Systems and methods for protocol detection in a proxy

US 8,793,390 B2
Filed: 05/23/2006
Issued: 07/29/2014
Est. Priority Date: 05/23/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for protocol detection in a network proxy, comprising:

receiving at the network proxy and from a first computer, a request for connection to a second computer, the network proxy including a plurality of application proxies;

establishing by the network proxy, a connection with at least one of the first computer and the second computer according to a connection establishment routine;

receiving at the network proxy, application data from at least one of the first computer and the second computer, wherein the application data conforms to an application protocol;

prior to forwarding the application data between the first and second computers, determining the application protocol by comparing the received application data to protocol signatures and, according to results of the comparison, determining whether or not the application protocol corresponds to any one of the plurality of application proxies in the network proxy;

if the application protocol, as determined by comparing the received application data to protocol signatures, corresponds to one of the application proxies in the network proxy, then responsively handing off the connection to the one application proxy corresponding to the application protocol; and

if the application protocol, as determined by comparing the received application data to protocol signatures, does not correspond to any one of the plurality of application proxies in the network proxy, then responsively handling the connection according to a predetermined policy that is one of (i) allowing the connection, (ii) allowing the connection to be subject to protocol optimization, and (iii) allowing the connection subject to at least bandwidth limitation, bandwidth prioritization, or bandwidth optimization,wherein a first set of protocol signatures is employed for analyzing application data received from the first computer and a second set of protocol signatures, different from the first set, is employed for analyzing application data received from the second computer.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer products for detecting protocols in a network proxy are provided. Protocol detection includes receiving from a first computer a request for connection to a second computer, the request conforming to a first protocol; establishing a connection with at least one of the first computer and the second computer; receiving data from at least one of the first computer and the second computer, wherein the data conforms to a second protocol; and performing protocol detection on the data.

58 Citations

15 Claims

1. A method for protocol detection in a network proxy, comprising:
- receiving at the network proxy and from a first computer, a request for connection to a second computer, the network proxy including a plurality of application proxies;
  
  establishing by the network proxy, a connection with at least one of the first computer and the second computer according to a connection establishment routine;
  
  receiving at the network proxy, application data from at least one of the first computer and the second computer, wherein the application data conforms to an application protocol;
  
  prior to forwarding the application data between the first and second computers, determining the application protocol by comparing the received application data to protocol signatures and, according to results of the comparison, determining whether or not the application protocol corresponds to any one of the plurality of application proxies in the network proxy;
  
  if the application protocol, as determined by comparing the received application data to protocol signatures, corresponds to one of the application proxies in the network proxy, then responsively handing off the connection to the one application proxy corresponding to the application protocol; and
  
  if the application protocol, as determined by comparing the received application data to protocol signatures, does not correspond to any one of the plurality of application proxies in the network proxy, then responsively handling the connection according to a predetermined policy that is one of (i) allowing the connection, (ii) allowing the connection to be subject to protocol optimization, and (iii) allowing the connection subject to at least bandwidth limitation, bandwidth prioritization, or bandwidth optimization,wherein a first set of protocol signatures is employed for analyzing application data received from the first computer and a second set of protocol signatures, different from the first set, is employed for analyzing application data received from the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the connection is established with both the first computer and the second computer before receiving the application data from at least one of the first and second computers.
  - 3. The method of claim 2, wherein the connection is first established with the first computer.
  - 4. The method of claim 2, wherein the connection request is forwarded to the second computer, and the connection is established after receiving a reply from the second computer.
  - 5. The method of claim 1, wherein the first computer is protected by a firewall and the second computer is outside of the firewall.
  - 6. The method of claim 1, wherein the first computer is outside of a firewall and the second computer is protected by the firewall.
  - 7. The method of claim 1, wherein neither the first computer nor the second computer is protected by a firewall.
  - 8. The method of claim 1, wherein both the first computer and the second computer are protected by respective firewalls.

9. A non-transitory computer-readable storage medium having embodied thereon computer-readable instructions for performing a method for protocol detection in a network proxy, the method comprising:
- receiving at the network proxy and from a first computer, a request for connection to a second computer, the network proxy including a plurality of application proxies;
  
  establishing by the network proxy, a connection with at least one of the first computer and the second computer according to a connection establishment routine;
  
  receiving at the network proxy application data from at least one of the first computer and the second computer, wherein the application data conforms to an application protocol; and
  
  prior to forwarding the application data between the first and second computers, determining the application protocol by comparing the received application data to protocol signatures and, according to results of the comparison, determining whether or not the application protocol corresponds to any one of the plurality of application proxies in the network proxy;
  
  if the application protocol, as determined by comparing the received application data to protocol signatures, corresponds to one of the application proxies in the network proxy, then responsively handing off the connection to the one application proxy corresponding to the application protocol; and
  
  if the application protocol, as determined by comparing the received application data to protocol signatures, does not correspond to any one of the plurality of application proxies in the network proxy, then responsively handling the connection according to a predetermined policy that is one of (i) allowing the connection, (ii) allowing the connection to be subject to protocol optimization, and (iii) allowing the connection subject to at least bandwidth limitation, bandwidth prioritization, or bandwidth optimization,wherein a first set of protocol signatures is employed for analyzing application data received from the first computer and a second set of protocol signatures, different from the first set, is employed for analyzing application data received from the second computer.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The non-transitory computer-readable storage medium of claim 9, wherein the connection is established with both the first computer and the second computer before receiving the application data from at least one of the first and second computers.
  - 11. The non-transitory computer-readable storage medium of claim 10, wherein the connection is first established with the first computer.
  - 12. The non-transitory computer-readable storage medium of claim 10, wherein the connection request is forwarded to the second computer, and the connection is established after receiving a reply from the second computer.
  - 13. The non-transitory computer-readable storage medium of claim 9, wherein the first computer is protected by a firewall and the second computer is outside of the firewall.
  - 14. The non-transitory computer-readable storage medium of claim 9, wherein the first computer is outside of a firewall and the second computer is protected by the firewall.

15. A data processing system for protocol detection in a network proxy, the network proxy including a plurality of application proxies, the data processing system comprising:
- a memory having stored thereon instructions; and
  
  a processor executing the instructions, the instructions including instructions for;
  
  receiving from a first computer a request for connection to a second computer,establishing a connection with at least one of the first computer and the second computer according to a connection establishment routine,receiving application data from at least one of the first computer and the second computer, wherein the application data conforms to an application protocol,prior to forwarding the application data between the first and second computers, determining the application protocol by comparing the received application data to protocol signatures and, according to results of the comparison, determining whether or not the application protocol corresponds to any one of the plurality of application proxies in the network proxy; and
  
  if the application protocol, as determined by comparing the received application data to protocol signatures, corresponds to one of the application proxies in the network proxy, then responsively handing off the connection to the one application proxy corresponding to the application protocol, andif the application protocol, as determined by comparing the received application data to protocol signatures, does not correspond to any one of the plurality of application proxies in the network proxy, then responsively handling the connection according to a predetermined policy that is one of (i) allowing the connection, (ii) allowing the connection to be subject to protocol optimization, and (iii) allowing the connection subject to at least bandwidth limitation, bandwidth prioritization, or bandwidth optimization,wherein a first set of protocol signatures is employed for analyzing application data received from the first computer and a second set of protocol signatures, different from the first set, is employed for analyzing application data received from the second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Mahdavi, Jamshid, Frederick, Ron, Joshi, Srinath
Primary Examiner(s)
Whipple, Brian P
Assistant Examiner(s)
EDWARDS, JAMES A

Application Number

US11/419,953
Publication Number

US 20070276931A1
Time in Patent Office

2,989 Days
Field of Search

709/230
US Class Current

709/230
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/029   Firewall traversal, e.g. tu...

H04L 69/18   Multiprotocol handlers, e.g...

Systems and methods for protocol detection in a proxy

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for protocol detection in a proxy

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links