SERVER INITIATED SECURE NETWORK CONNECTION
First Claim
1. A method comprising:
- receiving, with a management device, an initial transmission control protocol (TCP) synchronize (SYN) packet output by a managed device as a TCP client as a request to initiate a TCP session between the management device and the managed device;
outputting a TCP synchronize-acknowledged (SYN-ACK) packet from the management device to accept the TCP session as a TCP server;
after establishing the TCP session, receiving with the management device a role reversal message output by the managed device specifying an identity of the managed device; and
upon receiving the role reversal message, initiating, with the management device, a secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol.
1 Assignment
0 Petitions
Accused Products
Abstract
In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.
46 Citations
25 Claims
-
1. A method comprising:
-
receiving, with a management device, an initial transmission control protocol (TCP) synchronize (SYN) packet output by a managed device as a TCP client as a request to initiate a TCP session between the management device and the managed device; outputting a TCP synchronize-acknowledged (SYN-ACK) packet from the management device to accept the TCP session as a TCP server; after establishing the TCP session, receiving with the management device a role reversal message output by the managed device specifying an identity of the managed device; and upon receiving the role reversal message, initiating, with the management device, a secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A device that manages at least one remote device and that comprises:
-
a control unit that; receives an initial transmission control protocol (TCP) synchronize (SYN) packet output by one of the plurality of remote managed devices as a TCP client as a request to initiate a TCP session between the management device and the managed device; outputs to the managed device a TCP synchronize-acknowledged (SYN-ACK) packet to accept the TCP session as a TCP server; after establishing the TCP session, receives a role reversal message output by the managed device specifying an identity of the managed device; and upon receiving the role reversal message, initiates a secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A device that manages at least one remote device and that comprises:
-
a control unit that; receives an initial transmission control protocol (TCP) synchronize (SYN) packet output by one of the plurality of remote managed devices as a TCP client as a request to initiate a TCP session between the management device and the managed device; outputs to the managed device a TCP synchronize-acknowledged (SYN-ACK) packet to accept the TCP session as a TCP server; after establishing the TCP session, receives a role reversal message output by the managed device specifying an identity of the managed device; based on the role reversal message, dynamically reverses the client/server roles of the management device when constructing a network stack for communicating with the managed device; and upon receiving the role reversal message, initiates a secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol. - View Dependent Claims (24)
-
-
25. A computer-readable medium comprising instructions for causing a programmable processor of a management device to:
-
receive an initial transmission control protocol (TCP) synchronize (SYN) packet output by a managed device as a TCP client as a request to initiate a TCP session between the management device and the managed device; output a TCP synchronize-acknowledged (SYN-ACK) packet from the management device to accept the TCP session as a TCP server; after establishing the TCP session, receive a role reversal message output by the managed device specifying an identity of the managed device; based on the role reversal message, dynamically reverse client/server roles of the management device when constructing a network stack for communicating with the managed device; and upon receiving the role reversal message, initiate a secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol.
-
Specification