Methods for SSL protected NTLM re-authentication and devices thereof

US 10,834,065 B1
Filed: 03/31/2016
Issued: 11/10/2020
Est. Priority Date: 03/31/2015
Status: Active Grant

First Claim

Patent Images

1. A method for secure sockets layer (SSL) protected network local area network manager (NTLM) re-authentication, the method implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising:

receiving a recent request to access a network local area network manager (NTLM) protected web application on a new connection from a client as a response to a connection reset message in an existing session, the received recent request comprising network connection data;

comparing the received network connection data to stored prior network connection data to determine when the received network connection data is identical; and

re-authenticating the new connection and granting access to the requested NTLM protected web application executing on a web application server to the client in the existing session when the comparison indicates that the received network connection data is identical to the stored prior network connection data, wherein the client was previously authenticated to access the NTLM protected web application executing on the web application server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, non-transitory computer readable medium, and device that assists with SSL protected NTLM reauthentication includes receiving a connection reset message from a web application server. The received connection reset message is forwarded to the client computing device. A recent request including connection data to access a web application is received on a new connection as a response to the forwarded connection reset message from the client computing device. Next, it is determined whether the received recent request to access the web application including the connection data is identical to a stored connection data. The client computing device is re-authenticated and granted access to the requested web application to when the connection data is determined to be identical to the stored connection data.

1680 Citations

22 Claims

1. A method for secure sockets layer (SSL) protected network local area network manager (NTLM) re-authentication, the method implemented by a network traffic management system comprising one or more network traffic apparatuses, client devices, or server devices, the method comprising:
- receiving a recent request to access a network local area network manager (NTLM) protected web application on a new connection from a client as a response to a connection reset message in an existing session, the received recent request comprising network connection data;
  
  comparing the received network connection data to stored prior network connection data to determine when the received network connection data is identical; and
  
  re-authenticating the new connection and granting access to the requested NTLM protected web application executing on a web application server to the client in the existing session when the comparison indicates that the received network connection data is identical to the stored prior network connection data, wherein the client was previously authenticated to access the NTLM protected web application executing on the web application server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as set forth in claim 1 wherein the network connection data comprises a current secured socket layer session identification number, a previously authenticated response to a previously sent challenge, and a hypertext transfer protocol uniform resource identifier of a resource being accessed on the web application server.
  - 3. The method as set forth in claim 1 wherein the stored prior network connection data comprises a stored secured socket layer session identification number, a stored authenticated response to the previously sent challenge, and a stored hypertext transfer protocol uniform resource identifier.
  - 4. The method as set forth in claim 1 further comprising receiving a request to access the web application from the client, the received request to access the NTLM protected web application comprising the stored secured socket layer session identification number, the stored authenticated response to the previously sent challenge, and the stored hypertext transfer protocol uniform resource identifier of the resource being accessed on the web application server.
  - 5. The method as set forth in claim 4 further comprising:
    - generating and sending a challenge responsive to the received request to access the web application to the client; and
      
      receiving a challenge response to the generated challenge.
  - 6. The method as set forth in claim 5 further comprising:
    - determining when the received answer is correct by sending and validating the generated challenge and the challenge response to an active directory server; and
      
      granting the client access to the requested NTLM protected web application when the received answer is determined to be correct.
  - 7. The method as set forth in claim 1 wherein the determining further comprises, requesting the client to perform a new authentication when the network connection data is determined to be not identical to the stored prior network connection data.

8. A non-transitory computer readable medium having stored thereon instructions for secure socket layer (SSL) protected network local area network manager (NTLM) re-authentication comprising machine executable code which when executed by at least one processor, causes the processor to:
- receive a recent request to access a network local area network manager (NTLM) protected web application on a new connection from a client as a response to a connection reset message in an existing session, the received recent request comprising network connection data;
  
  compare the received network connection data to stored prior network connection data to determine when the received network connection data is identical; and
  
  re-authenticate the new connection and granting access to the requested NTLM protected web application executing on a web application server to the client in the existing session when the comparison indicates that the received network connection data is identical to the stored prior network connection data, wherein the client was previously authenticated to access the NTLM protected web application executing on the web application server.
- View Dependent Claims (9, 10, 14)
- - 9. The medium as set forth in claim 8 wherein the network connection data comprises a current secured socket layer session identification number, a previously authenticated response to a previously sent challenge, and a hypertext transfer protocol uniform resource identifier of a resource being accessed on the web application server.
  - 10. The medium as set forth in claim 8 wherein the stored prior network connection data comprises a stored secured socket layer session identification number, a stored authenticated response to the previously sent challenge, and a stored hypertext transfer protocol uniform resource identifier.
  - 14. The medium as set forth in claim 8 wherein the determining further comprises, requesting the client to perform a new authentication when the network connection data is determined to be not identical to the stored prior network connection data.

11. The medium as set forth 8 further comprising receiving a request to access the NTLM protected web application from the client, the received request to access the web application comprising the stored secured socket layer session identification number, the stored authenticated response to the previously sent challenge, and the stored hypertext transfer protocol uniform resource identifier of the resource being accessed on the web application server.
- View Dependent Claims (12, 13)
- - 12. The medium as set forth in claim 11 further comprising:
    - generating and sending a challenge responsive to the received request to access the web application to the client; and
      
      receiving a challenge response to the generated challenge.
  - 13. The medium as set forth in claim 12 further comprising:
    - determining when the received answer is correct by sending and validating the generated challenge and the received challenge response to an active directory server; and
      
      granting the client access to the requested NTLM protected web application when the received answer is determined to be correct.

15. A network traffic management device comprising:
- a memory including programmed instructions stored in the memory and one or more processors configured to be capable of executing the programmed instructions stored in the memory to;
  
  receive a recent request to access a network local area network manager (NTLM) protected web application on a new connection from a client as a response to a connection reset message in an existing session, the received recent request comprising network connection data;
  
  compare the received network connection data to stored prior network connection data to determine when the received network connection data is identical; and
  
  re-authenticate the new connection and granting access to the requested NTLM protected web application executing on a web application server to the client in the existing session when the comparison indicates that the received network connection data is identical to the stored prior network connection data, wherein the client was previously authenticated to access the NTLM protected web application executing on the web application server.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The device as set forth in claim 15 wherein the network connection data comprises a current secured socket layer session identification number, a previously authenticated response to a previously sent challenge, and a hypertext transfer protocol uniform resource identifier of a resource being accessed on the web application server.
  - 17. The device as set forth in claim 15 wherein the stored prior network connection data comprises a stored secured socket layer session identification number, a stored authenticated response to the previously sent challenge, and a stored hypertext transfer protocol uniform resource identifier.
  - 18. The device as set forth in claim 15 wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to receive a request to access the NTLM protected web application from the client, the received request to access the web application comprising the stored secured socket layer session identification number, the stored authenticated response to the previously sent challenge, and the stored hypertext transfer protocol uniform resource identifier of the resource being accessed on the web application server.
  - 19. The device as set forth in claim 18 wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to:
    - generate and send a challenge responsive to the received request to access the web application to the client; and
      
      receive a challenge response to the generated challenge.
  - 20. The device as set forth in claim 19 wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory to:
    - determine when the received answer is correct by sending and validating the generated challenge and the received challenge response to an active directory server; and
      
      grant the client access to the requested NTLM protected web application when the received answer is determined to be correct.
  - 21. The device as set forth in claim 15 wherein the one or more processors are further configured to be capable of executing the programmed instructions stored in the memory wherein the determining further comprises, request the client to perform a new authentication when the network connection data is determined to be not identical to the stored prior network connection data.

22. A network traffic management system comprising:
- one or more traffic management apparatuses, client devices, or server devices comprising memory comprising programmed instructions stored thereon and one or more processors configured to be capable of executing the stored programmed instructions to;
  
  receive a recent request to access a network local area network manager (NTLM) protected web application on a new connection from a client as a response to a forwarded connection reset message in an existing session, the received recent request comprising network connection data;
  
  compare the received network connection data to stored prior network connection data to determine when the received network connection data is identical; and
  
  re-authenticate the new connection and granting access to the requested NTLM protected web application executing on a web application server to the client in the existing session when the comparison indicates that the received network connection data is identical to the stored prior network connection data, wherein the client was previously authenticated to access the NTLM protected web application executing on the web application server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Natarajan, Ravi, Lie, Wui Chung
Primary Examiner(s)
Jeudy, Josnel

Application Number

US15/087,044
Time in Patent Office

1,685 Days
Field of Search
US Class Current
CPC Class Codes

H04L 47/803   Application aware

H04L 63/0272   Virtual private networks

H04L 63/08   for authentication of entit...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/166   at the transport layer

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

Methods for SSL protected NTLM re-authentication and devices thereof

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

1680 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Methods for SSL protected NTLM re-authentication and devices thereof

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

1680 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links