PROTOCOL EXCHANGE AND POLICY ENFORCEMENT FOR A TERMINAL SERVER SESSION

US 20100070634A1
Filed: 09/16/2008
Published: 03/18/2010
Est. Priority Date: 09/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method of instantiating multiple protocols over a single terminal server session, comprising:

receiving from a client device a request for a terminal server session;

establishing a socket connection with a one terminal server over a remote access port;

instantiating a first protocol over the socket connection, comprising establishing a security and authentication mechanism and transmitting a capabilities request to said terminal server;

receiving from said terminal server a capabilities response;

resetting the established security and authentication mechanism;

instantiating a second protocol over the socket connection; and

transmitting packets to said terminal server according to the second protocol and the capabilities response.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of the present disclosure provide techniques for performing multiple protocol exchanges over a single socket connection, one preceding another, in order to provide a platform for policy exchange between terminal servers and a gateway. The protocol exchanges may occur without using additional ports while ensuring that the terminal server state is restored to the previous state. In an embodiment, such a method may adhere to terminal server security levels and perform an exchange with the terminal servers by replicating remote access security layer exchanges and authenticating the gateway to the terminal server.

47 Citations

View as Search Results

20 Claims

1. A method of instantiating multiple protocols over a single terminal server session, comprising:
- receiving from a client device a request for a terminal server session;
  
  establishing a socket connection with a one terminal server over a remote access port;
  
  instantiating a first protocol over the socket connection, comprising establishing a security and authentication mechanism and transmitting a capabilities request to said terminal server;
  
  receiving from said terminal server a capabilities response;
  
  resetting the established security and authentication mechanism;
  
  instantiating a second protocol over the socket connection; and
  
  transmitting packets to said terminal server according to the second protocol and the capabilities response.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said capabilities request comprises a header, multiple protocol ID, and a multiple capabilities array.
  - 3. The method of claim 1, wherein said capabilities comprise policies to be enforced when transmitting said packets.
  - 4. The method of claim 1, wherein the connection to the terminal server is mutually authenticated using CredSSP.
  - 5. The method of claim 1, wherein packets transmitted according to said first protocol packets are transmitted by a remote access handler.
  - 6. The method of claim 1, further comprising resetting a server state and security context after completion of said first protocol.
  - 7. The method of claim 1, further comprising:
    - resetting said second protocol;
      
      instantiating a third protocol over the socket connection; and
      
      transmitting packets according to the third protocol.
  - 8. The method of claim 7, further comprising repeating the steps of resetting, instantiating, and transmitting until a remote access protocol is instantiated.
  - 9. The method of claim 8, wherein prior to establishing the remote access protocol, at least one protocol is exchanged with an intermediate entity.
  - 10. The method of claim 9, wherein protocols exchanged prior to the remote access protocol is enforced with packets transmitted according to the remote access protocol.

11. A method of implementing a remote access communication session between a client device and at least one terminal server, comprising:
- establishing a first connection between a gateway server and the client device, wherein the gateway server is part of a corporate network and the client device is outside the corporate network;
  
  establishing a second connection between the gateway server and a terminal server over a remote access port;
  
  exchanging policies between the terminal server and the gateway server, wherein the policies are to be enforced for communication between the client and the terminal server andinforming the terminal server that packets over the second connection will originate from clients outside the corporate network.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The method of claim 11, further comprising receiving from a client device a request for a remote access communication session.
  - 13. The method of claim 12, wherein the second connection is a socket connection, further comprising transmitting a connect request and activating a security and authentication mechanism.
  - 14. The method of claim 13, further comprising transmitting a protocol packet comprising a capabilities set.
  - 15. The method of claim 14, further comprising receiving a response packet comprising a capabilities array.
  - 16. The method of claim 15, further comprising resetting the security and authentication mechanism.
  - 17. The method of claim 16, further comprising instantiating a second protocol over the socket connection.
  - 18. The method of claim 16, further comprising transmitting packets according to the second protocol.

19. A computing system adapted to establish a network policy for a client accessing a terminal server over a remote network connection, comprising:
- a server; and
  
  computing memory communicatively coupled to said server, the computing memory having stored therein a software application adapted to perform the following;
  
  receiving a remote connection request from a client device;
  
  establishing a socket communication connection with a terminal server over a remote access port;
  
  exchanging a session connection request with the terminal server;
  
  negotiating and exchanging protocol, security and authentication information with the terminal server;
  
  exchanging remote access policies with the terminal server;
  
  resetting security and system states while maintaining the socket communication connection; and
  
  initiating a remote access protocol between the client and the terminal server.
- View Dependent Claims (20)
- - 20. The computing system of claim 19, wherein the terminal server is part of a corporate network and the client device is outside the corporate network, the system further adapted to inform the terminal server that the client device is outside the corporate network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ranjan, Shivesh, Yadav, Sudarshan

Granted Patent

US 7,941,549 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/228
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

PROTOCOL EXCHANGE AND POLICY ENFORCEMENT FOR A TERMINAL SERVER SESSION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

PROTOCOL EXCHANGE AND POLICY ENFORCEMENT FOR A TERMINAL SERVER SESSION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links