METHODS, SERVER AND PROXY AGENT FOR DYNAMICALLY SETTING UP A SESSION BETWEEN A TARGET RESOURCE IN A PRIVATE NETWORK AND AN APPLICATION ON A DEVICE
First Claim
1. A method in a server of a private network for dynamically setting up a session between a target resource in the private network and an application on a device, wherein the device belongs to the private network but may be located remotely from the private network, the method comprisesreceiving from the application a request to get the target resource in the private network,checking if a user of the device is authorized to access the server,identifying a session anchor,instantiating a proxy agent within the private network with address information of the identified session anchor such that the proxy agent can establish a connection to the session anchor identified by said address information,receiving a session Universal Resource Locator, URL, in response to said instantiating and performing a mapping between a URL of the target resource and a session URL issued by said session anchor, anddetermining whether the device and the target resource are on the same Local Area Network, LAN, such that the application can access the target resource directly if they are on the same LAN, or such that the application can access the target resource via the session anchor by using the session URL if they are not on the same LAN.
1 Assignment
0 Petitions
Accused Products
Abstract
An object of embodiments of the present invention is to establish a secure connection from a device to a private network, to which the device belongs, when the device may be located remotely from the private network. This is achieved by locating a server in the private network while reusing existing authorization mechanisms in the network. A target resource is in this private network and a device located outside the private network can access the target resource by using the server and a proxy agent which intermediates a request from the device by using a one time session URL.
-
Citations
16 Claims
-
1. A method in a server of a private network for dynamically setting up a session between a target resource in the private network and an application on a device, wherein the device belongs to the private network but may be located remotely from the private network, the method comprises
receiving from the application a request to get the target resource in the private network, checking if a user of the device is authorized to access the server, identifying a session anchor, instantiating a proxy agent within the private network with address information of the identified session anchor such that the proxy agent can establish a connection to the session anchor identified by said address information, receiving a session Universal Resource Locator, URL, in response to said instantiating and performing a mapping between a URL of the target resource and a session URL issued by said session anchor, and determining whether the device and the target resource are on the same Local Area Network, LAN, such that the application can access the target resource directly if they are on the same LAN, or such that the application can access the target resource via the session anchor by using the session URL if they are not on the same LAN.
-
6. A method in a proxy agent of a private network for dynamically setting up a session between a target resource in the private network and an application on a device, wherein the device belongs to the private network but may be located remotely from the private network, the application sends a request to a server in the private network to get the target resource and the server is configured to authorize a user of the device to authorize access to the server and a Universal Resource Locator, URL, of a session anchor is identified by the server, the method comprising:
-
receiving a request to instantiate the proxy agent with address information of the identified session anchor, sending a session request to the session anchor, receiving a session URL from the session anchor and storing a mapping between said session URL and the target resource, sending the session URL to the server, such that the server can forward the session URL to the client, receiving a request from the client via the session URL of the session anchor to get the target resource, mapping the session URL to the URL of the target resource, and sending a request to get the target resource, such that the target resource can be sent to the client.
-
- 9. A server of a private network for dynamically setting up a session between a target resource in the private network and an application on a device, wherein the device belongs to the private network but may be located remotely from the private network, the server comprises an input/output section configured to receive from the application a request to get the target resource in the private network, and a processor configured to check if a user of the device is authorized to access the server to identify a session anchor to instantiate a proxy agent within the private network with address information of the identified session anchor such that the proxy agent can establish a connection to the session anchor identified by said address information, wherein the input/output section is further configured to receive a session Universal Resource Locator, URL, in response to said instantiating and performing a mapping between a URL of the target resource and a session URL issued by said session anchor, and wherein the processor is further configured to determine whether the device and the target resource are on the same Local Area Network, LAN, such that the application can access the target resource directly if they are on the same LAN, or such that the application can access the target resource via the session anchor by using the session URL if they are not on the same LAN.
- 14. A proxy agent of a private network for dynamically setting up a session between a target resource in the private network and an application on a device, wherein the device belongs to the private network but may be located remotely from the private network, the application is configured to send a request to a server in the private network to get the target resource and the server is configured to authorize a user of the device to authorize access to the server and a Universal Resource Locator, URL of a session anchor is identified by the server, the proxy agent comprising an input/output section configured to receive a request to instantiate the proxy agent with address information of the identified session anchor, to send a session request to the session anchor, and to receive a session URL from the session anchor, wherein the proxy agent further comprises a memory configured to store a mapping between said session URL and the target resource, and the input/output section is further configured to send the session URL to the server, such that the server can forward the session URL to the client, and to receive a request from the client via the session URL of the session anchor to get the target resource, wherein the proxy agent further comprises a processor configured to map the session URL to the URL of the target resource, and the input/output section is further configured to send a request to get the target resource, such that the target resource can be sent to the client.
Specification
-
- Resources
-
Current AssigneeTelefonaktiebolaget LM Ericsson
-
Original AssigneeTelefonaktiebolaget LM Ericsson
-
InventorsYasukawa, Kenta, Avesand, Stefan, Hjelm, Johan, Matsumura, Takeshi, Murakami, Shingo, Oda, Toshikane
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current726/4
-
CPC Class CodesH04L 61/2567 for reachability, e.g. inqu...H04L 61/2589 over a relay server, e.g. t...H04L 63/10 for controlling access to d...H04L 67/02 based on web technology, e....H04L 67/14 Session management for real...H04L 67/563 Data redirection of data ne...
