Techniques for managing a secure communication session

US 8,799,640 B2
Filed: 02/27/2010
Issued: 08/05/2014
Est. Priority Date: 02/27/2010
Status: Expired due to Fees

First Claim

Patent Images

1. A method implemented and residing within a computer-readable storage medium that is executed by a processor of a server, the processor configured to perform the method, comprising:

detecting, by the server, a request for a secure communication session between a non-browser application and a server;

the request initiated by the non-browser application;

establishing, by the server, the secure communication session between the non-browser application and the server via a browser, the browser acts as an intermediary to initially establish the secure communication session and the secure communication session uses encryption, wherein the browser acts as an intermediary by acquiring a secure token and supplying the secure token to the non-browser application before the browser shuts down, the non-browser application includes an interface to interact with the browser but does not require the browser and is not embedded within the browser;

mapping, by a server, a session cookie that the browser uses with the secure communication session to the secure token and instructing the browser to supply the secure token to the non-browser application; and

maintaining, by the server, the secure communication session after the browser is shut down by translating the secure token, by the server, into the session cookie expected by the server, wherein the secure token is supplied by the non-browser application, the server maintains the session cookie and its mapping to the secure token and when the secure token is supplied by the non-browser application, the server translates the secure token to the session cookie allowing the secure communication session to continue unabated without the presence of the browser.

View all claims

16 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for managing a secure communication session are provided. A non-browser application utilizes a browser to establish a secure communication session with a server. The session cookie set in the browser is mapped by the server to a secret token that is supplied via the browser to the non-browser application. The browser is then closed and the secure communication session between the server and the non-browser application continues unabated via the secret token.

10 Citations

View as Search Results

20 Claims

1. A method implemented and residing within a computer-readable storage medium that is executed by a processor of a server, the processor configured to perform the method, comprising:
- detecting, by the server, a request for a secure communication session between a non-browser application and a server;
  
  the request initiated by the non-browser application;
  
  establishing, by the server, the secure communication session between the non-browser application and the server via a browser, the browser acts as an intermediary to initially establish the secure communication session and the secure communication session uses encryption, wherein the browser acts as an intermediary by acquiring a secure token and supplying the secure token to the non-browser application before the browser shuts down, the non-browser application includes an interface to interact with the browser but does not require the browser and is not embedded within the browser;
  
  mapping, by a server, a session cookie that the browser uses with the secure communication session to the secure token and instructing the browser to supply the secure token to the non-browser application; and
  
  maintaining, by the server, the secure communication session after the browser is shut down by translating the secure token, by the server, into the session cookie expected by the server, wherein the secure token is supplied by the non-browser application, the server maintains the session cookie and its mapping to the secure token and when the secure token is supplied by the non-browser application, the server translates the secure token to the session cookie allowing the secure communication session to continue unabated without the presence of the browser.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein detecting further includes identifying the request as a request for the secure communication session to a secure socket layer (SSL) virtual private network (VPN) session between the non-browser application and the server.
  - 3. The method of claim 1, wherein establishing further includes authenticating the non-browser application via redirection of the browser to an identity service that performs authentication on behalf of the server.
  - 4. The method of claim 3, wherein mapping further includes instructing the browser to set the session cookie supplied by the server and an authentication token supplied by the identity service within the browser.
  - 5. The method of claim 1, wherein mapping further includes instructing the browser to shut down after the secure token is supplied to the non-browser application.
  - 6. The method of claim 1, wherein maintaining further includes logging the non-browser application into the secure communication session after the browser is shut down using the secure token.
  - 7. The method of claim 6, wherein logging further includes instructing the non-browser application to use a new session cookie in place of the secure token for communications after logging into the secure communication session, the new session cookie mapped to the session cookie and supplied to the server each time the non-browser application communicates during the secure communication session with the new session cookie.

8. A method implemented and residing within a computer-readable storage medium that is executed by a processor of a network to perform the method on a client, comprising:
- requesting, by the client, a secure socket layer (SSL) virtual private network (VPN) connection with a server, a request for the SSL VPN made to a browser;
  
  receiving, by the client, a secret token from the browser that the browser acquired as a mapping to a session cookie for the SSL VPN connection from the server;
  
  supplying, by the client, the secret token directly to the server to login and establish the SSL VPN connection with the server, the browser acts as an intermediary to initially establish the SSL VPN connection and SSL VPN connection uses encryption, the browser acquires the secret token from the server and supplies the secret token to the client and then the browser shuts down;
  
  shutting down, by the client, the browser while maintaining the SSL VPN connection with the server via the secret token that the server translates to the session cookie, the server maintains the session cookie without the presence of the browser and when the browser is shut down using the secret token supplied to the server and the server dynamically translates the secret token into the session cookie; and
  
  processing, by the client, the method independent of the browser.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of claim 8, wherein requesting further includes generating the request in response to an action of a user and constructing a uniform resource locator (URL) link as the request to initiate the browser to assist in establishing the SSL VPN connection with the server.
  - 10. The method of claim 9, wherein requesting further includes interacting with the user via the browser to authenticate the user to an identity service for the SSL VPN connection.
  - 11. The method of claim 8, wherein supplying further includes receiving from the server a new cookie that is to replace the secret token after the SSL VPN connection is initially established via the secret token.
  - 12. The method of claim 11, wherein receiving further includes supplying the new cookie for each communication with the server during the SSL VPN connection.
  - 13. The method of claim 8, wherein shutting down further includes shutting down the browser based on a manual instruction from a user to close the browser.
  - 14. The method of claim 8, wherein shutting down further includes automatically shutting down the browser once the SSL VPN connection is established via the secret token.

15. A multiprocessor-implemented system, comprising:
- a non-browser application implemented in a computer-readable medium and to execute on a client of a network; and
  
  a server to execute over the network and interact with the client;
  
  wherein the non-browser application is configured to interact with a browser to establish a secure communication session with the server over the network, the browser acts as an intermediary to initially establish the secure communication session and the secure communication session uses encryption, the browser acts as an intermediary by acquiring a secret token from the server and supplying the secret token to the non-browser application and then the browser shuts down, the non-browser application includes an interface to interact with the browser but does not require the browser and is not embedded within the browser, the server configured to interact with the browser to set a session cookie for the secure communication session and provide the secret token to the non-browser application via the browser that maps to the session cookie, the non-browser application further configured to resupply the secret token to the server independent from the browser to initiate the secure communication session with the server and the browser closed thereafter while the secure communication session continues between the non-browser application and the server, the server dynamically translates the secret token into the session cookie when the session cookie is no longer available from the bowser that is closed and the secure communication session continues unabated via the secret token that the server translates back to the session cookie, the secret token is supplied to the sever independent of the browser and without the presence of the browser.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein the secure communication session is a secure socket layer (SSL) virtual private network (VPN) session with a secure communication tunnel established between the non-browser application and the server.
  - 17. The system of claim 15, wherein the server is configured to redirect the browser to an identity service to authenticate a user of the non-browser application for the secure communication session.
  - 18. The system of claim 15, wherein the server is configured to direct the browser to set the session cookie within the browser.
  - 19. The system of claim 15, wherein the server is configured to direct the non-browser application to replace the secret token with a new session cookie after the secret token is supplied at least once from the non-browser application, the non-browser application further instructed to supply the new session cookie with all communication during the secure communication session with the server.
  - 20. The system of claim 15, wherein the non-browser application is configured to close the browser once the secure communication session is established.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus Software, Inc. (Open Text Corporation)
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Burch, Lloyd Leon, Mukkara, Prakash Umasankar
Primary Examiner(s)
Davis, Zachary A.
Assistant Examiner(s)
Korsak, Oleg

Application Number

US12/714,451
Publication Number

US 20110213956A1
Time in Patent Office

1,620 Days
Field of Search

713152-158, 726 2- 21, 380/255
US Class Current

713/152
CPC Class Codes

H04L 63/0272   Virtual private networks

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

Techniques for managing a secure communication session

First Claim

16 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Techniques for managing a secure communication session

First Claim

16 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others