Secure traversal of network components

US 7,661,129 B2
Filed: 02/26/2002
Issued: 02/09/2010
Est. Priority Date: 02/26/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a client to a content server comprising the steps of:

generating, by a ticket authority, a ticket associated with said client, said ticket comprising a first ticket and a second ticket wherein said second ticket is disabled from use, said disabled second ticket validated by said ticket authority after the second ticket is enabled by said ticket authority;

transmitting, by said ticket authority, said first ticket to said client;

validating, by said ticket authority, said first ticket;

using, by said client, said first ticket to establish a communication session with a content server proxy after said first ticket is validated;

enabling, by said ticket authority, said second ticket for use upon said validation of said first ticket, said enabled second ticket validated by said ticket authority; and

using, by said content server proxy, said enabled second ticket to establish a communication session with said content server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for authenticating a client to a content server. A ticket authority generates a ticket associated with the client. The ticket comprises a first ticket and a second ticket. The ticket authority transmits the first ticket to the client and the client uses the first ticket to establish a communication session with an content server proxy. The ticket authority then transmits a second ticket to the content server proxy and the content server proxy uses the second ticket to establish a communication session with the content server.

273 Citations

67 Claims

1. A method of authenticating a client to a content server comprising the steps of:
- generating, by a ticket authority, a ticket associated with said client, said ticket comprising a first ticket and a second ticket wherein said second ticket is disabled from use, said disabled second ticket validated by said ticket authority after the second ticket is enabled by said ticket authority;
  
  transmitting, by said ticket authority, said first ticket to said client;
  
  validating, by said ticket authority, said first ticket;
  
  using, by said client, said first ticket to establish a communication session with a content server proxy after said first ticket is validated;
  
  enabling, by said ticket authority, said second ticket for use upon said validation of said first ticket, said enabled second ticket validated by said ticket authority; and
  
  using, by said content server proxy, said enabled second ticket to establish a communication session with said content server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 wherein, prior to generating said ticket associated with said client, said client is authenticated to a web server.
  - 3. The method of claim 1 wherein said ticket authority transmits said first ticket to a web server and said web server transmits said first ticket to said client
  - 4. The method of claim 1 wherein said client transmits said first ticket to said content server proxy.
  - 5. The method of claim 1 wherein said content server proxy transmits said first ticket to said ticket authority and said ticket authority transmits said second ticket to said content server proxy upon validation of said first ticket.
  - 6. The method of claim 1 wherein said content server proxy transmits said second ticket to said content server upon said enabling of said second ticket
  - 7. The method of claim 1 wherein said content server validates said second ticket with said ticket authority.
  - 8. The method of claim 7 wherein said content server makes a request to said ticket authority to validate said second ticket
  - 9. The method of claim 7 wherein said ticket authority pushes said second ticket to said content server for validation.
  - 10. The method of claim 1 wherein said ticket authority transmits said second ticket to a web server and said web server pushes said second ticket to said content server for validation.
  - 11. The method of claim 1 wherein said ticket authority transmits said first ticket and said disabled second ticket to a web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 12. The method of claim 11 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 13. The method of claim 1 further comprising transmitting said disabled second ticket to at least one of said content server proxy and a web server.
  - 14. The method of claim 1 further comprising transmitting said enabled second ticket to said content server proxy.
  - 15. The method of claim 1 wherein a communication session protocol is established between said client and said content server.
  - 16. The method of claim 1 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said content server proxy and said content server, said client communicating with said content server via said first communication session and said second communication session.
  - 17. The method of claim 16 wherein said first communication session protocol is different from said second communication session protocol.
  - 18. The method of claim 1 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said client and a web server.
  - 19. The method of claim 18 wherein said first communication session protocol is different from said second communication session protocol.
  - 20. The method of claim 1 wherein said client comprises a web based browser.
  - 21. The method of claim 1 wherein said content server proxy is a secure socket layer relay.
  - 22. The method of claim 1 wherein said transmitting of said second ticket to said content server proxy further comprises transmitting an address of said content server to said content server proxy.

23. A system for authenticating a user comprising:
- a client;
  
  a ticket authority;
  
  a content server; and
  
  a content server proxy in communication with said client, said ticket authority, and said content server,wherein said ticket authority generates a first ticket and a second ticket, said second ticket is generated before said first ticket is validated by the ticket authority and said second ticket is disabled from use, said disabled second ticket validated by said ticket authority after the second ticket is enabled by said ticket authority;
  
  wherein said first ticket is transmitted to said client and used to establish a first communication session with said content server proxy, andwherein said second ticket is transmitted to said content server proxy and used to establish a second communication session with said content server.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 24. The system of claim 23 wherein, prior to said ticket authority generating said ticket associated with said client, said client is authenticated to a web server.
  - 25. The system of claim 23 wherein said ticket authority transmits said first ticket to a web server and said web server transmits said first ticket to said client.
  - 26. The system of claim 23 wherein said client transmits said first ticket to said content server proxy.
  - 27. The system of claim 23 wherein said content server proxy transmits said first ticket to said ticket authority and said ticket authority transmits said second ticket to said content server proxy.
  - 28. The system of claim 23 wherein said content server proxy transmits said second ticket to said content server.
  - 29. The system of claim 23 wherein said content server validates said second ticket with said ticket authority.
  - 30. The system of claim 29 wherein said content server makes a request to said ticket authority to validate said second ticket.
  - 31. The system of claim 29 wherein said ticket authority pushes said second ticket to said content server for validation.
  - 32. The system of claim 23 wherein said ticket authority transmits said second ticket to a web server and said web server pushes said second ticket to said content server for validation.
  - 33. The system of claim 23 wherein the second ticket is disabled and transmitted with said first ticket to said client.
  - 34. The system of claim 33 wherein said ticket authority transmits said first ticket and said disabled second ticket to a web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 35. The system of claim 33 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 36. The system of claim 33 wherein said content server proxy transmits said first ticket and said disabled second ticket to said ticket authority and said ticket authority enables said disabled second ticket.
  - 37. The system of claim 36 further comprising transmitting said enabled second ticket to said content server proxy.
  - 38. The system of claim 23 wherein a communication session protocol is established between said client and said content server.
  - 39. The system of claim 23 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said content server proxy and said content server.
  - 40. The system of claim 39 wherein said first communication session protocol is different from said second communication session protocol.
  - 41. The system of claim 23 wherein a first communication session protocol is established between said client and said content server proxy and a second communication session protocol is established between said client and a web server.
  - 42. The system of claim 41 wherein said first communication session protocol is different from said second communication session protocol.
  - 43. The system of claim 23 wherein said client comprises a web based browser.
  - 44. The system of claim 23 wherein said content server proxy is a secure socket layer relay.

45. A system for authenticating a user comprising:
- a client;
  
  a ticket authority generating a first ticket and a second ticket wherein said second ticket is generated before said first ticket is validated and said second ticket disabled from use, said disabled second ticket validated by said ticket authority after the second ticket is enabled by said ticket authority;
  
  a content server;
  
  a content server proxy in communication with said client, said ticket authority, and said content server and receiving said first ticket; and
  
  a web server in communication with said client and said ticket authority,wherein said content server proxy establishes a first communication session between said client and said content server proxy after said ticket authority validates said first ticket,wherein said ticket authority enables said second ticket after said validation of said first ticket, said enabled second ticket validated by said ticket authority, andwherein said content server proxy uses said enabled second ticket to establish a second communication session with a protocol different from said first communication session protocol.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66)
- - 46. The system of claim 45 wherein said client is authenticated to said web server.
  - 47. The system of claim 45 wherein said ticket authority transmits said first ticket to said web server.
  - 48. The system of claim 45 wherein said web server transmits said first ticket to said client.
  - 49. The system of claim 45 wherein said client transmits said first ticket to said content server proxy.
  - 50. The system of claim 45 wherein said content server proxy transmits said first ticket to said ticket authority.
  - 51. The system of claim 45 wherein said ticket authority transmits said enabled second ticket to said content server proxy.
  - 52. The system of claim 45 wherein said content server proxy transmits said enabled second ticket to said content server.
  - 53. The system of claim 45 wherein said content server validates said enabled second ticket with said ticket authority.
  - 54. The system of claim 53 wherein said content server makes a request to said ticket authority to validate said enabled second ticket.
  - 55. The system of claim 53 wherein said ticket authority pushes said enabled second ticket to said content server for validation.
  - 56. The system of claim 45 wherein said ticket authority transmits said second ticket to said web server and said web server pushes said second ticket to said content server for validation.
  - 57. The system of claim 45 wherein the second ticket is disabled and transmitted with said first ticket to said client.
  - 58. The system of claim 57 wherein said ticket authority transmits said first ticket and said disabled second ticket to said web server and said web server transmits said first ticket and said disabled second ticket to said client.
  - 59. The system of claim 57 wherein said client transmits said first ticket and said disabled second ticket to said content server proxy.
  - 60. The system of claim 57 wherein said content server proxy transmits said first ticket and said disabled second ticket to said ticket authority and said ticket authority enables said disabled second ticket.
  - 61. The system of claim 60 further comprising transmitting said enabled second ticket to said content server proxy.
  - 62. The system of claim 45 wherein a communication session protocol is established between said client and said content server.
  - 63. The system of claim 45 wherein a third communication session protocol is established between said content server proxy and said content server.
  - 64. The system of claim 63 wherein said first communication session protocol is different from said third communication session protocol.
  - 65. The system of claim 45 wherein said client comprises a web based browser.
  - 66. The system of claim 45 wherein said content server proxy is a secure socket layer relay.

67. A system for authenticating a user comprising:
- means for generating, by a ticket authority, a first ticket and a second ticket, wherein said second ticket is generated before said first ticket is validated by the ticket authority and said second ticket disabled from use, said disabled second ticket validated by said ticket authority after the second ticket is enabled by said ticket authority;
  
  means for transmitting, by said ticket authority, said first ticket to said client;
  
  means for using, by said client, said first ticket to establish a first communication session with a content server proxy;
  
  means for transmitting, by said ticket authority, said second ticket to said content server proxy; and
  
  means for using, by said content server proxy, said second ticket to establish a second communication session with a content server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Panasyuk, Anatoliy, Pedersen, Bradley Jay, Kramer, Andre
Primary Examiner(s)
Henning; Matthew T

Application Number

US10/083,324
Publication Number

US 20030163569A1
Time in Patent Office

2,905 Days
Field of Search

713/155, 713/168, 713/175, 726/8, 726/10
US Class Current

726/10
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04L 63/0838 using one-time-passwords

Secure traversal of network components

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

273 Citations

67 Claims

Specification

Solutions

Use Cases

Quick Links

Secure traversal of network components

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

273 Citations

67 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links