Systems and methods for facilitating a peer to peer route via a gateway

US 8,914,522 B2
Filed: 07/22/2005
Issued: 12/16/2014
Est. Priority Date: 07/23/2004
Status: Active Grant

First Claim

Patent Images

1. A method for establishing a peer to peer communication session between a first computing device on a first network and a second computing device on a second network, the method comprising the steps of:

(a) establishing, by the first computing device, a first tunneling session with a third computing device, and establishing, by the second computing device, a second tunneling session with the third computing device;

(b) initiating, by the first computing device, a communication session to the second computing device via the third computing device;

(c) receiving, by a server via the third computing device, a signal to establish the communication session;

(d) communicating, by the server, via the third computing device to the first computing device, a first network address comprising a network address of the second computing device on a private network associated with the second tunneling session;

(e) communicating, by the first computing device, a request to initiate a connection with the second computing device using the first network address;

(f) intercepting, by the third computing device, the request, determining,based on the network address of the second computing device on the private network, that communication quality is to be improved with a direct connection between the first and second computing device bypassing the third computing device, and providing the first computing device a second network address for the second computing device response to the determination, the second network address comprising a public network address associated with the second computing device; and

(g) communicating, by the third computing device, a request to the second computing device to allow a connection from the first computing device using the second network address.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is generally directed towards a remote access architecture for providing peer-to-peer communications and remote access connectivity. In one embodiment, the remote access architecture of the present provides a method for establishing a direct connection between peer computing devices via a third computing device, such as a gateway. Additionally, the present invention provides the following techniques to optimize peer-to-peer communications: 1) false acknowledgement of receipt of network packets allowing communications via a lossless protocol of packets constructed for transmission via a lossy protocol, 2) payload shifting of network packets allowing communications via a lossless protocol of packets constructed for transmission via a lossy protocol, 3) reduction of packet fragmentation by adjusting the maximum transmission unit (MTU) parameter, accounting for overhead due to encryption, 4) application-aware prioritization of client-side network communications, and 5) network disruption shielding for reliable and persistent network connectivity and access.

813 Citations

48 Claims

1. A method for establishing a peer to peer communication session between a first computing device on a first network and a second computing device on a second network, the method comprising the steps of:
- (a) establishing, by the first computing device, a first tunneling session with a third computing device, and establishing, by the second computing device, a second tunneling session with the third computing device;
  
  (b) initiating, by the first computing device, a communication session to the second computing device via the third computing device;
  
  (c) receiving, by a server via the third computing device, a signal to establish the communication session;
  
  (d) communicating, by the server, via the third computing device to the first computing device, a first network address comprising a network address of the second computing device on a private network associated with the second tunneling session;
  
  (e) communicating, by the first computing device, a request to initiate a connection with the second computing device using the first network address;
  
  (f) intercepting, by the third computing device, the request, determining,based on the network address of the second computing device on the private network, that communication quality is to be improved with a direct connection between the first and second computing device bypassing the third computing device, and providing the first computing device a second network address for the second computing device response to the determination, the second network address comprising a public network address associated with the second computing device; and
  
  (g) communicating, by the third computing device, a request to the second computing device to allow a connection from the first computing device using the second network address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method of claim 1, wherein at least a portion of one of the first tunneling session or the second tunneling session comprises one of a Secure Socket Layer or a virtual private network.
  - 3. The method of claim 1, wherein the third computing device comprises a remote access gateway.
  - 4. The method of claim 1, wherein the second computing device is located behind a firewall associated with the second network address.
  - 5. The method of claim 1, comprising providing, by the third computing device, the second network address to the first computing device by communicating an out of band signal to the first computing device via the first tunneling session.
  - 6. The method of claim 1, comprising providing, by the second computing device, a forward hole in a firewall for the first computing device to communicate to the second computing device using the second network address.
  - 7. The method of claim 1, comprising communicating, by the third computing device, a key to the first computing device and the second computing device.
  - 8. The method of claim 7, comprising communicating, by the first computing device, the key to the second computing device.
  - 9. The method of claim 8, comprising checking, by the first computing device, that the key received from the second computing device matches the key of the first computing device before transmitting data to the second computing device.
  - 10. The method of claim 7, comprising communicating, by the second computing device, the key to the first computing device.
  - 11. The method of claim 10, comprising checking, by the second computing device, that the key received from the first computing device matches the key of the second computing device before transmitting data to the second computing device.
  - 12. The method of claim 1, associating a first telecommunication device with the first computing device, and associating a second telecommunication device with the second computing device.
  - 13. The method of claim 12, wherein one of the first telecommunication device or the second telecommunication device comprises one of a software component or a hardware component.
  - 14. The method of claim 12, comprising establishing a telecommunication session between the first telecommunication device and the second telecommunication device via the connection.
  - 15. The method of claim 14, comprising communicating between the first telecommunication device and the second telecommunication device over the telecommunication session without traversing the to the first computing device.
  - 16. The method of claim 1, comprising communicating a remote display protocol via the connection between the first computing device and the second computing device.
  - 17. The method of claim 16, wherein the remote display protocol comprises one of an Independent Computing Architecture protocol or a Remote Desktop Protocol.
  - 18. The method of claim 1, comprising sharing a screen view of the first computing device with the second computing device via the connection.

19. In a gateway, a method for establishing a peer to peer communication session between a first computing device on a first network and a second computing device on a second network, the method comprising the steps of:
- (a) establishing a first tunneling session with the first computing device on a first network;
  
  (b) establishing a second tunneling session with the second computing device on the second network;
  
  (c) receiving a request by the first computing device to initiate a communication session with the second computing device;
  
  (d) providing to the first computing device a first network address for contacting the second computing device, the first network address comprising a network address of the second computing device on a private network associated with the second tunneling session;
  
  (e) receiving a request by the first computing device to initiate a connection with the second computing device using the first network address;
  
  (f) intercepting the request to initiate the connection, determining, based on the network address of the second computing device on the private network, that communication quality is to be improved with a direct connection between the first and second computing devices bypassing the gateway, and providing the first computing device a second network address for the second computing device in response to the determination, the second network address comprising a public network address associated with the second computing device; and
  
  (g) communicating to the second computing device a request to allow the connection from the first computing device to the second computing device using the second network address.
- View Dependent Claims (20, 21, 22, 23, 24)
- - 20. The method of claim 19, wherein at least a portion of one of the first tunneling session or the second tunneling session comprises one of a Secure Socket Layer or a virtual private network.
  - 21. The method of claim 19, wherein the second computing device is located behind a firewall associated with the second network address.
  - 22. The method of claim 19, comprising providing the second network address to the first computing device by communicating an out of band signal to the first computing device via the first tunneling session.
  - 23. The method of claim 19, comprising communicating a key to the first computing device.
  - 24. The method of claim 19, comprising communicating a key to the second computing device.

25. A system for establishing a peer to peer communication session between a first computing device on a first network and a second computing device on a second network via a third computing device, the system comprising:
- a first computing device on the first network;
  
  a second computing device on the second network;
  
  a third computing device configured to establish a first tunneling session with the first computing device and a second tunneling session with the second computing device;
  
  a server computing device accessible via the third computing device;
  
  wherein;
  
  the server computing device is configured to communicate via the third computing device to the first computing device a first network address comprising a network address of the second computing device on a private network associated with the second tunneling session;
  
  the first computing device is configured to communicate via the third computing device a first request to initiate a connection with the second computing device using the first network address;
  
  the third computing device is configured to intercept the first request, determine, based on the network address of the second computing device on the private network, that communication quality is to be improved with a direct connection between the first and second computing devices bypassing the third computing device, and provide the first computing device a second network address for the second computing device in response to the determination, the second network address comprising a public network address associated with the second computing device; and
  
  the third computing device is configured to communicate a second request to the second computing device to allow the direct connection from the first computing device using the second network address.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 26. The system of claim 25, wherein at least a portion of one of the first tunneling session or the second tunneling session comprises one of a Secure Socket Layer or a virtual private network.
  - 27. The system of claim 25, wherein the third computing device comprises a remote access gateway.
  - 28. The system of claim 25, wherein the second computing device is located behind a firewall associated with the second network address.
  - 29. The system of claim 25, wherein the third computing device is configured to provides the second network address to the first computing device by communicating an out of band signal via the first tunneling session.
  - 30. The system of claim 25, wherein the second computing device is configured to provides a forward hole in a firewall for the first computing device to communicate to the second computing device using the second network address.
  - 31. The system of claim 25, wherein the third computing device is configured to communicate a key to the first computing device and the second computing device.
  - 32. The system of claim 31, wherein the first computing device is configured to communicate the key to the second computing device.
  - 33. The system of claim 32, wherein the first computing device is configured to checks that the key received from the second computing device matches the key of the first computing device before transmitting data to the second computing device.
  - 34. The system of claim 31, wherein the second computing device is configured to communicatethe key to the first computing device.
  - 35. The system of claim 34, wherein the second computing device is configured to checks that the key received from the first computing devices matches the key of the second computing device before transmitting data to the second computing device.
  - 36. The system of claim 25, comprising a first telecommunication device associated with the first computing device, and a second telecommunication associated with the second computing device.
  - 37. The system of claim 36, wherein one of the first telecommunication device or the second telecommunication device comprises one of a software component or a hardware component.
  - 38. The system of claim 37, wherein the first telecommunication device is configured to establishes a telecommunication session with the second telecommunication device via the connection.
  - 39. The system of claim 38, wherein the first telecommunication device is configured to communicates with the second telecommunication device over the telecommunication session without traversing the third computing device.
  - 40. The system of claim 25, wherein the first computing device and the second computing device is configured to communicate a remote display protocol via the connection.
  - 41. The system of claim 40, wherein the remote display protocol comprises one of an Independent Computing Architecture protocol or a Remote Desktop Protocol.
  - 42. The system of claim 25, wherein the first computing device is configured to shares a screen view with the second computing device via the connection.

43. A system for establishing a peer to peer communication session between a first computing device on a first network and a second computing device on a second network, the system comprising:
- a gateway computing device configured for establishing a first tunneling session with the first computing device on a first network, and for establishing a second tunneling session with the second computing device on the second network, and configured for receiving a request by the first computing device to initiate a communication session with the second computing device; and
  
  a server computing device configured for providing to the first computing device a first network address for contacting the second computing device, the first network address comprising a network address of the second computing device on a private network associated with the second tunneling session;
  
  wherein the gateway computing device is configured for receiving a request by the first computing device to initiate a connection with the second computing device using the first network address, intercepting the request to initiate the connection, determining, based on the network address of the second computing device on the private network, that communication quality is to be improved with a direct connection between the first and second computing devices bypassing the gateway computing device, providing the first computing device a second network address for the second computing device in response to the determination, the second network address comprising a public network address associated with the second computing device, and communicating to the second computing device a request to allow the direct connection from the first computing device to the second computing device using the second network address.
- View Dependent Claims (44, 45, 46, 47, 48)
- - 44. The system of claim 43, wherein at least a portion of one of the first tunneling session or the second tunneling session comprises one of a Secure Socket Layer or a virtual private network.
  - 45. The system of claim 43, wherein the second computing device is located behind a firewall associated with the second network address.
  - 46. The system of claim 43, wherein the gateway computing device is configured for providing the second network address to the first computing device by communicating an out of band signal to the first computing device via the first tunneling session.
  - 47. The system of claim 43, wherein the gateway computing device is configured for communicating a key to the first computing device.
  - 48. The system of claim 43, wherein the gateway computing device is configured for communicating a key to the second computing device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Rao, Goutham P., Rodriguez, Robert A., Brueggemann, Eric R.
Primary Examiner(s)
Joo, Joshua

Application Number

US11/188,274
Publication Number

US 20060039356A1
Time in Patent Office

3,434 Days
Field of Search

709223-229, 709238-245
US Class Current

709/228
CPC Class Codes

H04L 1/1854   Scheduling and prioritising...

H04L 12/4633   Interconnection of networks...

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 41/0806   for initial configuration o...

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 43/0817   by checking functioning

H04L 45/30   Routing of multiclass traffic

H04L 47/10   Flow control; Congestion co...

H04L 47/2416   Real-time traffic

H04L 47/2433   Allocation of priorities to...

H04L 47/2475   for supporting traffic char...

H04L 47/36   by determining packet size,...

H04L 63/0236   Filtering by address, proto...

H04L 63/0272   Virtual private networks

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04L 63/164 : at the network layer

H04L 63/166 : at the transport layer

H04L 67/14 : Session management for real...

H04L 67/141 : Setup of application sessio...

View All

Systems and methods for facilitating a peer to peer route via a gateway

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

813 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for facilitating a peer to peer route via a gateway

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

813 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links