Method and system for reliable protocol tunneling over HTTP

US 8,504,818 B2
Filed: 07/28/2010
Issued: 08/06/2013
Est. Priority Date: 04/15/2010
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for extending functionality of a client by tunneling protocol data over a Hypertext Transfer Protocol (HTTP) through a relay server, the method comprising:

receiving a communication at the relay server, from the client, to create a relay session with a remote endpoint;

authenticating the client, wherein authenticating the client comprises sending challenge response data to the client;

configuring the relay session;

generating a session identifier for the relay session;

sending the session identifier to the client; and

transferring HTTP requests and responses to the client to exchange data with the remote endpoint, wherein the HTTP requests comprise the session identifier, the HTTP responses comprising negative HTTP responses, the negative HTTP responses being treated to re-try the HTTP requests and promote lossless data transmission over HTTP.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The embodiments described herein generally relate to methods and systems for tunneling arbitrary binary data between an HTTP endpoint and an arbitrary destination. Such tunneling of data is valuable in an environment, for example, in which a browser-based client communicates in the HTTP protocol and desires to exchange data with a remote endpoint understanding non-HTTP communications. A relay server is used as a “middle man” to connect the client to the destination, and components supporting the necessary protocols for data exchange are plugged into the relay server. To achieve reliable and ordered transmission of data, the relay server groups sessions through the assignment of session identifiers and tracks the exchange of messages through the assignment of sequence and acknowledgment numbers. Further, the relay server provides for authenticating the HTTP endpoint with the destination and for handling other operations not available in the constrained environment of the Web-based client.

101 Citations

View as Search Results

20 Claims

1. A computer-implemented method for extending functionality of a client by tunneling protocol data over a Hypertext Transfer Protocol (HTTP) through a relay server, the method comprising:
- receiving a communication at the relay server, from the client, to create a relay session with a remote endpoint;
  
  authenticating the client, wherein authenticating the client comprises sending challenge response data to the client;
  
  configuring the relay session;
  
  generating a session identifier for the relay session;
  
  sending the session identifier to the client; and
  
  transferring HTTP requests and responses to the client to exchange data with the remote endpoint, wherein the HTTP requests comprise the session identifier, the HTTP responses comprising negative HTTP responses, the negative HTTP responses being treated to re-try the HTTP requests and promote lossless data transmission over HTTP.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the session identifier is used to group requests belonging to the same relay session.
  - 3. The method of claim 2, wherein the session identifier is generated by a cryptographic random number generator.
  - 4. The method of claim 1, wherein sequence numbers and acknowledgement numbers are assigned to HTTP requests and responses belonging to the same session.
  - 5. The method of claim 1, wherein initial requests and responses initiate the relay session, and wherein subsequent HTTP requests transfer Session Initiation Protocol (SIP) data via HTTP to the remote endpoint via the relay server.
  - 6. The method of claim 5, where the SIP data is transferred via HTTP onto a transport mechanism, and wherein the transport mechanism comprises one from the group consisting of:
    - Transmission Control Protocol (TCP), User Datagram Protocol (UDP), or Transport Layer Security (TLS).
  - 7. The method of claim 1, wherein initial requests and responses initiate the relay session, and wherein subsequent HTTP requests transfer Remote Desktop Protocol (RDP) data via HTTP to the remote endpoint via the relay server.
  - 8. The method of claim 7, wherein the RDP data is transferred via HTTP onto a transport mechanism, and wherein the transport mechanism comprises one from the group consisting of:
    - RTP/SRTP, TLS, UDP, or TCP.

9. One or more computer storage media not consisting of a signal, the one or more computer storage media storing computer-executable instructions that when executed by a processor perform a method for extending functionality of a client by tunneling protocol data over the Hypertext Transfer Protocol (HTTP) through a relay server, the method comprising:
- receiving a communication at the relay server, from the client, to create a relay session with a remote endpoint;
  
  authenticating the client, wherein authenticating the client comprises sending challenge response data to the client;
  
  configuring the relay session;
  
  generating a session identifier for the relay session;
  
  assigning the session identifier to the client;
  
  transferring HTTP requests to exchange data with the remote endpoint, wherein the HTTP requests comprise the session identifier and a sequence number, and wherein the sequence number is received by the relay server as an HTTP header;
  
  transferring HTTP requests and responses to the client, wherein the HTTP requests to the client comprise the session identifier, the HTTP responses comprising negative HTTP responses, the negative HTTP responses being treated to re-try the HTTP requests and promote lossless data transmission over HTTP;
  
  consuming, by the relay server, the sequence number;
  
  generating an acknowledgment number; and
  
  passing the acknowledgment number with an HTTP response to the client.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The one or more computer storage media not consisting of a signal of claim 9, further comprising:
    - using the session identifier to group requests belonging to the same relay session, wherein a group of requests comprises RDP requests.
  - 11. The one or more computer storage media not consisting of a signal of claim 9, wherein the session identifier is a GUID.
  - 12. The one or more computer storage media not consisting of a signal of claim 9, wherein the authenticating is performed with an authentication broker at the relay server.
  - 13. The one or more computer storage media not consisting of a signal of claim 9, wherein the protocol data tunneled over HTTP comprises arbitrary protocol data.
  - 14. The one or more computer storage media not consisting of a signal of claim 9, wherein the protocol data comprises one or more from the group consisting of:
    - Remote Desktop Protocol (RDP) data and Session Initiation Protocol (SIP) data.
  - 15. The one or more computer storage media not consisting of a signal of claim 14, further comprising:
    - tunneling the RDP data using a first transport mechanism; and
      
      tunneling the SIP data using a second transport mechanism, wherein the first transport mechanism comprises SRTP, and wherein the second transport mechanism comprises TLS.

16. A system configured to tunnel protocol data over the Hypertext Transfer Protocol (HTTP) through a relay server between a client and a remote endpoint, the system comprising:
- a processor; and
  
  memory coupled to the processor, the memory comprising computer program instructions executable by the processor to provide;
  
  a session management component within the relay server, wherein the session management component generates a session identifier (session ID) to group HTTP requests and returns the session ID to the client;
  
  a relay engine component within the relay server, wherein the relay engine component assigns one or more sequence numbers and one or more acknowledgment numbers to HTTP requests and responses, the HTTP responses comprising negative HTTP responses, the negative HTTP responses being treated to re-try the HTTP requests and promote lossless data transmission over HTTP;
  
  a platform services component within the relay server, wherein the platform services component enables authentication of the client to extend functionality of the client; and
  
  a plug-in transport module within the relay server, wherein the plug-in transport module supports the protocol data tunneling.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system of claim 16, wherein the data tunneled over the HTTP protocol through the relay server comprises one or more from the group consisting of:
    - SIP and RDP data.
  - 18. The system of claim 17, wherein the data comprises SIP data, and wherein the plug-in transport module comprises one from the group consisting of:
    - TLS/SSL, TCP, or UDP.
  - 19. The system of claim 16, wherein arbitrary binary data is tunneled over HTTP onto a transport mechanism, and wherein the transport mechanism comprises one from the group consisting of:
    - Real-Time Transport Protocol (RTP)/Secure Real-Time Transport Protocol (SRTP), UDP, TCP or TLS.
  - 20. The system of claim 16, wherein the protocol data comprises RDP data, and wherein the plug-in transport module comprises one from the group consisting of:
    - RTP/SRTP, UDP, TCP, or TLS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Rao, Deepak, Tan, Lei, Guo, Xin
Primary Examiner(s)
SHEHNI, GHAZAL B

Application Number

US12/845,620
Publication Number

US 20110258432A1
Time in Patent Office

1,105 Days
Field of Search

713151-152, 709225-226, 709/229
US Class Current

713/150
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 63/168   above the transport layer

Method and system for reliable protocol tunneling over HTTP

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

101 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for reliable protocol tunneling over HTTP

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links