Methods, apparatuses and systems for transparently intermediating network traffic over connection-based authentication protocols
First Claim
1. A method allowing for transparent intermediation of data flows over connection-based authentication schemes, comprisingmaintaining, at a proxy server, at least one non-exclusive persistent connection to at least one origin server;
- establishing, at the proxy server, client connections with respective client devices responsive to receipt of corresponding client requests, wherein the client requests designate respective origin servers;
if the client request includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server;
for each received client request that includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server, establishing an exclusive server connection between the proxy server and the origin server, wherein the exclusive server connection is exclusively for the transaction, associated with the connection-based authentication handshake, between the client and the origin server, and is not used for any other transactions, and forwarding the client requests request to the origin server over the respective exclusive server connections;
else, multiplexing received client requests to the origin server over a selected one of the at least one non-exclusive persistent connection to the origin server, if the client requests do not include an authentication element.
12 Assignments
0 Petitions
Accused Products
Abstract
Methods, apparatuses and systems allowing for the transparent intermediation of network traffic over connection-based authentication protocols. In one embodiment, the present invention allows a proxy to be placed into an NTLM or HTLMv2 environment and have it transparently ensure that NTLM transactions are handled appropriately, such that the proxy can interact (optimize/accelerate) with the authenticated content without breaking the authentication scheme. Embodiments of the present invention provide a proxy solution that is easily deployed and transparently fits into an existing NTLM environment.
-
Citations
13 Claims
-
1. A method allowing for transparent intermediation of data flows over connection-based authentication schemes, comprising
maintaining, at a proxy server, at least one non-exclusive persistent connection to at least one origin server; -
establishing, at the proxy server, client connections with respective client devices responsive to receipt of corresponding client requests, wherein the client requests designate respective origin servers; if the client request includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server; for each received client request that includes an element associated with a connection-based authentication handshake for a transaction between the client and the origin server, establishing an exclusive server connection between the proxy server and the origin server, wherein the exclusive server connection is exclusively for the transaction, associated with the connection-based authentication handshake, between the client and the origin server, and is not used for any other transactions, and forwarding the client requests request to the origin server over the respective exclusive server connections; else, multiplexing received client requests to the origin server over a selected one of the at least one non-exclusive persistent connection to the origin server, if the client requests do not include an authentication element. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification