Virtual desktop accelerator with support for multiple cryptographic contexts

US 9,300,762 B2
Filed: 09/13/2013
Issued: 03/29/2016
Est. Priority Date: 05/03/2013
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:

intercept, at a client device, a remote desktop connection request;

connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy;

initiate a first connection with a server via the network gateway using a first communication protocol;

exchange a plurality of cryptographic contexts with the server;

receive a token comprising a signature;

encrypt the signature using a first one of the plurality of cryptographic contexts from the server;

send the encrypted signature to the server via the proxy to authenticate the client device;

initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol;

receive a signature verification packet at the client device;

switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts;

encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and

send the encrypted signature verification packet to the server.

View all claims

14 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In particular embodiments, a method includes intercepting a remote desktop connection request and connecting to a network gateway based on the remote desktop connection request. A first connection with a server is initiated via the network gateway using a first communication protocol. A plurality of cryptographic contexts are exchanged with the server. A token encrypted using one of the plurality of cryptographic contexts is received from the server. The token is sent from a client device to the server or a proxy to authenticate the client device, and a second connection is initiated with the server, via the proxy, using a second communication protocol.

6 Citations

20 Claims

1. One or more computer-readable non-transitory storage media embodying software that is operable when executed to:
- intercept, at a client device, a remote desktop connection request;
  
  connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy;
  
  initiate a first connection with a server via the network gateway using a first communication protocol;
  
  exchange a plurality of cryptographic contexts with the server;
  
  receive a token comprising a signature;
  
  encrypt the signature using a first one of the plurality of cryptographic contexts from the server;
  
  send the encrypted signature to the server via the proxy to authenticate the client device;
  
  initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol;
  
  receive a signature verification packet at the client device;
  
  switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts;
  
  encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and
  
  send the encrypted signature verification packet to the server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The media of claim 1, wherein the software is operable when initiating the first connection with the server to:
    - provide authentication credentials to authenticate the client device with the network gateway.
  - 3. The media of claim 1, wherein the token comprises authentication information for authenticating the client device.
  - 4. The media of claim 1, wherein authenticating the client device comprises:
    - authenticating the client device with the server using the token; and
      
      breaking the first connection with the server.
  - 5. The media of claim 1, wherein initiating the second connection comprises:
    - performing a first authentication step with respect to the proxy; and
      
      performing a second authentication step with respect to the server, wherein the first authentication step and the second authentication step are performed using the token.
  - 6. The media of claim 1, wherein the first communication protocol is TCP and the second communication protocol is UDP Plus.

7. A method comprising:
- intercepting, at a client device, a remote desktop connection request;
  
  connecting the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy;
  
  initiating a first connection with a server via the network gateway using a first communication protocol;
  
  exchanging a plurality of cryptographic contexts with the server;
  
  receiving a token comprising a signature;
  
  encrypting the signature using a first one of the plurality of cryptographic contexts from the server;
  
  sending the encrypted signature to the server via the proxy to authenticate the client device;
  
  initiating a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol;
  
  receiving a signature verification packet at the client device;
  
  switching to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts;
  
  encrypting the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and
  
  sending the encrypted signature verification packet to the server.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The method of claim 7, wherein initiating the first connection with the server further comprises:
    - providing authentication credentials to authenticate the client device with the network gateway.
  - 9. The method of claim 7, wherein the token comprises authentication information for authenticating the client device.
  - 10. The method of claim 7, wherein authenticating the client device further comprises:
    - authenticating the client device with the server using the token; and
      
      breaking the first connection with the server.
  - 11. The method of claim 7, wherein initiating the second connection further comprises:
    - performing a first authentication step with respect to the proxy; and
      
      performing a second authentication step with respect to the server, wherein the first authentication step and the second authentication step are performed using the token.
  - 12. The method of claim 7, wherein the first communication protocol is TCP.
  - 13. The method of claim 7, wherein the second communication protocol is UDP Plus.

14. A system comprising:
- one or more processors; and
  
  a memory coupled to the processors comprising instructions executable by the processors, the processors being operable when executing the instructions to;
  
  intercept, at a client device, a remote desktop connection request;
  
  connect the client device to a network gateway based on the remote desktop connection request, the network gateway comprising a proxy;
  
  initiate a first connection with a server via the network gateway using a first communication protocol;
  
  exchange a plurality of cryptographic contexts with the server;
  
  receive a token comprising a signature;
  
  encrypt the signature using a first one of the plurality of cryptographic contexts from the server;
  
  send the encrypted signature to the server via the proxy to authenticate the client device;
  
  initiate a second connection with the server, via the proxy, wherein the second connection is initiated using a second communication protocol;
  
  receive a signature verification packet at the client device;
  
  switch to a second one of the plurality of cryptographic contexts from the server by exchanging one or more keys for the second one of the plurality of cryptographic contexts, wherein the one or more keys are encrypted using the first one of the plurality of cryptographic contexts;
  
  encrypt the signature verification packet using the second one of the plurality of cryptographic contexts from the server; and
  
  send the encrypted signature verification packet to the server.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The system of claim 14, wherein the processors are operable when initiating the first connection with the server to:
    - provide authentication credentials to authenticate the client device with the network gateway.
  - 16. The system of claim 14, wherein the token comprises authentication information for authenticating the client device.
  - 17. The system of claim 14, wherein authenticating the client device comprises:
    - authenticating the client device with the server using the token; and
      
      breaking the first connection with the server.
  - 18. The system of claim 14, wherein initiating the second connection comprises:
    - performing a first authentication step with respect to the proxy; and
      
      performing a second authentication step with respect to the server, wherein the first authentication step and the second authentication step are performed using the token.
  - 19. The system of claim 14, wherein the first communication protocol is TCP.
  - 20. The system of claim 14, wherein the second communication protocol is UDP Plus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Dell Products LP (Dell Technologies Inc.)
Inventors
Krishnamurthy, Santhosh, Hanumantharayappa, Raghunandan, Basha P. R., Khader
Primary Examiner(s)
Davis, Zachary A
Assistant Examiner(s)
ALMEIDA, DEVIN E

Application Number

US14/026,376
Publication Number

US 20140331046A1
Time in Patent Office

928 Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/72   Signcrypting, i.e. digital ...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0876   based on the identity of th...

H04L 63/0884   by delegation of authentica...

H04L 63/164   at the network layer

H04L 67/01   Protocols

H04L 67/14   Session management for real...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Virtual desktop accelerator with support for multiple cryptographic contexts

First Claim

14 Assignments

0 Petitions

Accused Products

Abstract

6 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Virtual desktop accelerator with support for multiple cryptographic contexts

First Claim

14 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

6 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others