Virtual desktop accelerator with support for multiple cryptographic contexts
First Claim
1. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- intercept, at a client device, a remote desktop connection request;
connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy;
initiate a first connection with a server via the network gateway using a first communication protocol;
exchange a plurality of cryptographic contexts with the server;
receive a token comprising a signature;
encrypt the signature using a first one of the plurality of cryptographic contexts from the server;
send the encrypted signature to the server via the proxy to authenticate the client device;
initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol;
receive a signature verification packet at the client device;
switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts;
encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and
send the encrypted signature verification packet to the server.
14 Assignments
0 Petitions
Accused Products
Abstract
In particular embodiments, a method includes intercepting a remote desktop connection request and connecting to a network gateway based on the remote desktop connection request. A first connection with a server is initiated via the network gateway using a first communication protocol. A plurality of cryptographic contexts are exchanged with the server. A token encrypted using one of the plurality of cryptographic contexts is received from the server. The token is sent from a client device to the server or a proxy to authenticate the client device, and a second connection is initiated with the server, via the proxy, using a second communication protocol.
6 Citations
20 Claims
-
1. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
-
intercept, at a client device, a remote desktop connection request; connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy; initiate a first connection with a server via the network gateway using a first communication protocol; exchange a plurality of cryptographic contexts with the server; receive a token comprising a signature; encrypt the signature using a first one of the plurality of cryptographic contexts from the server; send the encrypted signature to the server via the proxy to authenticate the client device; initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol; receive a signature verification packet at the client device; switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts; encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and send the encrypted signature verification packet to the server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method comprising:
-
intercepting, at a client device, a remote desktop connection request; connecting the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy; initiating a first connection with a server via the network gateway using a first communication protocol; exchanging a plurality of cryptographic contexts with the server; receiving a token comprising a signature; encrypting the signature using a first one of the plurality of cryptographic contexts from the server; sending the encrypted signature to the server via the proxy to authenticate the client device; initiating a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol; receiving a signature verification packet at the client device; switching to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts; encrypting the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and sending the encrypted signature verification packet to the server. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
one or more processors; and a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to; intercept, at a client device, a remote desktop connection request; connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy; initiate a first connection with a server via the network gateway using a first communication protocol; exchange a plurality of cryptographic contexts with the server; receive a token comprising a signature; encrypt the signature using a first one of the plurality of cryptographic contexts from the server; send the encrypted signature to the server via the proxy to authenticate the client device; initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol; receive a signature verification packet at the client device; switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts; encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and send the encrypted signature verification packet to the server. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification