COMMON INTERNET FILE SYSTEM PROXY AUTHENTICATION OF MULTIPLE SERVERS

US 20170026372A1
Filed: 04/07/2016
Published: 01/26/2017
Est. Priority Date: 03/12/2009
Status: Active Grant

First Claim

Patent Images

1. A proxy system, comprising:

a processor; and

a memory containing a program, which, when executed on the processor is configured to perform an operation for authenticating a client device to a plurality of network servers, the operation comprising;

establishing a first session between the proxy system and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy system to authenticate the proxy system, as the client device, to the first network server,sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting, at the client device, to provide the authenticating information, andestablishing a second session between the proxy system and a second network server, of the plurality, using the fresh authentication request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for a proxy system to provide a client device with transparent access to multiple network file servers. The proxy system may appear to the client device as a single network file server. The proxy may be configured to forward requests received from the client device to multiple servers as well as provide responses from the server back to the client. Further, the proxy system may authenticate itself, as the client, to each of the multiple network servers using authentication credentials supplied by the client. After prompting a user to submit credentials to establish a session with a first network server, the proxy system may send a session timeout error code, prompting the client to submit a fresh authentication request used by the proxy system to establish a session with a second network server.

13 Citations

24 Claims

1. A proxy system, comprising:
- a processor; and
  
  a memory containing a program, which, when executed on the processor is configured to perform an operation for authenticating a client device to a plurality of network servers, the operation comprising;
  
  establishing a first session between the proxy system and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy system to authenticate the proxy system, as the client device, to the first network server,sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting, at the client device, to provide the authenticating information, andestablishing a second session between the proxy system and a second network server, of the plurality, using the fresh authentication request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein establishing the first session between the proxy system and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy system;
      
      forwarding the modified request to the first network server to establish a session between the proxy system and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy system; and
      
      forwarding the modified response to the client device.
  - 3. The system of claim 1, wherein establishing the second session between the proxy system and the second network server comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy system;
      
      forwarding the modified request to the second network server to establish a session between the proxy system and the second network server; and
      
      receiving a response from the second network server establishing the second session between the proxy system and the second network server.
  - 4. The system of claim 1, wherein the proxy system is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 5. The system of claim 1, wherein the proxy system is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 6. The system of claim 5, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 7. The system of claim 5, wherein the proxy system is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 8. The system of claim 1, wherein the first and second sessions between the proxy system and the first and second network servers provide access to one or more storage devices presented to the client device as a network drive on the proxy system.

9. A method for authenticating a client device to a plurality of network servers, comprising:
- establishing a first session between the proxy system and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy system to authenticate the proxy system, as the client device, to the first network server;
  
  sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting, at the client device, to provide the authenticating information; and
  
  establishing a second session between the proxy system and a second network server using the fresh authentication request.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein establishing the first session between the proxy system and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy system;
      
      forwarding the modified request to the first network server to establish a session between the proxy system and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy system; and
      
      forwarding the modified response to the client device.
  - 11. The method of claim 9, wherein establishing the second session between the proxy system and the second network server using the fresh authentication request, comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy system;
      
      forwarding the modified request to the second network server to establish a session between the proxy system and the second network server; and
      
      receiving a response from the second network server establishing the second session between the proxy system and the second network server.
  - 12. The method of claim 9, wherein the proxy system is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 13. The method of claim 9, wherein the proxy system is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 14. The method of claim 13, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 15. The method of claim 13, wherein the proxy system is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 16. The method of claim 9, wherein the first and second sessions between the proxy system and the first and second network servers provide access to one or more storage devices presented to the client device as a network drive on the proxy system.

17. A non-transitory computer-readable storage-medium containing a routing program which, when executed on a processor, performs an operation for authenticating a client device to a plurality of network servers, the operation comprising:
- establishing a first session between the proxy system and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy system to authenticate the proxy system, as the client, to the first network server;
  
  sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting, at the client device, to provide the authenticating information; and
  
  establishing a second session between the proxy system and a second network server using the fresh authentication request.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer-readable storage-medium of claim 17, wherein establishing the first session between the proxy system and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy system;
      
      forwarding the modified request to the first network server to establish a session between the proxy system and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy system; and
      
      forwarding the modified response to the client device.
  - 19. The computer-readable storage-medium of claim 17, wherein establishing the second session between the proxy system and the second network server comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy system;
      
      forwarding the modified request to the second network server to establish a session between the proxy system and the second network server; and
      
      receiving a response from the second network server establishing the second session between the proxy system and the second network server.
  - 20. The computer-readable storage-medium of claim 17, wherein the proxy system is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 21. The computer-readable storage-medium of claim 17, wherein the proxy system is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 22. The computer-readable storage-medium of claim 21, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 23. The computer-readable storage-medium of claim 21, wherein the proxy system is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 24. The computer-readable storage-medium of claim 17, wherein the first and second sessions between the proxy system and the first and second network servers provide access to one or more storage devices presented to the client device as a network drive on the proxy system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Simpkins, Richard Adam, Seitz, Matthew Eric, Liu, Zuwei

Granted Patent

US 9,866,556 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 67/01   Protocols

H04L 67/06   specially adapted for file ...

H04L 67/1001   for accessing one among a p...

H04L 67/141   Setup of application sessio...

COMMON INTERNET FILE SYSTEM PROXY AUTHENTICATION OF MULTIPLE SERVERS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

13 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

COMMON INTERNET FILE SYSTEM PROXY AUTHENTICATION OF MULTIPLE SERVERS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links