Common internet file system proxy authentication of multiple servers

US 9,338,165 B2
Filed: 03/12/2009
Issued: 05/10/2016
Est. Priority Date: 03/12/2009
Status: Active Grant

First Claim

Patent Images

1. A proxy system, comprising:

a processor; and

a memory containing a proxy server application, which, when executed on the processor is configured to perform an operation for authenticating a client device to a plurality of network servers, the operation comprising;

establishing a first session between the proxy server application and a first network server, of the plurality, responsive to an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy server application to authenticate the proxy server application, as the client device, to the first network server;

determining that the client device is requesting access to resources on a second network server, of the plurality, different from the first network server, wherein the client device has not provided authentication information to the second network server;

responsive to the request to access resources on the second network server, sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting a user at the client device to provide the authenticating information; and

establishing a second session between the proxy server application and only the second network server, using the fresh authentication request, wherein the same proxy server application establishes both the first session and the second session.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are described for a proxy system to provide a client device with transparent access to multiple network file servers. The proxy system may appear to the client device as a single network file server. The proxy may be configured to forward requests received from the client device to multiple servers as well as provide responses from the server back to the client. Further, the proxy system may authenticate itself, as the client, to each of the multiple network servers using authentication credentials supplied by the client. After prompting a user to submit credentials to establish a session with a first network server, the proxy system may send a session timeout error code, prompting the client to submit a fresh authentication request used by the proxy system to establish a session with a second network server.

Citations

24 Claims

1. A proxy system, comprising:
- a processor; and
  
  a memory containing a proxy server application, which, when executed on the processor is configured to perform an operation for authenticating a client device to a plurality of network servers, the operation comprising;
  
  establishing a first session between the proxy server application and a first network server, of the plurality, responsive to an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy server application to authenticate the proxy server application, as the client device, to the first network server;
  
  determining that the client device is requesting access to resources on a second network server, of the plurality, different from the first network server, wherein the client device has not provided authentication information to the second network server;
  
  responsive to the request to access resources on the second network server, sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting a user at the client device to provide the authenticating information; and
  
  establishing a second session between the proxy server application and only the second network server, using the fresh authentication request, wherein the same proxy server application establishes both the first session and the second session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein establishing the first session between the proxy server application and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy server application;
      
      forwarding the modified request to the first network server to establish a session between the proxy server application and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy server application; and
      
      forwarding the modified response to the client device.
  - 3. The system of claim 2, wherein establishing the second session between the proxy server application and the second network server comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy server application;
      
      forwarding the modified request to the second network server to establish a session between the proxy server application and the second network server; and
      
      receiving a response from the second network server establishing the session between the proxy server application and the second network server, thereby authenticating the client device to the second network server without having to prompt the user at the client device to provide the authentication information a second time.
  - 4. The system of claim 3, wherein the proxy server application is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 5. The system of claim 4, wherein the proxy server application is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 6. The system of claim 5, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 7. The system of claim 6, wherein the proxy server application is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 8. The system of claim 7, wherein the first and second session between the proxy server application and the first and second network servers provides access to one or more storage devices presented to the client device as a network drive on the proxy system.

9. A method for authenticating a client device to a plurality of network servers using a single proxy server, comprising:
- establishing a first session between a proxy server and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy server to authenticate the proxy server, as the client, to the first network server;
  
  determining that the client device is requesting access to resources on a second network server, of the plurality, different from the first network server, wherein the client device has not provided authentication information to the second network server;
  
  responsive to the request to access resources on the second network server, sending a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting a user at the client device to provide the authenticating information; and
  
  establishing a second session between the proxy server and only the second network server, using the fresh authentication request request, wherein the same proxy server establishes both the first session and the second session.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, wherein establishing the first session between the proxy server and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy server;
      
      forwarding the modified request to the first network server to establish a session between the proxy server and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy server; and
      
      forwarding the modified response to the client device.
  - 11. The method of claim 10, wherein establishing the second session between the proxy server and the second network server using the fresh authentication request, comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy server;
      
      forwarding the modified request to the second network server to establish a session between the proxy server and the second network server; and
      
      receiving a response from the second network server establishing the session between the proxy server and the second network server, thereby authenticating the client device to the second network server without having to prompt the user at the client device to provide the authentication information a second time.
  - 12. The method of claim 11, wherein the proxy server application is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 13. The method of claim 12, wherein the proxy server is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 14. The method of claim 13, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 15. The method of claim 14, wherein the proxy server is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 16. The method of claim 15, wherein the first and second session between the proxy server and the first and second network servers provides access to one or more storage devices presented to the client device as a network drive on the proxy server.

17. A computer program product for authenticating a client device to a plurality of network servers using a single proxy server, the computer program product comprising:
- a non-transitory computer-readable storage medium having computer-readable program code embodied therewith, the computer-readable program code comprising;
  
  computer-readable program code configured to establish a first session between a proxy server and a first network server, of the plurality, using an initial request supplied by the client device, wherein the request includes authenticating information used by the proxy server to authenticate the proxy server, as the client, to the first network server;
  
  computer-readable program code configured to determine that the client device is requesting access to resources on a second network server, of the plurality, different from the first network server, wherein the client device has not provided authentication information to the second network server;
  
  computer-readable program code configured to, responsive to the request to access resources on the second network server, send a session timeout message to the client device which causes the client device to respond with a fresh authentication request, without prompting a user at the client device to provide the authenticating information; and
  
  computer-readable program code configured to establish a second session between the proxy server and a second network server using the fresh authentication request, wherein the same proxy server establishes both the first session and the second session.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer program product of claim 17, wherein establishing the first session between the proxy server and the first network server comprises:
    - modifying the initial request to appear to the first network server as having originated from the proxy server;
      
      forwarding the modified request to the first network server to establish a session between the proxy server and the first network server;
      
      receiving a response from the first network server;
      
      modifying the response to appear to the client device as having originated from the proxy server; and
      
      forwarding the modified response to the client device.
  - 19. The computer program product of claim 18, wherein establishing the second session between the proxy server and the second network server comprises:
    - modifying the fresh authentication request to appear to the second network server as having originated from the proxy server;
      
      forwarding the modified request to the second network server to establish a session between the proxy server and the second network server; and
      
      receiving a response from the second network server establishing the session between the proxy server and the second network server, thereby authenticating the client device to the second network server without having to prompt the user at the client device to provide the authentication information a second time.
  - 20. The computer program product of claim 19, wherein the proxy server application is configured to send the session timeout message and establish the second session with the second network server in response to determining the client device has requested access to resources available on the second network server.
  - 21. The computer program product of claim 20, wherein the proxy server is configured as a common internet file system (CIFS) proxy, and wherein each of the plurality of network file servers is configured as a CIFS server system.
  - 22. The computer program product of claim 21, wherein the session timeout message is a CIFS STATUS_NETWORK_SESSION_EXPIRED error code.
  - 23. The computer program product of claim 22, wherein the proxy system is configured to negotiate with the client device to disable server message block (SMB) signing.
  - 24. The computer program product of claim 23, wherein the first and second session between the proxy server and the first and second network servers provides access to one or more storage devices presented to the client device as a network drive on the proxy server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Simpkins, Richard Adam, Seitz, Matthew Eric, Liu, Zuwei
Primary Examiner(s)
Parsons, Theodore C

Application Number

US12/403,284
Publication Number

US 20100235901A1
Time in Patent Office

2,616 Days
Field of Search

726/12, 707821-828
US Class Current

1/1
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 21/31   User authentication

G06F 21/33   using certificates

G06F 21/6218   to a system of files or obj...

H04L 63/0281   Proxies

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/0884   by delegation of authentica...

H04L 67/01   Protocols

H04L 67/06   specially adapted for file ...

H04L 67/1001   for accessing one among a p...

H04L 67/141   Setup of application sessio...

Common internet file system proxy authentication of multiple servers

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Common internet file system proxy authentication of multiple servers

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links