Methods, apparatuses and systems for transparently intermediating network traffic over connection-based authentication protocols

US 7,343,398 B1
Filed: 09/04/2002
Issued: 03/11/2008
Est. Priority Date: 09/04/2002
Status: Active Grant

First Claim

Patent Images

1. A method allowing for transparent intermediation of data flows over connection-based authentication schemes, comprisingmaintaining, at a proxy server, at least one non-exclusive persistent connection to at least one origin server;

establishing, at the proxy server, client connections with respective client devices responsive to receipt of corresponding client requests, wherein the client requests designate respective origin servers;

if the client request includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server;

for each received client request that includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server, establishing an exclusive server connection between the proxy server and the origin server, wherein the exclusive server connection is exclusively for the transaction, associated with the connection-based authentication handshake, between the client and the origin server, and is not used for any other transactions, and forwarding the client requests request to the origin server over the respective exclusive server connections;

else, multiplexing received client requests to the origin server over a selected one of the at least one non-exclusive persistent connection to the origin server, if the client requests do not include an authentication element.

View all claims

12 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses and systems allowing for the transparent intermediation of network traffic over connection-based authentication protocols. In one embodiment, the present invention allows a proxy to be placed into an NTLM or HTLMv2 environment and have it transparently ensure that NTLM transactions are handled appropriately, such that the proxy can interact (optimize/accelerate) with the authenticated content without breaking the authentication scheme. Embodiments of the present invention provide a proxy solution that is easily deployed and transparently fits into an existing NTLM environment.

Citations

13 Claims

1. A method allowing for transparent intermediation of data flows over connection-based authentication schemes, comprisingmaintaining, at a proxy server, at least one non-exclusive persistent connection to at least one origin server;
- establishing, at the proxy server, client connections with respective client devices responsive to receipt of corresponding client requests, wherein the client requests designate respective origin servers;
  
  if the client request includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server;
  
  for each received client request that includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server, establishing an exclusive server connection between the proxy server and the origin server, wherein the exclusive server connection is exclusively for the transaction, associated with the connection-based authentication handshake, between the client and the origin server, and is not used for any other transactions, and forwarding the client requests request to the origin server over the respective exclusive server connections;
  
  else, multiplexing received client requests to the origin server over a selected one of the at least one non-exclusive persistent connection to the origin server, if the client requests do not include an authentication element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1 wherein the at least one non-exclusive connection is a persistent HTTP connection.
  - 3. The method of claim 1 wherein the exclusive server connection is a persistent connection.
  - 4. The method of claim 1 wherein the exclusive server connection is a persistent HTTP connection.
  - 5. The method of claim 1 further comprising closing the exclusive server connection when the client connection is closed.
  - 6. The method of claim 1 wherein the connection-based authentication scheme is NTLM.
  - 7. The method of claim 6 wherein the element comprises an element associated with an NTLM authentication handshake.
  - 8. The method of claim 7 wherein the element comprises an NTLM header.
  - 9. The method of claim 8 wherein the NTLM header comprises a NLTM authorization message.
  - 10. The method of claim 1 further comprisingforwarding subsequent client requests received over the client connection to the origin server over the exclusive server connection.
  - 11. The method of claim 5 further comprisingforwarding subsequent client requests received over the client connection to the origin server over the exclusive server connection.
  - 12. The method of claim 1 further comprisingreceiving a response to the client request from the origin server over the exclusive server connection;
    - andforwarding the response to the client over the client connection.
  - 13. The method of claim 12 further comprisingdetecting at least one attribute associated with the client device;
    - optimizing the response receive from the origin server based on the at least one attribute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Packeteer Incorporated (Gen Digital Inc.)
Inventors
Lownsbrough, Derek Leigh
Primary Examiner(s)
Follansbee; John
Assistant Examiner(s)
Chou; Alan S

Application Number

US10/234,661
Time in Patent Office

2,015 Days
Field of Search

709/229, 726/3, 726 5- 8, 726/10
US Class Current

709/218
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0884   by delegation of authentica...

H04L 63/166   at the transport layer

Methods, apparatuses and systems for transparently intermediating network traffic over connection-based authentication protocols

First Claim

12 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatuses and systems for transparently intermediating network traffic over connection-based authentication protocols

First Claim

12 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links