TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION

US 20110213956A1
Filed: 02/27/2010
Published: 09/01/2011
Est. Priority Date: 02/27/2010
Status: Active Grant

First Claim

Patent Images

1. A method implemented and residing within a computer-readable storage medium that is executed by a processor, the processor configured to perform the method, comprising:

detecting a request for a secure communication session between a non-browser application and a server;

the request initiated by the non-browser application;

establishing the secure communication session between the non-browser application and the server via a browser;

mapping a session cookie that the browser uses with the secure communication session to a secure token and instructing the browser to supply the secure token to the non-browser application; and

maintaining the secure communication session after the browser is shut down by translating the secure token supplied by the non-browser application into the session cookie expected by the server.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token.

Citations

20 Claims

1. A method implemented and residing within a computer-readable storage medium that is executed by a processor, the processor configured to perform the method, comprising:
- detecting a request for a secure communication session between a non-browser application and a server;
  
  the request initiated by the non-browser application;
  
  establishing the secure communication session between the non-browser application and the server via a browser;
  
  mapping a session cookie that the browser uses with the secure communication session to a secure token and instructing the browser to supply the secure token to the non-browser application; and
  
  maintaining the secure communication session after the browser is shut down by translating the secure token supplied by the non-browser application into the session cookie expected by the server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein detecting further includes identifying the request as a request for the secure communication session to a secure socket layer (SSL) virtual private network (VPN) session between the non-browser application and the server.
  - 3. The method of claim 1, wherein establishing further includes authenticating the non-browser application via redirection of the browser to an identity service that performs authentication on behalf of the server.
  - 4. The method of claim 3, wherein mapping further includes instructing the browser to set the session cookie supplied by the server and an authentication token supplied by the identity service within the browser.
  - 5. The method of claim 1, wherein mapping further includes instructing the browser to shut down after the secure token is supplied to the non-browser application.
  - 6. The method of claim 1, wherein maintaining further includes logging the non-browser application into the secure communication session after the browser is shut down using the secure token.
  - 7. The method of claim 6, wherein logging further includes instructing the non-browser application to use a new session cookie in place of the secure token for communications after logging into the secure communication session, the new session cookie mapped to the session cookie and supplied to the server each time the non-browser application communicates during the secure communication session with the new session cookie.

8. A method implemented and residing within a computer-readable storage medium that is executed by a processor of a network to perform the method, comprising:
- requesting a secure socket layer (SSL) virtual private network (VPN) connection with a server, a request for the SSL VPN made to a browser;
  
  receiving a secret token from the browser that the browser acquired as a mapping to a session cookie for the SSL VPN connection from the server;
  
  supplying the secret token directly to the server to login and establish the SSL VPN connection with the server; and
  
  shutting down the browser while maintaining the SSL VPN connection with the server via the secret token that the server translates to the session cookie.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein requesting further includes generating the request in response to an action of a user and constructing a uniform resource locator (URL) link as the request to initiate the browser to assist in establishing the SSL VPN connection with the server.
  - 10. The method of claim 9, wherein requesting further includes interacting with the user via the browser to authenticate the user to an identity service for the SSL VPN connection.
  - 11. The method of claim 8, wherein supplying further includes receiving from the server a new cookie that is to replace the secret token after the SSL VPN connection is initially established via the secret token.
  - 12. The method of claim 11, wherein receiving further includes supplying the new cookie for each communication with the server during the SSL VPN connection.
  - 13. The method of claim 8, wherein shutting down further includes shutting down the browser based on a manual instruction from a user to close the browser.
  - 14. The method of claim 8, wherein shutting down further includes automatically shutting down the browser once the SSL VPN connection is established via the secret token.

15. A multiprocessor-implemented system, comprising:
- a non-browser application implemented in a computer-readable medium and to execute on a client of a network; and
  
  a server to execute over the network and interact with the client;
  
  wherein the non-browser application is configured to interact with a browser to establish a secure communication session with the server over the network, the server configured to interact with the browser to set a session cookie for the secure communication session and provide a secret token to the non-browser application via the browser that maps to the session cookie, the non-browser application further configured to resupply the secret token to the server independent from the browser to initiate the secure communication session with the server and the browser closed thereafter while the secure communication session continues between the non-browser application and the server.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the secure communication session is a secure socket layer (SSL) virtual private network (VPN) session with a secure communication tunnel established between the non-browser application and the server.
  - 17. The system of claim 15, wherein the server is configured to redirect the browser to an identity service to authenticate a user of the non-browser application for the secure communication session.
  - 18. The system of claim 15, wherein the server is configured to direct the browser to set the session cookie within the browser.
  - 19. The system of claim 15, wherein the server is configured to direct the non-browser application to replace the secret token with a new session cookie after the secret token is supplied at least once from the non-browser application, the non-browser application further instructed to supply the new session cookie with all communication during the secure communication session with the server.
  - 20. The system of claim 15, wherein the non-browser application is configured to close the browser once the secure communication session is established.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Burch, Lloyd Leon, Mukkara, Prakash Umasankar

Granted Patent

US 8,799,640 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR MANAGING A SECURE COMMUNICATION SESSION

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links