishing a non-secure socket connection between the proxy client and the client.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention relates to systems, apparatus, and methods of securely transmitting data between a client and a server. The method includes receiving an initial security message from the client. The security message is to establish security between the server and the client. Further, the client'"'"'s security parameters are set to enabled and not required. The method further includes forwarding the initial security message to the server and intercepting a security response from the server. The response includes security data and security parameters set to enabled and required. The method includes extracting the security data from the security response, and using the security data to establish a secure socket connection between the proxy server and the server. Furthermore, the method alters the request by changing the security parameters to not enabled and not required, and transmits the altered request and establishes a non-secure socket connection.

17 Citations

View as Search Results

20 Claims

1. A method of securely transmitting data between a client and a server, the method comprising:
- receiving, at a client proxy, an initial security message from the client, wherein the security message is to establish security between the server and the client, and wherein the client'"'"'s security parameters are set to enabled and not required;
  
  forwarding the initial security message to the server;
  
  intercepting, at a proxy server, a security response from the server, wherein the response includes security data and security parameters set to enabled and required;
  
  extracting the security data from the security response, and using the security data to establish a secure socket connection between the proxy server and the server;
  
  altering the request by changing the security parameters to not enabled and not required; and
  
  transmitting the altered request to the client and establishing a non-secure socket connection between the proxy client and the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of securely transmitting data between a client and a server of claim 1, further comprising:
    - receiving, at the proxy client via the non-secure socket connection, a file request directed to the server; and
      
      compressing the file request and transmitting it to the proxy server.
  - 3. The method of securely transmitting data between a client and a server 2 of claim 2, further comprising:
    - decompressing, at the proxy server, the compressed file request; and
      
      transmitting the decompressed file request via the secure socket connection.
  - 4. The method of securely transmitting data between a client and a server of claim 2 or 3, wherein the socket connections are server message block (SMB) socket connections.
  - 5. The method of securely transmitting data between a client and a server of claim 2, wherein the file request is one or more of a file delete, file copy, file move, folder delete, folder copy, and folder move request.
  - 6. The method of securely transmitting data between a client and a server of claim 1, wherein the security data comprises at least one of a message authentication code (MAC), a checksum, and a session key.
  - 7. The method of securely transmitting data between a client and a server of claim 1, wherein the altered request is transmitted using the ITP transport protocol.
  - 8. The method of securely transmitting data between a client and a server of claim 1, wherein the server is a content server.
  - 9. The method of securely transmitting data between a client and a server of claim 8, wherein the content server comprises one or more of the following:
    - an email server, an FTP server, a web server, a file server, and a database server.
  - 10. The method of securely transmitting data between a client and a server of claim 1, further comprising establishing a secure socket between the proxy server and the server.
  - 11. The method of securely transmitting data between a client and a server of claim 10, further comprising:
    - transmitting a compressed version of the file request to the proxy server;
      
      decompressing, at the proxy server, the compressed version of the file request; and
      
      transmitting the decompressed file request to the server through the secure socket.
  - 12. The method of securely transmitting data between a client and a server of claim 1, wherein the proxy client and the proxy server are connected over a high latency link.
  - 13. The method of securely transmitting data between a client and a server of claim 12, wherein the high latency link comprises one or more of the following:
    - a satellite link, a cellular link, a wireless link, a Bluetooth link, and an RF link.
  - 14. The method of securely transmitting data between a client and a server of claim 1, wherein the proxy server and the server are connection over a low latency link.
  - 15. The method of securely transmitting data between a client and a server of claim 14, wherein the low latency link comprises one or more of the following:
    - a broadband link, a T1 link, a cable link, a digital subscriber line (DSL) link, and an analog DSL (ADSL) link.

16. A system for securely transmitting data between a client and a server, the system comprising:
- a client system including a proxy client configured to receive an initial security message from the client, wherein the client'"'"'s security parameters are set to enabled and not required, and to forward the initial security message;
  
  a content server configured to transmit a security response, wherein the response includes security data and security parameters set to enabled and required; and
  
  a proxy server coupled with the content server over a low latency communications link and the client system via the proxy client over a high latency communications link, the proxy server configured to intercept the security response, extract the security data from the security response, use the security data to establish a secure socket connection between the proxy server and the content server, alter the request by changing the security parameters to not enabled and not required, and transmit the altered request to the client;
  
  wherein the proxy client is further configured to establish a non-secure socket connection between the proxy client and the client.
- View Dependent Claims (17, 18)
- - 17. The system for securely transmitting data between a client and a server of claim 16, wherein the proxy client is further configured to receive via the non-secure socket connection a file request directed to the content server, compress the file request, and transmit the file request to the proxy server.
  - 18. The system for securely transmitting data between a client and a server of claim 17, wherein the proxy server is further configured to decompress the compressed file request and transmit the decompressed file request to the proxy client via the secure socket connection.

19. A machine-readable medium for securely transmitting data between a client and a server having sets of instructions which, when executed by a machine, cause the machine to:
- receive, at a client proxy, an initial security message from the client, wherein the security message is to establish security between the server and the client, and wherein the client'"'"'s security parameters are set to enabled and not required;
  
  forward the initial security message to the server;
  
  intercept, at a proxy server, a security response from the server, wherein the response includes security data and security parameters set to enabled and required;
  
  extract the security data from the security response, and using the security data to establish a secure socket connection between the proxy server and the server;
  
  alter the request by changing the security parameters to not enabled and not required; and
  
  transmit the altered request to the client and establishing a non-secure socket connection between the proxy client and the client.

20. The machine-readable medium for securely transmitting data between a client and a server, wherein the sets of instructions which when further executed by the machine, cause the machine to;
- receive, at the proxy client via the non-secure socket connection, a file request directed to the server; and
  
  compress the file request and transmitting it to the proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ViaSat Incorporated
Original Assignee
ViaSat Incorporated
Inventors
Hepburn, Matthew Ian

Granted Patent

US 8,245,287 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/12
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

SERVER MESSAGE BLOCK (SMB) SECURITY SIGNATURES SEAMLESS SESSION SWITCH

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SERVER MESSAGE BLOCK (SMB) SECURITY SIGNATURES SEAMLESS SESSION SWITCH

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links