Protocol exchange and policy enforcement for a terminal server session

US 7,941,549 B2
Filed: 09/16/2008
Issued: 05/10/2011
Est. Priority Date: 09/16/2008
Status: Active Grant

First Claim

Patent Images

1. A method of instantiating multiple protocols over a single terminal session, comprising:

receiving from a client device a request for a terminal server session;

establishing a socket connection with a terminal server over a remote access port in response to receiving the request;

instantiating a first protocol over the socket connection, further comprising establishing a security and authentication mechanism with the terminal server and transmitting a capabilities request to said terminal server after establishing the security and authentication mechanism;

receiving from said terminal server a capabilities response in response to the capabilities request;

resetting the established security and authentication mechanism by resetting a security filter and returning the terminal server to a security state before exchange of the capabilities request and the capabilities response while maintaining the socket connection;

instantiating a second protocol over the socket connection after resetting the established security and authentication mechanism; and

transmitting packets from said client device to said terminal server according to the second protocol and the capabilities response over the socket connection.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example embodiments of the present disclosure provide techniques for performing multiple protocol exchanges over a single socket connection, one preceding another, in order to provide a platform for policy exchange between terminal servers and a gateway. The protocol exchanges may occur without using additional ports while ensuring that the terminal server state is restored to the previous state. In an embodiment, such a method may adhere to terminal server security levels and perform an exchange with the terminal servers by replicating remote access security layer exchanges and authenticating the gateway to the terminal server.

Citations

18 Claims

1. A method of instantiating multiple protocols over a single terminal session, comprising:
- receiving from a client device a request for a terminal server session;
  
  establishing a socket connection with a terminal server over a remote access port in response to receiving the request;
  
  instantiating a first protocol over the socket connection, further comprising establishing a security and authentication mechanism with the terminal server and transmitting a capabilities request to said terminal server after establishing the security and authentication mechanism;
  
  receiving from said terminal server a capabilities response in response to the capabilities request;
  
  resetting the established security and authentication mechanism by resetting a security filter and returning the terminal server to a security state before exchange of the capabilities request and the capabilities response while maintaining the socket connection;
  
  instantiating a second protocol over the socket connection after resetting the established security and authentication mechanism; and
  
  transmitting packets from said client device to said terminal server according to the second protocol and the capabilities response over the socket connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein said capabilities request comprises a header, multiple protocol ID, and a multiple capabilities array.
  - 3. The method of claim 1, wherein said capabilities request comprise policies to be enforced when transmitting said packets.
  - 4. The method of claim 1, wherein the socket connection to the terminal server is mutually authenticated using Credential Security Support Provider (CredSSP).
  - 5. The method of claim 1, wherein the packets transmitted according to the second protocol are transmitted by a remote access handler.
  - 6. The method of claim 1, further comprising resetting a server state and security context after completion of said first protocol.
  - 7. The method of claim 1, further comprising:
    - resetting said second protocol;
      
      instantiating a third protocol over the socket connection; and
      
      transmitting packets according to the third protocol.
  - 8. The method of claim 7, further comprising establishing additional protocols by resetting previously instantiated protocols, instantiating a subsequent protocol, and transmitting packets according to the subsequent protocol.
  - 9. The method of claim 8, wherein, at least one of the additional protocols are exchanged with an intermediate entity.

10. A method of implementing a remote access communication session between a client device and at least one terminal server, comprising:
- establishing a first connection between a gateway server and the client device, wherein the gateway server is part of a domain and the client device is outside the domain;
  
  establishing a second connection between the gateway server and the at least one terminal server over a remote access port, wherein the at least one terminal server is part of the domain;
  
  instantiating a first protocol over the second connection;
  
  activating a security and authentication mechanism between the gateway server and the at least one terminal server over the second connection;
  
  exchanging policies between the at least one terminal server and the gateway server over the second connection, wherein policies pertain to communication between the client device and the at least one terminal server;
  
  resetting the activated security and authentication mechanism by resetting a security filter and returning the at least one terminal server to a security state before exchanging the policies while maintaining the second connection; and
  
  informing the at least one terminal server that packets over the second connection will originate from clients outside the domain.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The method of claim 10, further comprising receiving from a client device a request for a remote access communication session.
  - 12. The method of claim 11, wherein the second connection is a socket connection, further comprising transmitting a connect request.
  - 13. The method of claim 12, further comprising transmitting a protocol packet comprising a capabilities set.
  - 14. The method of claim 13, further comprising receiving a response packet comprising a capabilities array.
  - 15. The method of claim 14, further comprising instantiating a second protocol over the socket connection.
  - 16. The method of claim 15, further comprising transmitting packets according to the second protocol.

17. A computing system configured to establish a network policy for a client accessing a terminal server over a remote network connection, comprising:
- at least one processor; and
  
  a memory communicatively coupled to said at least one processor when said computing system is operational;
  
  said memory having stored therein computer instructions that upon execution by the at least one processor cause;
  
  receiving a remote connection request from a client device;
  
  establishing a socket communication connection with the terminal server over a remote access port in response to receiving the remote connection request;
  
  sending a session connection request to the terminal server over the socket communication connection;
  
  negotiating and exchanging protocol information, and establishing a security and authentication mechanism with the terminal server;
  
  exchanging remote access policies with the terminal server over the socket connection after establishing the security and authentication mechanism;
  
  resetting security and system states by resetting a security filter and returning the terminal server to a security state before exchanging the protocol information while maintaining the socket communication connection; and
  
  initiating a remote access protocol between the client and terminal server over the socket communication connection after resetting the security and system states.
- View Dependent Claims (18)
- - 18. The computing system of claim 17, wherein the terminal server is part of a domain and the client device is outside the domain, the system further configured to inform the terminal server that the client device is outside the domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ranjan, Shivesh, Yadav, Sudarshan
Primary Examiner(s)
Joo; Joshua

Application Number

US12/211,612
Publication Number

US 20100070634A1
Time in Patent Office

966 Days
Field of Search

709/221, 709/223, 709/226, 709/203, 709227-230, 370/356, 370/401, 370/431
US Class Current

709/228
CPC Class Codes

H04L 63/0869   for achieving mutual authen...

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Protocol exchange and policy enforcement for a terminal server session

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Protocol exchange and policy enforcement for a terminal server session

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links