US20050198379A1 - Automatically reconnecting a client across reliable and persistent communication sessions - Google Patents
Automatically reconnecting a client across reliable and persistent communication sessions Download PDFInfo
- Publication number
- US20050198379A1 US20050198379A1 US10/711,646 US71164604A US2005198379A1 US 20050198379 A1 US20050198379 A1 US 20050198379A1 US 71164604 A US71164604 A US 71164604A US 2005198379 A1 US2005198379 A1 US 2005198379A1
- Authority
- US
- United States
- Prior art keywords
- client
- service
- protocol
- connection
- ticket
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
- G06F15/16—Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
- G06F15/163—Interprocessor communication
- G06F15/173—Interprocessor communication using an interconnection network, e.g. matrix, shuffle, pyramid, star, snowflake
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/28—Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
- H04L12/46—Interconnection of networks
- H04L12/4633—Interconnection of networks using encapsulation techniques, e.g. tunneling
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/062—Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/16—Implementing security features at a particular protocol layer
- H04L63/166—Implementing security features at a particular protocol layer at the transport layer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/14—Session management
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
Abstract
The invention relates to methods and systems for reconnecting a client and providing user authentication across a reliable and persistent communication session. A first protocol that encapsulates a plurality of secondary protocols is used to communicate over a network. A first protocol service, using the first protocol, provides session persistence and a reliable connection between a client and a host service. When there is a disruption in the network connection between a client and a host service, the connection is reestablished and the user re-authenticated to the host service without the user re-entering his or her authentication credentials or without the user re-establishing the user session with the host service
Description
- This present application is a continuation-in-part of and claims priority to U.S. Pat. Ser. No. 09/880,268, entitled “Method and Apparatus for Transmitting Authentication Credentials of a User Across Communication Sessions”, filed Jun. 13, 2001, and U.S. patent application Ser. No. 10/683,881, entitled “Encapsulating Protocol For Session Persistence And Reliability”, filed Oct. 10, 2003, both of which are incorporated herein by reference.
- The invention generally relates to network and client-server communications. More particularly, the invention relates to systems and methods for re-establishing client communications using a communication protocol that encapsulates other protocols to provide session persistence and reliability and for facilitating the reauthentication of a user using a client computer to communicate with a server computer via the encapsulating protocol.
- Communications over a network between two computers, for example a client and a server, can be implemented using a variety of known communication protocols. Often, however, the network connection is susceptible to breakdown. For instance, a wireless connection between a client and a server is often unreliable. In other cases, the network connection is intermittent. As such, a connection can be lost when one enters an elevator or tunnel and may only be restored following one's exit from the elevator or tunnel.
- If an established communication session between the client and the server computer abnormally terminates, the client generally has to re-establish the connection by starting a new communication session. To begin the new communication session, the user typically has to retransmit the authentication credentials, such as a login/password pair, to the server computer so that the server computer can authorize the user for the new communication session. This retransmission of the authentication credentials of a user across multiple communication sessions repeatedly exposes the authentication credentials of that user to potential attackers, thereby decreasing the level of security of the authentication credentials. In addition, this often is a slow process that also results in user frustration and inefficiency. Furthermore, in establishing a new communication session, the network may require the client obtains a new network identifier, such as an internet protocol address. The applications or programs on the client may need to be restarted because of the change in the clients network identifier. Thus, it is desirable to provide a technique for automatically re-authenticating a client when a communication session between a client computer and a server computer is re-established without requiring repeated transmission of the client's authentication credentials or restarting of programs.
- Improved systems and methods are needed for re-establishing a communication session between a client computer and a server computer without repeatedly transmitting the authentication credentials.
- The present invention relates to systems and methods for providing a client with a persistent and reliable connection to a host service and for reconnecting the client to the persistent and reliable connection. Reconnecting the client includes re-establishing the clients communication session with the host service and re-authenticating the user of the client to the host service. A persistent and reliable connection to a host service is maintained by a first protocol service on behalf of a client. The first protocol service ensures that data communicated between the client and the host service is buffered and maintained during any disruption in the network connection with the client and the first protocol service. For example, a temporary disruption in a network connection may occur when a client, such as a mobile client, roams between different access points in the same network, or when a client switches between networks (e.g., from a wired network to a wireless network). When roaming between different access points, the client may need to be assigned a different network identifier, such as an internet protocol address, as required by the network topology. In addition to maintaining buffered data during a network disruption, the first protocol service re-authenticates the client to the host service when re-establishing the client's connection to the first protocol service. After re-authenticating, the first protocol service re-links the clients connection to the host service. This prevents the user of the client from re-entering authentication credentials to re-establish its connection with the host service. Furthermore, the first protocol service will automatically manage changes to the client's network identifier that may need to occur after a network disruption. This prevents the user from restarting any applications or programs that would customarily need to be restarted when the client's assigned network identifier changes. The user can seamlessly continue using the client as the user roams between network access points without interruption from changes by the network to the clients assigned network identifier. In summary, the present invention provides automatic reconnection of a disrupted client connection to a host service without restarting applications or re-establishing sessions, including re-authentication without the user reentering authentication credentials.
- In one aspect, the invention relates to a method for reconnecting a client to a host service after a disruption to a network connection. The method uses a first protocol service to re-establish the connection between a client and a host service. The method includes providing a first connection between a client and a first protocol service and a second connection between the first protocol service and a host service. When a disruption is detected in the first connection, the second connection between the first protocol service and the host service is maintained. Then the first connection between the client and the first protocol service is re-established. The first protocol service receives a ticket associated with the client and validates the ticket. After the ticket is validated, the re-established first connection is linked to the maintained second connection.
- In one embodiment of the invention, the method includes further validating the ticket before linking the re-established first connection with the maintained second connection. The validating method further includes obtaining a session identifier and a key from the ticket received by the first protocol service. The session identifier from the ticket is used to retrieve the stored and encrypted authentication credentials of the client. Then the key from the ticket is used to decrypt the retrieved authentication credentials.
- In another embodiment, the invention provides for re-authentication of the client to the host service when re-establishing the client's connection to the host service. The method further includes authenticating the client to the host service when providing the first connection between the client and the first protocol service and the second connection between the first protocol service and the host service. When re-establishing the first connection after a disruption in the connection is detected, the method further includes re-authenticating the client to the host service.
- In another embodiment of the invention, the method further includes the first protocol service generating a ticket associated with the client. Additionally, the method further includes deleting the ticket after it is validated. In another embodiment, the ticket can be automatically deleted after a pre-determined period of time. Moreover, after the ticket is deleted, a replacement ticket can be generated. In another embodiment, a copy of the ticket can be saved at the first protocol service. Furthermore, the ticket can be transmitted from the first protocol service to the client.
- In another aspect, the invention relates to a system for reconnecting a client to host service after a disruption to a network connection. The system re-establishes the connection between a client and a host service using a first protocol service. The client is configured to maintain a first connection with the first protocol service. The first protocol service is configured to maintain the first connection with the client and a second connection with the host service. In accordance with this system, a disruption is detected in the first connection and the first connection is re-established between the client and the first protocol service while the second connection between the first protocol service and the host service is maintained. The client transmits a ticket associated with the client to the first protocol service. The ticket is validated and, after it is validated, the first protocol service links the re-established first connection with the maintained second connection.
- In one embodiment of the invention, the system includes further validating the ticket before linking the re-established first connection with the maintained second connection. Validation of the ticket further includes obtaining a session identifier and a key from the ticket received by the first protocol service. The session identifier from the ticket is used to retrieve the stored and encrypted authentication credentials of the client. Then the system decrypts the retrieved authentication credentials by using the key from the ticket.
- In another embodiment, the invention provides a system for re-authenticating the client to the host service when re-establishing the client connection to the host service. The system further includes authenticating the client to the host service when providing the first connection between the client and the first protocol service and the second connection between the first protocol service and the host service. When re-establishing a connection after detecting a disruption in the connection, the system uses the retrieved authenticated credentials to re-authenticate the client to the host service.
- In another embodiment of the invention, the system further includes the first protocol service generating a ticket associated with the client. Additionally, the system further includes deleting the ticket, after it is validated. In one embodiment, the first protocol service will automatically delete the ticket after a pre-determined period of time. Moreover, after the ticket is deleted, the system generates a replacement ticket. In another embodiment, the first protocol service saves a copy of the ticket. Furthermore, the first protocol service can transmit the ticket to the client.
- The foregoing and other objects, aspects, features, and advantages of the invention will become more apparent and may be better understood by referring to the following description taken in conjunction with the accompanying drawings, in which:
-
FIG. 1A is a block diagram of a system for providing a client with a reliable connection to a host service according to an illustrative embodiment of the invention; -
FIG. 1B is a block diagram of a system for providing a client with a reliable connection to a host service according to another illustrative embodiment of the invention; -
FIG. 2A depicts communications occurring over a network according to an illustrative embodiment of the invention; -
FIG. 2B depicts communications occurring over a network according to another illustrative embodiment of the invention; -
FIG. 3 depicts a process for encapsulating a plurality of secondary protocols within a first protocol for communication over a network according to an illustrative embodiment of the invention; -
FIG. 4 is a block diagram of an embodiment of a computer system to maintain authentication credentials in accordance with the invention; -
FIG. 5A is a flow diagram of the steps followed in an embodiment of the computer system ofFIG. 5 to maintain authentication credentials during a first communication session in accordance with the invention; -
FIG. 5B is a flow diagram of the steps followed in an embodiment of the computer system ofFIG. 4 to maintain authentication credentials during a second communication session following the termination of the first communication session ofFIG. 6A in accordance with the invention; -
FIG. 6 is a block diagram of an embodiment of a computer system to maintain authentication credentials in accordance with another embodiment of the invention; -
FIG. 7A is a flow diagram of the steps followed in an embodiment of the computer system ofFIG. 6 to maintain authentication credentials during a first communication session in accordance with the invention; -
FIG. 7B is a flow diagram of the steps followed in an embodiment of the computer system ofFIG. 6 to maintain authentication credentials during a second communication session following the termination of the first communication session ofFIG. 6 in accordance with the invention; -
FIG. 7C is a flow diagram of the steps followed in an embodiment of the computer system ofFIG. 6 to maintain authentication credentials during a second communication session following the termination of a second communication channel of the first communication session ofFIG. 6 in accordance with the invention; -
FIG. 8A is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to an illustrative embodiment of the invention; -
FIG. 8B is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another illustrative embodiment of the invention; -
FIG. 9A is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another illustrative embodiment of the invention; -
FIG. 9B is a block diagram of a system to maintain authentication credentials and provide a client with a reliable connection to a host service according to another illustrative embodiment of the invention; -
FIG. 10A is a block diagram of a system for providing a client with a reliable connection to a host service and further including components for reconnecting the client to a host service according to an illustrative embodiment of the invention; -
FIG. 10B is a block diagram of an embodiment of a system for providing a client with a reliable connection to a host service and further including components for reconnecting the client to a host service; -
FIG. 11A is a block diagram of an embodiment ofFIG. 10A further including components for initially connecting the client to a host service; -
FIG. 11B is a block diagram of the illustrative system ofFIG. 10B further including components for initially connecting the client to a host service and to maintain authentication credential according to an illustrative embodiment of the invention; -
FIG. 12A is a flow diagram of a method for network communications according to an illustrative embodiment of the invention; -
FIG. 12B is a flow diagram of a method for reconnecting the client to the host services; -
FIGS. 13A-13C are flow diagrams of a method for connecting a client to a plurality of host services according to an illustrative embodiment of the invention; -
FIG. 14 is a flow diagram of a method for providing a client with a reliable connection to host services and for reconnecting the client to the host services according to an illustrative embodiment of the invention; and -
FIGS. 15A-15B are flow diagrams of a method for reconnecting a client to host services according to an illustrative embodiment of the invention. - Certain embodiments of the present invention are described below. It is, however, expressly noted that the present invention is not limited to these embodiments, but rather the intention is that additions and modifications to what is expressly described herein also are included within the scope of the invention. Moreover, it is to be understood that the features of the various embodiments described herein are not mutually exclusive and can exist in various combinations and permutations, even if such combinations or permutations are not made express herein, without departing from the spirit and scope of the invention.
- Referring to
FIG. 1A , in general, the invention pertains to network communications and can be particularly useful for providing a client with a reliable connection to a host service. In a broad overview, asystem 100 for network communications includes a client 108 (e.g., a first computing device) in communication with a first protocol service 112 (e.g., a second computing device) over anetwork 104. Also included in thesystem 100 are a plurality of host services 116 a-116 n (e.g., third computing devices) that are in communication, over anetwork 104′, with thefirst protocol service 112 and, through thefirst protocol service 112 and over thenetwork 104, with theclient 108. Alternatively, in another illustrative embodiment of the invention, and with reference now toFIG. 1B , thefirst protocol service 112 and the host services 116 a-116 n are not implemented as separate computing devices, as shown inFIG. 1A , but, rather, they are incorporated into the same computing device, such as, for example,host node 118 a. Thesystem 100 can include one, two, or any number of host nodes 118 a-118 n. - In one embodiment, the
networks FIG. 1A . Thenetworks same network 104, as shown inFIG. 1B . In one embodiment, thenetwork 104 and/or thenetwork 104′ is, for example, a local-area network (LAN), such as a company Intranet, or a wide area network (WAN), such as the Internet or the World Wide Web. Theclient 108, thefirst protocol service 112, the host services 116 a-116 n, and/or the host nodes 118 a-118 n can be connected to thenetworks 104 and/or 104′ through a variety of connections including, but not limited to, standard telephone lines, LAN or WAN links (e.g., 802.11, T1, T3, 56 kb, X.25), broadband connections (e.g., ISDN, Frame Relay, ATM), wireless connections, or some combination of any or all of the above. - Moreover, the
client 108 can be any workstation, desktop computer, laptop, handheld computer, mobile telephone, or other form of computing or telecommunications device that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. Additionally, theclient 108 can be a local desktop client on alocal network 104 or can be a remote display client of aseparate network 104. Theclient 108 can include, for example, a visual display device (e.g., a computer monitor), a data entry device (e.g., a keyboard), persistent and/or volatile storage (e.g., computer memory), a processor, and a mouse. An example of aclient agent 128 with a user interface is a Web Browser (e.g. a Microsoft® Internet Explorer browser and/or Netscape™ browser). - Similarly, with reference to
FIG. 1A , each of thefirst protocol service 112 and the host services 116 a-116 n can be provided on any computing device that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. Alternatively, where the functionality of thefirst protocol service 112 and the host services 116 a-116 n are incorporated into the same computing device, such as, for example, one of the host nodes 118 a-118 n, as inFIG. 1B , thefirst protocol service 112 and/or the host services 116 a-116 n can be implemented as a software program running on a general purpose computer and/or as a special purpose hardware device, such as, for example, an ASIC or an FPGA. - Similar to the
client 108, each of the host nodes 118 a-118 n can be any computing device described above (e.g. a personal computer) that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. Each of the host nodes 118 a-118 n can establish communication over the communication channels 124 a-124 n using a variety of communication protocols (e.g., ICA, HTTP, TCP/IP, and IPX). SPX, NetBIOS, Ethernet, RS232, and direct asynchronous connections). - In one embodiment, each of the host services 116 a-116 n hosts one or more application programs that are remotely available to the
client 108. The same application program can be hosted by one or any number of the host services 116 a-116 n. Examples of such applications include word processing programs, such as MICROSOFT WORD, and spreadsheet programs, such as MICROSOFT EXCEL, both of which are available from Microsoft Corporation of Redmond, Wash. Other examples of application programs that may be hosted by any or all of the host services 116 a-116 n include financial reporting programs, customer registration programs, programs providing technical support information, customer database applications, and application set managers. Moreover, in one embodiment, one or more of the host services 116 a-116 n is an audio/video streaming server that provides streaming audio and/or streaming video to theclient 108. In another embodiment, the host services 116 a-116 n include file servers that provide any/all file types to theclient 108. - Referring still to the illustrative embodiments of
FIGS. 1A and 1B , theclient 108 is configured to establish aconnection 120 between theclient 108 and afirst protocol service 112 over thenetwork 104 using a first protocol. For its part, thefirst protocol service 112 is configured to accept theconnection 120. Theclient 108 and thefirst protocol service 112 can, therefore, communicate with one another using the first protocol as described below in reference toFIGS. 2A-2B andFIG. 3 . - In some embodiments, as shown in
FIGS. 1A and 1B , aclient agent 128 is included within theclient 108. Theclient agent 128 can be, for example, implemented as a software program and/or as a hardware device, such as, for example, an ASIC or an FPGA. Theclient agent 128 can use any type of protocol and it can be, for example, an HTTP client agent, an FTP client agent, an Oscar client agent, a Telnet client agent, an Independent Computing Architecture (ICA) client agent from Citrix Systems, Inc. of Fort Lauderdale, Fla., or a Remote Desktop Procedure (RDP) client agent from Microsoft Corporation of Redmond, Wash. In some embodiments, theclient agent 128 is itself configured to communicate using the first protocol. In some embodiments (not shown), theclient 108 includes a plurality ofclient agents 128 a-128 n, each of which communicates with a host service 116 a-116 n, respectively. - In another embodiment, a standalone client agent is configured to enable the
client 108 to communicate using the first protocol. The standalone client agent can be incorporated within theclient 108 or, alternatively, the standalone client agent can be separate from theclient 108. The standalone client agent is, for example, a local host proxy. In general, the standalone client agent can implement any of the functions described herein with respect to theclient agent 128. - As also described further below, the
first protocol service 112 is, in one embodiment, itself configured to communicate using the first protocol. Thefirst protocol service 112 is configured to establish a connection 124 a-124 n between thefirst protocol service 112 and the host service 116 a-116 n, respectively. For example, thefirst protocol service 112 can establish aconnection 124 a between thefirst protocol service 112 and onehost service 116 a and aconnection 124 b between thefirst protocol service 112 and anotherhost service 116 b. In one embodiment, thefirst protocol service 108 separately establishes such connections 124 a-124 n (i.e., thefirst protocol service 112 establishes one connection at a time). In another embodiment, thefirst protocol service 112 simultaneously establishes two or more of such connections 124 a-124 n. - In yet another embodiment, the
first protocol service 112 can concurrently establish and maintain multiple connections 124 a-124 n. Thefirst protocol service 112 is configured to provide two or more connections 124 a-124 n without interrupting theconnection 120 with theclient 108. For example, thefirst protocol service 112 can be configured to establish theconnection 124 a between thefirst protocol service 112 and thehost service 116 a when a user of theclient 108 requests execution of a first application program residing on thehost service 116 a. When the user ends execution of the first application program and initiates execution of a second application program residing, for example, on thehost service 116 b, thefirst protocol service 112 is, in one embodiment, configured to interrupt theconnection 124 a and establish theconnection 124 b between thefirst protocol service 112 and thehost service 116 b, without disrupting theconnection 120 between thefirst protocol service 112 and theclient 108. - The
first protocol service 112 and the host services 116 a-116 n can communicate over the connections 124 a-124 n, respectively, using any one of a variety of secondary protocols, including, but not limited to, HTTP, FTP, Oscar, Telnet, the ICA remote display protocol from Citrix Systems, Inc. of Fort Lauderdale, Fla., and/or the RDP remote display protocol from Microsoft Corporation of Redmond, Wash. For example, thefirst protocol service 112 and thehost service 116 a can communicate over theconnection 124 a using the ICA remote display protocol, while thefirst protocol service 112 and thehost service 116 b can communicate over theconnection 124 b using the RDP remote display protocol. - In one embodiment, the secondary protocol used for communicating between the
first protocol service 112 and a host service 116, such as, for example, the ICA remote display protocol, includes a plurality of virtual channels. A virtual channel is a session-oriented transmission connection that is used by application-layer code to issue commands for exchanging data. For example, each of the plurality of virtual channels can include a plurality of protocol packets that enable functionality at theremote client 108. In one embodiment, one of the plurality of virtual channels includes protocol packets for transmitting graphical screen commands from a host service 116, through thefirst protocol service 112, to theclient 108, for causing theclient 108 to display a graphical user interface. In another embodiment, one of the plurality of virtual channels includes protocol packets for transmitting printer commands from a host service 116, through thefirst protocol service 112, to theclient 108, for causing a document to be printed at theclient 108. - In another embodiment, the first protocol is a tunneling protocol. The
first protocol service 112 encapsulates a plurality of secondary protocols, each used for communication between one of the host services 116 a-116 n and thefirst protocol service 112, within the first protocol. As such, the host services 116 a-116 n and thefirst protocol service 112 communicate with theclient 108 via the plurality of secondary protocols. In one embodiment, the first protocol is, for example, an application-level transport protocol, capable of tunneling the multiple secondary protocols over a TCP/IP connection. - Referring to
FIG. 2A , communications between theclient 108 and thefirst protocol service 112 via theconnection 120 take the form of a plurality of secondary protocols 200 a-200 n (e.g., HTTP, FTP, Oscar, Telnet, ICA, and/or RDP) encapsulated within afirst protocol 204. This is indicated by the location of secondary protocols 200 a-200 n inside thefirst protocol 204. Where secure communication is not called for, thefirst protocol 204 can be, as illustrated inFIG. 2A , communicated over an unsecured TCP/IP connection 208. - Referring now to
FIG. 2B , if secure communication is used, thefirst protocol 204 is communicated over an encrypted connection, such as, for example, a TCP/IP connection 212 secured by using asecure protocol 216 such as the Secure Socket Layer (SSL). SSL is a secure protocol first developed by Netscape Communication Corporation of Mountain View, Calif., and is now a standard promulgated by the Internet Engineering Task Force (IETF) as the Transport Layer Security (TLS) protocol and described in IETF RFC-2246. - Thus, the plurality of secondary protocols 200 a-200 n are communicated within the
first protocol 204 with (FIG. 2B ) or without (FIG. 2A ) asecure protocol 216 over theconnection 120. The secondary protocols that can be used to communicate over the connections 124 a-124 n include, but are not limited to, HTTP, FTP, Oscar, Telnet, ICA, and RDP. Moreover, in one embodiment, at least one of the secondary protocols, as described above, includes a plurality of virtual channels, each of which can include a plurality of protocol packets enabling functionality at theremote client 108. For example, in one embodiment, onehost service 116 a is a web server, communicating with thefirst protocol service 112 over theconnection 124 a using the HTTP protocol, and anotherhost service 116 b is an application server, communicating with thefirst protocol service 112 over theconnection 124 b using the ICA protocol. Thehost service 116 b generates both protocol packets for transmitting graphical screen commands to theclient 108, for causing theclient 108 to display a graphical user interface, and protocol packets for transmitting printer commands to theclient 108, for causing a document to be printed at theclient 108. - Another aspect of the present invention is the method and systems described herein reduce the number of times network connections are opened and closed. In one embodiment, the
first protocol 204 allows the secondary protocol connections 200 a-200 n tunneled therein, such as, for example, anHTTP connection 200 n, to be opened and/or closed, repetitively, without also requiring the transport connection over which thefirst protocol 204 is communicated (e.g.,TCP connection 208 and/or 212), thesecure protocol connection 216, or thefirst protocol connection 204 itself to similarly be repetitively opened and/or closed. Without the encapsulation of thefirst protocol 204, the secondary protocol 200 a-200 n may frequently open and close network connections, such as TCP connections. This would add significant delays and overhead to the system. These delays and overhead would be further increased by the use of asecure encapsulation protocol 214, such as SSL, which have significant overhead in establishing network connections. By encapsulating the secondary protocol 200 a-200 n within thefirst protocol 204 and maintaining the connection of the transport connection (208, 212), the secondary protocols 200 a-200 n, as part of the payload of thefirst protocol 204, do not need to perform frequent and costly open and closes of thenetwork connection 120. Furthermore, since the secondary protocols 200 a-200 n can be communicated within thefirst protocol 204 with asecure protocol 216, the secondary protocols 200 a-200 n also do not need to open and close secured connections such as with SSL. The transport connection (208, 212) establishes and maintains thenetwork connection 120 so that the encapsulated second protocols 200 a-200 n can be communicated without repetitively opening and closing the secured orunsecured network connection 120. This significantly increases the speed of operation in communicating the secondary protocols 200 a-200 n. - As described above, the secondary protocols 200 a-200 n carry protocol packets related to applications using such protocols as HTTP, FTP, Oscar, Telnet, RDA or ICA. The secondary protocol packets 304 a-304 n transport data related to the application functionality transacted between the
client 108 and the host service 116 a-116 n. For example, a user on theclient 108 may interact with a web page provided by a host service 116 a-116 n. In transactions between theclient 108 and the host service 116 a-116 n, the secondary protocol 200 a-200 n encapsulated in thefirst protocol 204 may have http protocol packets related to displaying the web page and receiving any user interaction to communicate to the host service 116 a-116 n. Since the transport connection (208, 212) is not maintained by the secondary protocols 200 a-200 n, the secondary protocols 200 a-200 n do not need to handle any network-level connection interruptions. As such, the secondary protocols 200 a-200 n may not provide any network-level connection interruption information in their payloads. In the above example, the http related secondary protocol packets 304 a-304 n of the secondary protocol 200 a-200 n transmitted to theclient 108 would not provide a notification that a network interruption occurred, e.g., an error message on a web page. Therefore, the user on theclient 108 will not be notified of any network-level connection interrupts through the secondary protocol 200 a-200 n. This effectively hides the network connection interruptions from the user during the use of the applications related to the secondary protocols 200 a-200 n. - Referring to
FIG. 3 , anexample process 300 used by thefirst protocol service 112 and theclient agent 128 of theclient 108 encapsulates the plurality of secondary protocols 200 (e.g., HTTP, FTP, Oscar, Telnet, ICA, and/or RDP) within thefirst protocol 204 for communication via theconnection 120. Optionally, as described below, theexample process 300 used by thefirst protocol service 112 and theclient agent 128 of theclient 108 also compresses and/or encrypts the communications at the level of the first protocol prior to communications via theconnection 120. From the point of view of thefirst protocol service 112, secondary protocol packets 304 a-304 n are received via the connections 124 a-124 n at thefirst protocol service 112. For example, twosecondary protocol packets first protocol service 112. One, two, or any number of secondary protocol packets 304 a-304 n can be received. In one embodiment, the secondary protocol packets 304 a-304 n are transmitted by the host services 116 to thefirst protocol service 112 over the connection 124. The secondary protocol packets 304 a-304 n include a header 308 and a data packet 312, also referred to as a data payload. - Following receipt of the secondary protocol packets 304 a-304 n, the
first protocol service 112 encapsulates one or more of the secondary protocol packets 304 within afirst protocol packet 316. In one embodiment, thefirst protocol service 112 generates a firstprotocol packet header 320 and encapsulates within thedata payload 324 of thefirst protocol packet 316 one or more secondary protocol packets 304 a-304 n, such as, for example, twosecondary protocol packets secondary protocol packet 304 a is encapsulated in eachfirst protocol packet 316. - In one embodiment, the
first protocol packets 316 are then transmitted over theconnection 120, for example over theconnection 208 described with reference toFIG. 2A , to theclient agent 128 of theclient 108. Alternatively, in another embodiment, thefirst protocol service 112 is further configured to encrypt, prior to the transmission of anyfirst protocol packets 316, communications at the level of thefirst protocol 204. In one such embodiment, thefirst protocol packets 316 are encrypted by using, for example, the SSL protocol described with reference toFIG. 2B . As a result, asecure packet 328, including aheader 332 and an encryptedfirst protocol packet 316′ as adata payload 336, is generated. Thesecure packet 328 can then be transmitted over theconnection 120, for example over the secure TCP/IP connection 212 illustrated inFIG. 2B , to theclient agent 128 of theclient 108. - In another embodiment, the
first protocol service 112 is further configured to compress, prior to the transmission of anyfirst protocol packets 316, communications at the level of thefirst protocol 204. In one embodiment, prior to encrypting thefirst protocol packet 316, thefirst protocol service 112 compresses, using a standard compression technique, thefirst protocol packet 316. As such, the efficiency of thesystem 100 is improved. - Referring again to
FIGS. 1A-1B , thesystem 100 of the present invention, in one embodiment, provides theremote client 108 with a persistent connection to a host service 116, such as, for example, thehost service 116 a. For example, if theclient 108 establishes aconnection 120 between theclient 108 and thefirst protocol service 112 and thefirst protocol service 112 establishes aconnection 124 a between thefirst protocol service 112 and thehost service 116 a, then either theclient agent 128, thefirst protocol service 112, or both are configured to maintain a queue of the first protocol data packets most recently transmitted via theconnection 120. For example, the queued data packets can be maintained by theclient agent 128 and/or thefirst protocol service 112 both before and upon a failure of theconnection 120. Moreover, upon a failure of theconnection 120, thefirst protocol service 112 and, likewise, thehost service 116 a are configured to maintain theconnection 124 a. - Following a failure of the
connection 120, theclient 108 establishes anew connection 120 with thefirst protocol service 112, without losing any data. More specifically, because theconnection 124 a is maintained upon a failure of theconnection 120, a newly establishedconnection 120 can be linked to the maintainedconnection 124 a. Further, because the most recently transmitted first protocol data packets are queued, they can again be transmitted by theclient 108 to thefirst protocol service 112 and/or by thefirst protocol service 112 to theclient 108 over the newly establishedconnection 120. As such, the communication session between thehost service 116 a and theclient 108, through thefirst protocol service 112, is persistent and proceeds without any loss of data. - In one embodiment, the
client agent 128 of theclient 108 and/or thefirst protocol service 112 number the data packets that they transmit over theconnection 120. For example, each of theclient agent 128 and thefirst protocol service 112 separately numbers its own transmitted data packets, without regard to how the other is numbering its data packets. Moreover, the numbering of the data packets can be absolute, without any re-numbering of the data packets, i.e., the first data packet transmitted by theclient agent 128 and/or thefirst protocol service 112 can be numbered as No. 1, with each data packet transmitted over theconnection 120 by theclient agent 128 and/or thefirst protocol service 112, respectively, consecutively numbered thereafter. - In one such embodiment, following a disrupted and re-established
connection 120, theclient agent 128 and/or thefirst protocol service 112 informs the other of the next data packet that it requires. For example, where theclient agent 128 had received data packets Nos. 1-10 prior to the disruption ofconnection 120, theclient agent 128, upon re-establishment of theconnection 120, informs thefirst protocol service 112 that it now requires data packet No. 11. Similarly, thefirst protocol service 112 can also operate as such. Alternatively, in another such embodiment, theclient agent 128 and/or thefirst protocol service 112 informs the other of the last data packet received. For example, where theclient agent 128 had received data packets Nos. 1-10 prior to the disruption ofconnection 120, theclient agent 128, upon re-establishment of theconnection 120, informs thefirst protocol service 112 that it last received data packet No. 10. Again, thefirst protocol service 112 can also operate as such. In yet another embodiment, theclient agent 128 and/or thefirst protocol service 112 informs the other, upon re-establishment of theconnection 120, of both the last data packet received and the next data packet it requires. - In such embodiments, upon re-establishment of the
connection 120, theclient agent 128 and/or thefirst protocol service 112 can retransmit the buffered data packets not received by the other, allowing the communication session between a host service 116 and theclient 108, through thefirst protocol service 112, to proceed without any loss of data. Moreover, upon re-establishment of theconnection 120, theclient agent 128 and/or thefirst protocol service 112 can flush from each of their respective buffers the buffered data packets now known to be received by the other. - By providing the
client 108 with a reliable and persistent connection to a host service 116 a-116 n, the present invention avoids the process of opening a new user session with the host service 116 a-116 n by maintaining the user session through network connection interruptions. For each user session with a host service 116 a-116 n, theclient 108 and the host service 116 a-116 n may maintain session specific context and caches, and other application specific mechanisms related to that instance of the user session. For each new user session established, these session specific context and caches need to be re-populated or re-established to reflect the new user session. For example, a user on theclient 108 may have an http session with a host service 116 a-116 n. The host service 116 a-116 n may keep context specific to providing this instance of the http session with theclient 108. The context may be stored in the memory of the server, in files of the server, a database or other component related to providing the functionality of the host service 116 a-116 n. Also, theclient 108 may have local context specific to the instance of the http session, such as a mechanism for keeping track of an outstanding request to the host service 116 a-116 n. This context may be stored in memory of theclient 108, in files on theclient 108, or other software component interfaced with theclient 108. If the connection between theclient 108 and the host service 116 a-116 n is not persistent, then a new user session needs to be established with new session specific context on the host service 116 a-116 n and theclient 108. The present invention maintains the session so that a new session, and therefore new specific session context, does not need to be re-established. - The present invention maintains the user session through network level connection interruptions and without notification to the user of the client that the session was interrupted. In operation of this aspect of the invention, the
first protocol service 112 establishes and maintains a first connection with aclient 108 and a second connection with a host service 116 a-116 n. Via the first connection and the second connection, a session between theclient 108 and the host service 116 a-116 n is established. Thefirst protocol service 112 can store and maintain any session related information such as authentication credentials, andclient 108 and host service 116 a-116 n context for the established session. A user on theclient 108 will exercise the functionality provided by the host service 116 a-116 n through the established session. As such, related secondary protocol packets 304 a-304 n will contain data related to the transaction of such functionality. These secondary protocol packets 304 a-304 n as part of the secondary protocol 200 a-200 n are encapsulated and communicated in afirst protocol 204. Upon detection of a disruption in either the first connection or the second connection, thefirst protocol service 112 can re-establish the disrupted connection while maintaining the other connection that may have not been disrupted. The network connection disruption may cause an interruption to the session between theclient 108 and the host service 116 a-116 n. However, since the transport mechanism is not maintained by the secondary protocols 200 a-200 n, the session can be re-established after the network connection is re-established without the user on theclient 108 having notification that the session was interrupted. The secondary protocol 200 a-200 n does not need to contain any interruption related information to transmit to theclient 108. Thus, the interruption of the session caused by the network connection disruption is effectively hidden from the user because of the encapsulation of thefirst protocol 204. - The
first protocol service 112 maintaining session related information can re-establish the session between theclient 108 and the host service 116 a-116 n. For example, if the first connection between theclient 108 and the first protocol service 116 is disrupted, thefirst protocol service 112 can keep theclients 108 session active or open between thefirst protocol service 112 and the host service 116 a-116 n. After the first connection is re-established, thefirst protocol service 112 can link the session of theclient 108 to the maintained session between thefirst protocol service 112 and the host service 116. Thefirst protocol service 112 can send to theclient 108 any data that was queued prior to the disruption in the first connection. As such, theclient 108 will be using the same session prior to the disruption, and the host service 116 a-116 n andclient 108 can continue to use any session specific context that may have in memory or stored elsewhere. Furthermore, because of the intermediary of thefirst protocol service 112, the host service 116 a-116 n may not be aware of the network disruption between thefirst protocol service 112 and theclient 108. - In another example, if the second connection between the
first protocol service 112 and the host service 116 a-116 n is disrupted, the first protocol service can maintain the first connection with theclient 108 while re-establishing the second connection with the host service 116 a-116 n. After re-establishing the second connection, thefirst protocol service 112 can re-establish the client's session, on behalf of the client, with the host service 116 a-116 n. Since thefirst protocol service 112 was maintaining any session relation information, the first protocol service may re-establish the same session or a similar session so that theclient 108 is not aware of the disruption in the second network connection and the resulting disruption to the session between thefirst protocol service 112 and the host service 116 a-116 n. During re-establishing the second network connection and the session, thefirst protocol service 112 can queue any session transactions sent by theclient 108 during the disruption. Then, after re-establishing the session with the host service 116 a-116 n, thefirst protocol service 112 can transmit the queued transactions to the host service 116 a-116 n and the session can continue normally. In this manner, theclient 108 continues to operate as if there was not an interruption to the session. - Additionally, by providing a reliable and persistent connection, the present invention also avoids interruptions to transactions, commands or operations as part of the functionality exercised between the
client 108 and aserver 415, or a host service 116 a-116 n. For example, a file copy operation using Windows Explorer has not been designed to continue working after there is a disruption in a network connection. A user on theclient 108 may use the file copy feature of Windows Explorer to copy a file from theclient 108 to aserver 415. Because of the size of the file or files, this operation may take a relatively extended period of time to complete. If during the middle of the operation of the copy of the file to theserver 415, there is an interruption in the network connection between theclient 108 and theserver 415, the file copy will fail. Once the network connection is re-established, the user will need to start another file copy operation from Windows Explorer to copy the file from theclient 108 to theserver 415. Under the present invention, the user would not need to start another file copy operation. The network connection would be re-established as part of thefirst protocol 204 connection. The file copy operations would be encapsulated in the payload of the secondary protocols 200 a-200 n. As such, the file copy of Windows Explorer would not get notified of the interruption in the network connection and therefore, would not fail. Thefirst protocol service 112 would re-establish any connections and transmits any queued data so that operation can continue without failure. Thefirst protocol service 112 would maintain a queue of the data related to the file copy operations that has not been transferred to theserver 415 because of the interruption in the network connection. Once the network connection is re-established, thefirst protocol service 112 can transmit the queued data and then continue on with transferring the data related to the file copy operation in due course. - Although this aspect of the invention is described in terms of a file copy operation example, one ordinarily skilled in the art will recognize that any operation, transaction, command, function call, etc. transacted between the
client 108 and theserver 415, or host service 116 a-116 n, can be maintained and continued without failure from the network connection disruption, and, furthermore, without theclient 108 recognizing there was a disruption or having notice of the disruption. - Furthermore, by providing a reliable and persistent connection, the present invention also enables a
client 108 to traverse through different network topologies without re-starting a session or an application on theclient 108. For example, theclient 108 may be a computer notebook with a wireless network connection. As theclient 108 moves from a first wireless network to a second wireless network, theclients network connection 120 may be temporarily disrupted from the first wireless network as a network connection is established with the second wireless network. The second wireless network may assign a new network identifier, such as a host name or internet protocol address, to theclient 108. This new network identifier may be different than the network identifier assigned to theclient 108 by the first wireless network. In another example, theclient 108 may be physically connected through an Ethernet cable to a port on the network. The physical connection may be unplugged and theclient 108 moved to another location to plug into a different port on the network. This would cause a disruption into the network connection 102 and possible a change in the assigned network identifier. Without the present invention, any sessions with a host service 116 a-116 n on theclient 108 or application on theclient 108 accessing the network may need to be restarted due to the change in the network topology, the disruption to thenetwork connection 120, and/or the change in the assigned network identifier. By the method and systems described herein, the present invention maintains the network connection for the client and automatically re-established the client's 108 network connection including handling changes in the network topology and network identifier. Theclient 108, and any applications or sessions on theclient 108, can continue to operate as if there was not a network connection disruption or a change in the network identifier. Furthermore, the user on theclient 108 may not recognize there were any interruptions or changes, and theclient 108 may not receive any notice of such interruptions. - Even with a reliable and persistent communication session as described above, network connections are still disrupted. When re-establishing the clients connection to the host service, the
client 108 also needs to be re-authenticated to the host service 116. One embodiment of the invention relates to systems and methods for authenticating aclient 108 to a host service 116 and re-authenticating theclient 108 to the host service 116 without re-entering authentication credentials. -
FIG. 4 depicts an illustrative embodiment of asystem 400 that is capable of reconnecting theclient 108 to a host service 116 using an automatic client reconnect service referred to as auto client reconnect service orACR Service 405. In brief overview, aclient 108 communicates with aserver computer 415, also referred to as a server, over acommunication channel 418. Thecommunication channel 418 may include anetwork 104. For example, thecommunication channel 418 can be over a local-area network (LAN), such as a company Intranet, or a wide area network (WAN) such as the Internet or the World Wide Web. Theserver 415 provides auto client reconnect services through anACR Service 405. Theclient 108 accesses theserver 415 through thecommunication channel 418. TheACR Service 405 of theserver 415 provides authentication services to authenticate theclient 108 to theserver 415. When there is a disruption in a network connection, theACR Service 405 further provides re-authentication services to re-authenticate theclient 108 to theserver 415. Although illustrated with asingle client 108 and onecommunication channel 418, any number of clients (e.g. 108, 108′) and number of communication channels (e.g. 418, 418′) can be part of thesystem 100. - In one embodiment, the
server 415 includes aprocessor 425 andmemory 430 that communicates over asystem bus 432. Thememory 430 may include random access memory (RAM) and/or read only memory (ROM). In another embodiment, theserver 415 accessesmemory 430 from a remote site (e.g., another computer, an external storage device). - The
ACR Service 405 running on theserver 415 includes akey generator 435, a session identifier (SID)generator 438, anencryptor 440, akey destroyer 445, and adecryptor 448. Thekey generator 435 generates a key when theserver 415 or theACR Service 405 receives authentication credentials from theclient 108. In one embodiment, thekey generator 435 derives the key from a characteristic of theserver 415. Particular examples include thekey generator 435 deriving the key from the temperature of theprocessor 425, the time thatserver 415 received the authentication credentials, and the number of keys stored inmemory 430. In a further embodiment, the key and the authentication credentials are the same size (e.g. eight bits). In one embodiment, the key generator is a software module. In another embodiment, thekey generator 435 is a random number generator. - The
SID generator 438 generates the unique SID to enable theserver 415 to identify a particular communication session. In one embodiment, theSID generator 438 is a software module. In another embodiment, theSID generator 438 is a random number generator. In another embodiment, the SID generator transmits the SID to the host service 116. In one embodiment, theSID generator 438 obtains the SID from a host service 116 running on the server. In yet another embodiment, the SID generator generates the SID by receiving a session identifier from the host service 116 establishing a user session. - The
encryptor 440 encrypts the key with the authentication credentials to create encrypted authentication credentials. In one embodiment, theencryptor 440 encrypts the key with the authentication credentials by performing an exclusive OR operation (i.e. XOR) on the key and the authentication credentials. In another embodiment, theencryptor 440 adds the authentication credentials to the key to encrypt the authentication credentials; that is, theencryptor 440 performs a “Caesar Cipher” on the authentication credentials using the key as the shift value. In another embodiment, theencryptor 440 performs a hash function, such as MD4, MD5, or SHA-1, on the authentication credentials. It should be clear that theencryptor 440 can perform any type of manipulation on the authentication credentials as long as theACR Service 405 can decrypt the encrypted authentication credentials with the key. - In one embodiment, the
encryptor 440 is a software module that executes mathematical algorithms on the key and the authentication credentials to create the encrypted authentication credentials. In another embodiment, theencryptor 440 is a logic gate of theserver computer 415, such as an exclusive OR (XOR) gate. - In one embodiment, the
encryptor 440 stores the encrypted authentication credentials with the SID in a table 455 inmemory 430. In another embodiment, theencryptor 440 stores the encrypted authentication credentials in the table 455 and theSID generator 438 stores the SID in the table 455. In one embodiment, the table 455 is an area inmemory 430 allocated by theprocessor 455 for us by theencryptor 440. In another embodiment, theencryptor 440 stores the encrypted authentication credentials with the SID in a database (not shown inFIG. 4 ) separate frommemory 430. - In one embodiment, the
ACR Service 405 uses the SID as a vector to the location of the encrypted authentication credentials in the table 455. In another embodiment, theACR Service 405 uses the SID as a database key to locate and retrieve the encrypted authentication credentials in a database (not shown inFIG. 4 ). Each encrypted authentication credential created by theencryptor 440 is associated with only one unique SID. Thus, theACR Service 405 can locate and retrieve the encrypted authentication credentials by using a particular SID. - The
key destroyer 445 deletes the key once theACR Service 405 determines that the key is no longer needed. In one embodiment, thekey destroyer 445 is a delete function of a software program such as the operating system of theserver 415. - The
decryptor 448 decrypts the encrypted authentication credentials once theACR Service 405 receives the key and the SID from theclient 108. In one embodiment, thedecryptor 448 is a software module that performs the inverse function or algorithm that theencryptor 440 performed to create the encrypted credentials. In another embodiment, thedecryptor 448 is a hardware component (e.g. a logic gate) to perform the inverse operation of theencryptor 440. - In one embodiment, one or more of the
key generator 435, theSID generator 438, theencryptor 440, thekey destroyer 445 and thedecryptor 448 are joined into one software module representing theACR Service 405. In another embodiment, these components (436, 438, 440, 445 and 448) can be hardware components such as logic gates. In a further embodiment, these components (435, 438, 440, 445 and 448) are included in a single integrated circuit. In yet another embodiment, some of the components, for example thekey generator 435 and theSID generator 438, can be hardware components, and other components, for example theencryptor 440, thekey destroyer 445 and thedecryptor 448, can be software components. - In another embodiment, the present invention also provides methods for reconnecting a
client 108 to a host service 116 when there is a disruption in the clients connection to the network. The methods include re-establishing the clients connection to the host service 116 and using theACR Service 405 to re-authenticate the client to the host service. - Referring to
FIG. 5A , theclient 108 establishes a first communication session with theserver 415 over thecommunication channel 418. Theclient 108 obtains (step 500) authentication credentials from a user of theclient 108. In asystem 100 not using an Open System Interconnection (OSI) protocol as the transmission protocol for communications between theclient 108 and theserver 415, the authentication credentials may be a login password that is needed to establish the first communication session. In this embodiment, the obtaining of the authentication credentials from the user precedes the establishment of the communication session. In another embodiment, the authentication credential is personal information of the user that theclient 108 obtains after the first communication session has been established. Examples of authentication credentials include a login password, a social security number, a telephone number, an address, biometric information, a time-varying pass code and a digital certification. Theclient 108 then transmits (step 505) the authentication credentials to theserver 415 over thecommunication channel 418 so that theserver 415 can authenticate theclient 108 or the user of theclient 108. - After the
server 415 receives the authentication credentials, theACR Service 405 provides its auto client reconnect services. Thekey generator 435 creates (step 510) a first encryption key for use with the authentication credentials. In one embodiment, the encryption key is a random number. In another embodiment, the encryption key is any standard cryptographic key. Theencryptor 440 then encrypts (step 515) the authentication credentials with the first key to generate encrypted authentication credentials. This prevents an attacker who gains access to theserver 415 from accessing the authentication credentials without the key. TheSID generator 438 then creates (step 520) a first SID to identify the first communication session between aclient 108 and theserver 415. In one embodiment, the first communication session is with a host service 116 hosted by theserver 415. Theencryptor 440 then stores (step 525) the encrypted authentication credentials with the first SID in the table 455 described above. - In one embodiment, the
encryptor 440 stores the encrypted authentication credentials with the first SID in a certain location for more efficient retrieval at a later time. For instance, theencryptor 440 stores all encrypted authentication credentials and SIDs that have been created within a predetermined amount of time in RAM 30. TheACR service 405 transfers all encrypted authentication credentials and SIDS created before a predetermined time to a second, external memory (not shown). In another embodiment, theencryptor 440 stores the encrypted authentication credentials with the SID in a database (not shown). - The SID and the encrypted authentication credentials stored in the
memory 430 can be arranged in any particular order and/or format. For example, the SID and encrypted authentication credentials can be stored in chronological order with respect to the creation time of the encrypted authentication credentials. - The
server 415 then transmits (step 535) the first key and associated first SID to theclient 108 over thenetwork 104. Theclient 108 stores (step 540) the first key and the first SID in theclients 108 memory (not shown). Then thekey destroyer 445 of theACR Service 405 deletes (step 545) the key stored inmemory 430. - In another embodiment, the
ACR Service 405 does not delete the first key frommemory 430 until theACR Service 405 has notification that theclient 108 has received the key. For example, theclient 108 transmits an acknowledgment message to theserver 415 after theclient 108 successfully received the key. Once theACR Service 405 receives notification, thekey destroyer 445 then deletes (step 545) the key from thememory 430. This prevents theACR Service 405 from deleting the key before theclient 108 successfully received the key. By not deleting the key until the acknowledgment message, theACR Service 405 can retransmit the key and the SID to theclient 108 upon a failure in the transmission. - By deleting the key in
step 545, theACR Service 405 does not have the mechanism needed to decrypt the encrypted authentication credentials stored in the table 455. Thus, if an attacker accesses thememory 430 of theserver 415, the attacker can retrieve the encrypted authentication credentials but cannot decrypt the encrypted authentication credentials. Therefore, the attacker cannot read the authentication credentials. In short, the encrypted authentication credentials stored on theserver 415 do not provide any information that the attacker can interpret or understand. As such, theserver 415 does not possess any information to decrypt the encrypted authentication credentials. - In addition, the
client 108 is the only device that can provide the key to the encrypted authentication credentials. With the possibility ofmany clients 108 as part of thenetwork 104, an attacker may have to attempt to gain access to each client (e.g. 108, 108′) individually to find theclient 108 that possesses the correct key. This can be time consuming and tedious and, as a result, may deter an attacker from an attempt to decrypt the encrypted authentication credentials. - In another embodiment, the
server 415 has a timeout feature with respect to accessing the encrypted authentication credentials. For instance, theserver 415 starts a timer after the first communication is abnormally terminated. If the timer reached a predetermined value before theclient 108 re-establishes the second communication session and transmits the key to theserver 415 for decryption, theACR Service 405 deletes the encrypted authentication credentials from the table 455. If no timer is used, the key acts as a de facto password for future sessions. - Once the
client 108 receives the first key and the first SID from theserver 415 as described above in reference toFIG. 5A , the session can be re-established, as shown inFIG. 5B , without requiring the user to reenter his or her authentication credentials. When a disruption or break occurs in the first communication session (step 500) between theclient 108 and theserver 415, thefirst communication session 418 needs to be re-established and theclient 108 re-authenticated to theserver 415. TheACR Service 405 provides a system and method for re-establishing and re-authenticating theclient 108 to theserver 415. - When the
client 108 and theserver 415 re-establish a second communication session, theclient 108 transmits the first key and the first SID (step 555) to theserver 415. TheACR Service 405 uses the SID (step 558) to locate and retrieve the encrypted authentication credentials in theservers memory 430 and uses the key (step 560) to decrypt the retrieved authentication credentials. Theserver 415 then re-authenticates theclient 108 to the server 415 (step 565) by validating the authentication credentials from theclient 108. In one embodiment, the authentication and re-authentication is facilitated through the security services provided by the operating system of the computing device of theserver 415. For example, the authentication credentials are a login and password to theserver 415. In another embodiment, the authentication and re-authentication is facilitated through application level security services of an application or software program on theserver 415. For example, the authentication credentials are an application login and password to a specific host service 116. - To illustrate, upon an abnormal termination of a first communication session (step 550) in which the user's login password was the authentication credential, the
client 108 attempts to establish a second communication session with theserver 415. As part of the request to theserver 415 to establish a second communication session with theserver 415, theclient 108 transmits the key and the SID (step 555) of the first terminated communication session to theserver 415. Instead of prompting the user to enter the users login password again, theserver 415, through theACR Service 405, uses the SID (step 558) to locate and retrieve the encrypted authentication credentials associated with the user, uses the key (step 560) to decrypt the retrieved authentication credentials, and reauthenticates the client using the decrypted authentication information (step 565). - In one embodiment, during the second communication session, the
ACR Service 405 creates (step 570) a second key for the authentication credentials and then encrypts (step 575) the authentication credentials using the second key. A second SID is created (step 580) to identify the second communication session and associate the session with theclient 108. The second encrypted authentication credentials are stored (step 525) with the second SID in the table 455. - In this embodiment, the server then transmits (step 585) the second key and the second SID to the
client 108. Theclient 108 then stores (step 590) the second key and the second SID in memory (not shown) for future retrieval. TheACR Service 405 then deletes (Step 595) the second key from thememory 430. Thus, theACR Service 405 can only decrypt the second encrypted authentication upon obtaining the second key and the second SID from theclient 108. TheACR Service 405 has created a new key and a new SID for the second communication session that is used with the same authentication credentials that the user had transmitted during the first communication session. Therefore, a users authentication credentials do not have to be retransmitted upon a second communication channel after an abnormal termination of the first communication session. - Although the invention is discussed in terms of authentication credentials, any confidential information which can be maintained across sessions if there is a communication failure can be used. Thus if credit card information is required by an application and the credit card information is sent to the server, the subsequent disconnect between the client and the server does not require the credit card information to be reentered if this invention is issued. Further, although a session identifier, or SID, is discussed as providing a pointer to the stored authentication credentials, any number or value which is suitable as a pointer may be used.
-
FIG. 6 depicts another illustrative embodiment of asystem 600 that is capable of reconnecting aclient 108 to aserver 415 using anACR Service 405 executing on anintermediary node 650. Theintermediary node 650 is a computing device different from theserver 415 and can be any computing device that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. In brief overview, theclient 108 is in communication with anintermediary node 650 over acommunication channel 418. Thecommunication channel 418 may include anetwork 104. Theintermediary node 650 provides auto client reconnect services, via anACR Service 405, to theclient 108 for the connection of theclient 108 to theserver 415. Theintermediary node 650 is in communications with theserver 415 over acommunication channel 418′. Thecommunication channel 418′ may include anetwork 104′. Theclient 108 accesses the services of theserver 415 through theintermediary node 650. TheACR Service 405 on theintermediary node 650 provides auto client reconnect services for the connection of theclient 108 to theserver 415. Although illustrated with asingle client 108 over acommunication channel 418, any number of clients and number of communication channels can be part of thesystem 600. - In a further embodiment (not shown), the
system 600 includes multipleintermediary nodes 650 that are in communication with one ormore clients 108 through anetwork 104 overadditional communication channels FIG. 6 with a singleintermediary node 650 over acommunication channel 418, any number of intermediary nodes and number of communication channels can part of thesystem 600. - In another embodiment, the invention relates to methods to facilitate establishing and authenticating a
clients 108 connection to aserver 415 using one or moreintermediary nodes 650. As shown inFIG. 7A , anintermediary node 650 establishes (step 520A) a session with theserver 415. - The
client 108 establishes a first communication session with theintermediary node 650 over thecommunication channel 418. Theclient 108 obtains (step 500) authentication credentials from a user of theclient 108. Theclient 108 then transmits (step 505) the authentication credentials to theintermediary node 650 over thecommunication channel 418 so that theintermediary node 650 can authenticate the user with theserver 415. - After the
intermediary node 650 receives the authentication credentials, theACR Service 405 provides its auto client reconnect services. TheACR Service 405 creates (step 510) a first encryption key for use with the authentication credentials and then encrypts (step 515) the authentication credentials with the first key to generate encrypted authentication credentials. This prevents an attacker who gains access to theserver 415 from accessing the authentication credentials without the key. Then a session is established with the server 415 (step 520A) and theclient 108 is authenticated to theserver 415 using the authentication credentials. Thereby, theACR Service 405 creates a first SID to identify the first communication session. The encrypted authentication credentials are stored (step 525) with the first SID in the table 455 described above. Theintermediary node 650 then transmits (step 535) the first key and the first SID to theclient 108 over thenetwork 104. Theclient 108 stores (step 540) the first key and the first SID in theclients 108 memory (not shown). TheACR Service 405 then deletes (step 545) the key stored inmemory 430. - Once the
client 108 receives the first key and the first SID from theintermediary node 650 as described above in reference toFIG. 7A , the communication session can be re-established and re-authenticated, as shown inFIG. 7B , without requiring the user to reenter his or her authentication credentials. For example, there may be a disruption in the first communication session (step 705) between theclient 108 and theintermediary node 650 from an abnormal termination. - When the
client 108 and theintermediary node 650 re-establish a second communication session, theclient 108 transmits the first key and the first SID (step 555) to theintermediary node 650. TheACR Service 405 of theintermediary node 650 uses the SID (step 558) to locate and retrieve the encrypted authentication credentials in the server'smemory 430 and uses the key (step 560) to decrypt the retrieved authentication credentials. The key generator creates (step 570) a second key for the authentication credentials and thekey encryptor 440 then encrypts (step 575) the authentication credentials using the second key. TheSID generator 438 also creates (step 580) a second SID to identify the second communication session and associates it with the maintained session between theintermediary node 650 and theserver 415. The encryptor 440 stores the second encrypted authentication credentials with the second SID in the table 455. - In this embodiment, the
server 415 then transmits (step 585) the second key and the second SID to theclient 108. Theclient 108 then stores (step 590) the second key and the second SID for future retrieval. Thekey destroyer 445 then deletes (Step 595) the second key from thememory 430. Thus, theACR Service 405 can only decrypt the second encrypted authentication upon obtaining the second key and the second SID from theclient 108. TheACR Service 405 has created a new key and a new SID for the second communication session that is used with the same authentication credentials that the user had transmitted during the first communication session. Therefore, a user's authentication credentials do not have to be retransmitted upon a second communication channel after an abnormal termination of the first communication session. - In another embodiment, there may be a disruption or abnormal termination in the second communication session (step 710) between the
intermediary node 650 and theserver 415. As described inFIG. 7C , the second communication session can be re-established and re-authenticated without requiring the user to reenter his or her authentication credentials. - When the
intermediary node 650 and theserver 415 re-establish a second communication session, theintermediary node 650 requests (step 550) the first key and first SID from theclient 108 to re-establish a session with theserver 415 on the clients behalf. In response, theclient 108 transmits the first key and the first SID (step 555) to theintermediary node 650. TheACR Service 405 of theintermediary node 650 uses the SID (step 558) to locate and retrieve the encrypted authentication credentials in the server'smemory 430 and uses the key (step 560) to decrypt the retrieved authentication credentials. TheACR Service 500 then re-establishes the clients session with the server (step 565) using the decrypted authentication credentials to re-authenticate theclient 108 to theserver 415. - In another embodiment, after re-establishing and re-authenticating the client over the second communication session, the
ACR Service 405 of theintermediary node 650 creates a replacement second SID and second key as previously described inFIG. 7B . In reference to the embodiment of the ACR Service illustrated inFIG. 4 , the key generator creates (step 570) a second key for the authentication credentials and thekey encryptor 440 then encrypts (step 575) the authentication credentials using the second key. TheSID generator 438 also creates (step 580) a second SID to identify the second communication session and associates it with the re-established session between theintermediary node 650 and theserver 415. The encryptor 440 stores the second encrypted authentication credentials with the second SID in the table 455. In this embodiment, the server then transmits (step 585) the second key and the second SID to theclient 108. Theclient 108 then stores (step 590) the second key and the second SID for future retrieval. Thekey destroyer 445 then deletes (Step 595) the second key from thememory 430. - In other embodiments, one or more of the
first protocol service 112 andACR Service 405 can be distributed across any of the host service nodes. As such, the functionality of re-establishing and re-authenticating, or automatically reconnecting, aclient 108 connect to a host service 116 can be flexibly distributed in different system and deployment architectures across host services 116 and/or host nodes 118. - In one embodiment of this aspect of the invention, an
ACR Service 405 can be associated with each of the host services 116 a-116 n insystem 100 to provide auto client reconnect services dedicated to each host service 116, respectively. A singlefirst protocol service 112 can be deployed to handle all of the host services 116 a-116 n. As shown inFIG. 8A , each of themultiple ACR Services 405 a-405 n is associated with each of the host services 116 a-116 n, respectively. By way of example, aclient 108 establishes a communication session with thehost service 116 a using thefirst protocol service 112. TheACR Service 405 a associated withhost service 116 a provides auto client reconnect services for the connection of theclient 108 to thehost service 116 a. If there is a disruption in a network connection, thefirst protocol service 112 will re-establish the connection with theclient 108 and theACR Service 405 a will re-authenticate theclient 108 to thehost service 116 a. Asecond client 108′ may concurrently, with thefirst client 108, establish a communication session with thehost service 116 b using thefirst protocol service 112. TheACR Service 405 b provides auto client reconnect services for the clients connection to thehost service 116 b. If there is a network disruption, thefirst protocol service 112 in conjunction with theACR Service 405 b will reconnect theclient 108′ to thehost service 116 b. - In another embodiment of this aspect of the invention, an ACR service can be associated with each of the multiple host services 116 a-116 n running on each of the host nodes 118 a-118 n of the
system 100. Afirst protocol service 112 can be deployed on each host node 118 to service each of the multiple host services 116 a-116 n running on that host node 118. As shown inFIG. 8B , eachACR service 405 a-405 n is associated with each host service 116 a-116 n, respectively. Each host node 118 has a dedicatedfirst protocol service 112 servicing each of its host services 116 and eachACR Service 405. For example, aclient 108 establishes a communication session withhost service 116 a onhost node 118 a by using thefirst protocol service 112 a. TheACR Service 405 a onhost node 118 a provides auto client reconnect services for the connection of theclient 108 to thehost service 116 a onhost node 118 a. - If a network disruption is detected, the
first protocol service 112 a re-establishes the clients connection to thehost service 116 a onhost node 118 a and theACR service 405 a onhost node 118 a re-authenticates theclient 108 to thehost service 116 a onhost node 118 a. Concurrently with thefirst client 108, asecond client 108′ establishes a communication session withhost service 116 b onhost node 118 a using thefirst protocol service 112 a andACR Service 405 a. If there is a network disruption, thefirst protocol service 112 a in conjunction with theACR Service 405 a reconnect theclient 108′ withhost service 116 b onhost node 118 a. Concurrently with thefirst client 108 and thesecond client 108′, athird client 108′ establishes a communication session withhost service 116 n onhost node 118 b using thefirst protocol service 112 b andACR Service 405 n onhost node 118 b. In a similar manner, thefirst protocol service 112 b andACR Service 405 n can reconnect theclient 108′ to thehost service 116 n ofhost node 118 b. - In other embodiments, one or more of the
ACR Services 405 can be distributed with thefirst protocol services 112 across any of the intermediary or first protocol services nodes. As such, the functionality of reconnecting aclient 108 to a host service 116 can be flexibly distributed in different system and deployment architectures associated with thefirst protocol service 112. - In one embodiment of this aspect of the invention, the
ACR Service 405 can be associated with eachfirst protocol service 112 to provide auto client reconnect services dedicated to thefirst protocol service 112. A singlefirst protocol service 112 andACR Service 405 can be deployed to handle all of the host services 116 a-116 n. As shown inFIG. 9A , theACR Service 405 resides with thefirst protocol service 112 on the same computing device to provide auto client reconnect services to host services 116 a-116 n. For example, aclient 108 establishes a communication session with any of the host services 116 a-116 n by using thefirst protocol service 112 andACR Service 405. Thefirst protocol service 112 andACR Service 405 provide reconnecting functionality from aclient 108 to any of the host services 116 a-116 n. - In another embodiment of this aspect of the invention, each of the
ACR Services 405 a-405 n can be associated with each of the multiple of first protocol services 116 a-116 n. For example as shown inFIG. 9B , afirst protocol service 112 a and anACR Service 405 a can be deployed on ahost node 118 a to service each of the multiple host services 116 a-116 n running on thathost node 118 a. As further shown inFIG. 9B , eachACR service 405 a-405 n is associated with eachfirst protocol service 112 a-112 n to provide dedicated auto client reconnect services to the multiple host services 116 a-116 n of each host node 118 a-118 n. By way of example,client 108 establishes a communication session withhost service 116 a onhost node 118 a by using thefirst protocol service 112 a andACR Service 405 a on thesame host node 118 a. If there is a network disruption, thefirst protocol service 112 a in conjunction with theACR Service 405 a reconnects theclient 108 to thehost service 116 a on thehost node 118 a. - Although the invention is discussed above in terms of various system and deployment architectures in
FIGS. 8A-8B and 9A-9B, any other system and/or deployment architecture that combines and/or distributes one or more of the first protocol service(s) 112, ACR Service(s) 405, and host service(s) 116 across any of the host nodes 118,intermediary nodes 650 or other computing devices can be used. - Furthermore, instead of using an
ACR Service 405 to provide authentication and re-authentication services, aticket authority 1036 service can be used. Aticket authority 1036 generates and validates tickets for connection and authentication purposes. A ticket can comprise a session identifier and key. It can also comprise a random number, an application server certificate, a nonce, a constant or null value or any other type of identification, confidential or security based information that may be used for such purposes. - In an embodiment of a
network communication system 1000 for reconnecting aclient 108 to a host service 116 as shown inFIG. 10A , aticket authority 1036 can run on a node separate from theintermediary node 1032,first protocol service 112 or any of the host services 116 a-116 n.FIG. 10A depicts anintermediary node 1032 andticket authority 1036, which could be a single computing device, as part of thesystem 1000. In addition to thenetworks system 1000 includes aclient 108,first protocol service 112, and the host services 116 a-116 n, all of which are described above. In one embodiment, theintermediary node 1032 is a security gateway, such as, for example, a firewall and/or a router, through which messages between theclient 108 and thefirst protocol service 112 must pass due to the configuration of thenetwork 104. Theticket authority 1036 can be, for example, a stand-alone network component that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. Theticket authority 1036 also can be a specific host service 116 dedicated to providing ticket related services on aserver 415. - As shown in the illustrative embodiment of
FIG. 10A , theintermediary node 1032 is configured to accept aconnection 120 a initiated by theclient 108 and to establish asecond connection 120 b with thefirst protocol service 112. Together, theconnection 120 a and thesecond connection 120 b constitute theconnection 120, described above, over which theclient 108 and thefirst protocol service 112 communicate using the first protocol. - The
intermediary node 1032, as shown, is also configured to communicate with theticket authority 1036. In one embodiment, theticket authority 1036 is configured to receive a request for a first reconnection ticket from theintermediate node 1032 and to thereafter generate the first reconnection ticket. The first reconnection ticket can include, for example, a large random number. The first reconnection ticket allows theclient 108 to automatically re-establish a connection with the host service after an abnormal disruption of service without requiring theclient 108 to provide authentication credentials again. - After generation of the first reconnection ticket, the
ticket authority 1036 encrypts the authentication credentials supplied by theclient 108 using the first reconnection ticket so that an attacker who gains access to theintermediary node 1032 or theticket authority 1036 cannot access the authentication credentials without the first reconnection ticket. Theticket authority 1036 may also generate a SID to identify the communication session that is established between theclient 108 and theintermediary node 1032. Theticket authority 1036 then stores the encrypted authentication credentials with the SID in memory and transmits the SID and the first reconnection ticket to theclient 108 over thenetwork 104. Upon the client's receipt of the SID and the first reconnection ticket, theticket authority 1036 destroys (i.e., deletes) the ticket from its memory (not shown). - In another embodiment, the
ticket authority 1036 is configured to generate a handle. The handle can be, for example, a random number that is associated with (e.g., mapped to) the first reconnection ticket. In one embodiment, the handle is a smaller random number than the random number forming the first reconnection ticket. For example, the handle may be a 32-bit random number. Theticket authority 1036 transmits the first reconnection ticket and the handle to theintermediary node 1032, while keeping a copy of the first reconnection ticket and a copy of the handle. The copy of the first reconnection ticket can later be used by theticket authority 1036 to validate the first reconnection ticket originally transmitted to theclient 108 when it is later presented to theticket authority 1036 during the process of reconnecting theclient 108. In one embodiment, theticket authority 1036 also keeps an address for thefirst protocol service 112, which, as explained below, is associated with the first reconnection ticket and, upon validation of the first reconnection ticket, is transmitted to theintermediary node 1032. - In one embodiment, the
intermediary node 1032 is further configured to use the handle transmitted to it by theticket authority 1036 to delete the copy of the first reconnection ticket kept at theticket authority 1036. In another embodiment, as described below, theticket authority 1036 is further configured to delete, during the process of reconnecting theclient 108 to a host service 116, the first reconnection ticket and thereafter generate a replacement first reconnection ticket. Additionally, in another embodiment, the first reconnection ticket is configured for automatic deletion after a pre-determined period of time. - In another embodiment, the
first protocol service 112 is configured to generate a second reconnection ticket, which, as in the case of the first reconnection ticket, can include, for example, a large random number. Thefirst protocol service 112 can also be configured to transmit the second reconnection ticket to theclient 108, while keeping a copy of the second reconnection ticket and a session number. The copy of the second reconnection ticket can later be used by thefirst protocol service 112 to validate the second reconnection ticket originally transmitted to theclient 108 when it is later presented to thefirst protocol service 112 during the process of reconnecting theclient 108. In one embodiment, thefirst protocol service 112 transmits the second reconnection ticket to theclient 108 via theintermediary node 1032. In another embodiment, thefirst protocol service 112 transmits the second reconnection ticket to theclient 108 directly. Moreover, as described in greater detail below, thefirst protocol service 112 can be further configured to delete, during the process of reconnecting theclient 108 to a host service 116, the second reconnection ticket, and thereafter generate a replacement second reconnection ticket. Additionally, in another embodiment, the second reconnection ticket is configured for automatic deletion after a pre-determined period of time. - In one embodiment, the
intermediary node 1032 serves as an intermediary for the first and second reconnection tickets. Theintermediary node 1032 receives, for example, the first reconnection ticket generated by theticket authority 1036 and the second reconnection ticket generated by thefirst protocol service 112. Theintermediary node 1032 can then transmit the first reconnection ticket and the second reconnection ticket to theclient 108. Moreover, during the process of reconnecting theclient 108 to a host service 116, theintermediary node 1032 can accept the first reconnection ticket and the second reconnection ticket from theclient 108 and thereafter transmit the first reconnection ticket to theticket authority 1036 and, if appropriate, the second reconnection ticket to thefirst protocol service 112. - If the first communication session between the
client 108 and the host service 116 terminates, for example abnormally, the new session can be re-established without requiring the user to reenter his or her authentication credentials. When theclient 108 and the host service 116 re-establish a second communication session, theclient 108 retransmits the first and second reconnection tickets and the SID to theintermediary node 1032. Theintermediary node 1032 transmits the first and second reconnection tickets and the SID to theticket authority 1036, which uses the SID to locate and retrieve the encrypted authentication credentials for the first connection and uses the first reconnection ticket to decrypt the retrieved authentication credentials. Theticket authority 1036 then authenticates the client by validating the decrypted authentication credentials. After re-authentication, the second reconnection ticket is forwarded to thefirst protocol service 112 to re-establish the second connection 124 with the host service 116. - In another embodiment of a
network communications system 1000 as shown inFIG. 10B , anACR Service 405 can be used instead of theticket authority 1036 for reconnecting theclient 108 to any of the host services 116 a-116 n. In this embodiment, theACR Service 405 can provide similar services as described above with regards to theticket authority 1036. As previously described, theACR Service 405 generates, validates and manages a SID and a key for connecting and reconnecting a client communication session. A SID and a key can form a ticket as in the type of ticket generated, validated and managed by theticket authority 1036 as described above. As such, in another embodiment, a ticket may be used interchangeably for the combination of a session identifier and a key. - The
intermediary node 1032, as shown inFIG. 10B , is configured to communicate with theACR Service 405. In one embodiment, theACR Service 405 is configured to receive a request for a first SID and a first key from theintermediary node 1032 and to thereafter generate the first SID and first key. TheACR Service 405 uses the first SID to identify the communication session that is established between theclient 108 and a host service 116. The first SID and the first key allow theclient 108 to automatically reconnect with the host service 116 after an abnormal disruption of service without requiring theclient 108 to provide authentication credentials again. - After generation of the first SID and the first key, the
ACR Service 405 encrypts the authentication credentials supplied by theclient 108 using the first key so that an attacker who gains access to theintermediary node 1032 or theACR Service 405 cannot access the authentication credentials without the first key. TheACR Service 405 then stores the encrypted authentication credentials with the SID inmemory 430 and transmits the first SID and the first key to theclient 108 over thenetwork 104. Upon the client's receipt of the SID and the key, theACR Service 405 destroys (i.e., deletes) the key from itsmemory 430. - In another embodiment, the
first protocol service 112 is configured to generate a second SID and second key. Thefirst protocol service 112 can also be configured to transmit the second SID and second key to theclient 108, while keeping a copy of the second SID and second key. The copy of the second SID and second key can later be used by thefirst protocol service 112 to validate the second SID and second key originally transmitted to theclient 108 when it is later presented to thefirst protocol service 112 during the process of reconnecting theclient 108. In one embodiment, thefirst protocol service 112 transmits the second SID and second key to theclient 108 via theintermediary node 1032. In another embodiment, thefirst protocol service 112 transmits the second SID and second key to theclient 108 directly. Moreover, as described in greater detail below, thefirst protocol service 112 can be further configured to delete, during the process of reconnecting theclient 108 to a host service 116, the second SID and second key, and thereafter generate a replacement second SID and second key. Additionally, in another embodiment, the second SID and second key is configured for automatic deletion after a pre-determined period of time. - In one embodiment, the
intermediary node 1032 serves as an intermediary for the first and second SIDs and keys. Theintermediary node 1032 receives, for example, the first SID and first key generated by theACR Service 405 and the second SID and second key generated by thefirst protocol service 112. Theintermediary node 1032 can then transmit the first SID and first key and the SID and second key to theclient 108. Moreover, during the process of reconnecting theclient 108 to a host service 116, theintermediary node 1032 can accept the first SID and first key and the second SID and second key from theclient 108 and thereafter transmit the first SID and first key to theACR Service 405 and, if appropriate, the second SID and second key t to thefirst protocol service 112. - If the first communication session between the
client 108 and the host service 116 terminates, for example abnormally, the new session can be re-established without requiring the user to reenter his or her authentication credentials. When theclient 108 and the host service 116 re-establish a second communication session, theclient 108 transmits the first and second SIDs and keys to theintermediary node 1032. Theintermediary node 1032 transmits the first SID and first key to theACR Service 405, which uses the SID to locate and retrieve the encrypted authentication credentials for the first connection and uses the first key to decrypt the retrieved authentication credentials. TheACR Service 405 then authenticates the client by validating the decrypted authentication credentials. After re-authentication, the second SID and second key is forwarded to thefirst protocol service 112 to re-establish the second connection 124 with the host service 116. - Referring to
FIG. 11A , another embodiment of asystem 1100 for network communications includes thenetworks client 108, thefirst protocol service 112, the host services 116, theintermediary node 1032, and theticket authority 1036, as described above, and further depicts afirst computing node 1140 and a second computing node 144, both of which are used, in one embodiment, for initially connecting theclient 108 to a host service 116. Moreover, in the illustrative embodiment ofFIG. 11A , theclient 108 further includes aweb browser 148, such as, for example, the INTERNET EXPLORER program from Microsoft Corporation of Redmond, Wash., to connect to the World Wide Web. - In one embodiment (not shown), the
system 1100 includes two or moreintermediary nodes 1032 and/or two or more first protocol services 112. Theintermediary node 1032, through which messages between theclient 108 and thefirst protocol service 112 must pass, and/or thefirst protocol service 112 can, as explained below, each be chosen based on, for example, a load balancing equation. - Each of the
first computing node 1140 and thesecond computing node 1144 can be any computing device that is capable of communication and that has sufficient processor power and memory capacity to perform the operations described herein. For example, in one embodiment, thefirst computing node 1140 is a web server, providing one or more websites or web based applications. In another embodiment, thesecond computing node 1144 provides an XML service or web service. - In one embodiment, the
client 108 and thenetwork 104 form anexternal network 1152, separated from the rest of thesystem 1100 by afirst firewall 1156, depicted as a dashed line. Theintermediary node 1032 and thefirst computing node 1140 can be located in a “demilitarized zone” 1160 (i.e., a network region placed between a company's private network and the public network), separated from the rest of thesystem 1100 by thefirst firewall 1156 and a second firewall 1164, also depicted by a dashed line. Then, as shown, thenetwork 104′, thefirst protocol service 112, the host services 116 a-116 n, theticket authority 1036, and thesecond computing node 1144, form aninternal network 1168, separated from the rest of thesystem 1100 by the second firewall 1164. - Alternatively, in another embodiment not shown in
FIG. 11A , thesystem 1100 further includes a third computing node 1146 positioned, in the demilitarizedzone 1160, between thenetwork 104 and theintermediary node 1032. The third computing node 1146 can be any computing device that is capable of networked communication and that has sufficient processor power and memory capacity to perform the operations described herein. As described below, the third computing node 1146 is used, in some embodiments, during the process of initially connecting theclient 108 to a host service 116 and/or during the process of reconnecting theclient 108 to a host service 116. More specifically, as described below, where thesystem 1100 includes two or moreintermediary nodes 1032, the third computing node 1146 can, based on a load balancing equation for example, choose theintermediary node 1032 through with communications between theclient agent 128 of theclient 108 and thefirst protocol service 112 must pass. - Moreover, referring to
FIG. 11A , theintermediary node 1032, in an alternative embodiment, can be replaced by two or more levels “a”-“n” ofintermediary nodes 1032. As illustrated, each level “a”-“n” can include two or moreintermediary nodes 1032 a-1032 n. As described below, theclient agent 128 of theclient 108 can be routed through any combination of theintermediary nodes 1032 based on, for example, load balancing equations. For example, as illustrated, theclient agent 128 can be routed through theintermediary nodes 1032 viaconnection 120. Other configurations of thesystem 1100, as would be readily apparent to one skilled in the art, are also possible. - Referring again to
FIG. 11A , in one embodiment, the web browser 1148 communicates over thenetwork 104 with thefirst computing node 1140, which itself interfaces with thesecond computing node 1144 and theticket authority 1036. More specifically, thefirst computing node 1140 is configured with the address of thesecond computing node 1144 and theticket authority 1036. In one embodiment, as explained further below, thefirst computing node 1140 is configured to relay information between, and thereby prevent direct communication between, the web browser 1148 of theclient 108, thesecond computing node 1144, and theticket authority 1036. By preventing such direct communication, thefirst computing node 1140 adds an additional level of security to thesystem 1100. Thefirst computing node 1140 can also be configured with the address of theintermediary node 1032, or, alternatively, with the address of two or moreintermediary nodes 1032. - For its part, the
second computing node 1144 is configured to determine which of the application programs running on the host services 116 are available to a user of theclient 108. In other words, thesecond computing node 1144 is configured to determine which of the application programs the user is authorized to access. In one embodiment, after the user selects his desired application program, as described further below, thesecond computing node 1144 is further configured to determine which of the host services 116 will be used to run the users desired application for purposes of load balancing. Thesecond computing node 1144 returns the address of that host service 116 to thefirst computing node 1140. Thesecond computing node 1144 also returns the address of thefirst protocol service 112, which can also be selected from amongst a plurality offirst protocol services 112 through the use of a load balancing equation, to thefirst computing node 1140. In turn, thefirst computing node 1140 transmits the address of the chosenfirst protocol service 112 and the chosen host service 116 to theticket authority 1036. - For its part, the
ticket authority 1036 generates connection tickets. In one embodiment, theticket authority 1036 transmits an initial connection ticket to thefirst computing node 1140 for transmission to theclient 108. In another embodiment, the ticket authority transmits a first reconnection ticket to theintermediary node 1032. - In another embodiment of a
network communication system 1100 as shown inFIG. 11B , theACR Service 405 can be used instead of theticket authority 1036 to reconnect aclient 108 to a host service 116. Instead of using tickets as with theticket authority 1036, theACR Service 405 generates, validates and manages SIDs and keys for connecting and reconnecting client communication sessions. TheACR Service 405 authenticates and re-authenticates the client to a host service 116 orserver 415 using a SID and key, or a ticket, associated with theclient 108. As previously mentioned, a ticket can be used to refer to the combination of a SID and key or a ticket can comprise a SID and a key. - The
system 1100 ofFIG. 11B includes thenetworks client 108, thefirst protocol service 112, the host services 116, theintermediary node 1032, and theACR Service 405, as described above, and further depicts afirst computing node 1140 and a second computing node 144, both of which are used, in one embodiment, for initially connecting theclient 108 to a host service 116. Moreover, theclient 108 further includes aweb browser 148 to connect to the World Wide Web. - In one embodiment (not shown), the
system 1100 includes two or moreintermediary nodes 1032 and/or two or morefirst protocol services 112 or two ormore ACR Services 405. Theintermediary node 1032, through which messages between theclient 108 and thefirst protocol service 112 must pass, and/or thefirst protocol service 112 can and/or theACR Service 405, as explained below, each be chosen based on, for example, a load balancing equation. - In another embodiment, the
system 1100 ofFIG. 11B can include anexternal network 1152, separated from a “demilitarized zone” 160 by afirst firewall 1156 which in turn is separated from aninternal network 1168 by a second firewall 1164. Although the invention is discussed above in terms of various network topologies inFIGS. 11A and 11B , any other network topologies can be used, such as for example, a topology including combinations of internal networks, external networks, sub-networks, intranets, firewalls, security zones, single servers, a server network or server farms. - Alternatively, in another embodiment not shown in
FIG. 11B , thesystem 1100 further includes a third computing node 1146 positioned, in the demilitarizedzone 1160, between thenetwork 104 and theintermediary node 1032. The third computing node 1146 is used, in some embodiments, during the process of initially connecting theclient 108 to a host service 116 and/or during the process of reconnecting theclient 108 to a host service 116. - In another embodiment of the
system 1100 inFIG. 11B , theintermediary node 1032, can be replaced by two or more levels “a”-“n” ofintermediary nodes 1032 a-1032 n. Theclient agent 128 of theclient 108 can be routed through any combination of theintermediary nodes 1032 based on, for example, load balancing equations. - In one embodiment, the web browser 1148 communicates over the
network 104 with thefirst computing node 1140, which itself interfaces with thesecond computing node 1144 and theACR Service 405. Thefirst computing node 1140 is configured with the address of thesecond computing node 1144 and theACR Service 405. In another embodiment to provide an additional level of security in thesystem 1100, thefirst computing node 1140 is configured to relay information between, and thereby prevent direct communication between, the web browser 1148 of theclient 108, thesecond computing node 1144, and theACR Service 405. Thefirst computing node 1140 can also be configured with the address of any of theintermediary nodes 1032 a-1032 n. - For its part, the
second computing node 1144 is configured to determine which of the application programs running on the host services 116 are available to a user of theclient 108 and to provide the address of the host service 116 selected by the user to thefirst computing node 1140. Thesecond computing node 1144 also provides the address of one of the multiplefirst protocol service 112, through the use of a load balancing equation, to thefirst computing node 1140. In turn, thefirst computing node 1140 transmits the address of the chosenfirst protocol service 112 and the chosen host service 116 to theACR Service 405. - For its part, the
ACR Service 405 generates, validates and manages connection SIDs and key to provide authentication and re-authentications services to re-establish a clients communication session with a host service 116 orserver 415, as described herein. In one embodiment, theACR Service 405 transmits a first SID and first key to thefirst computing node 1140 for transmission to theclient 108. In another embodiment, theACR Service 405 transmits a first SID and first key to one of theintermediary nodes 1032. - In another aspect, this invention relates to methods for network communications and reconnecting a
client 108 to a host service 116 using a plurality of secondary protocols encapsulated within a first protocol. The method includes establishing a first connection between aclient 108 and afirst protocol service 112 using a first protocol and communicating between theclient 108 and thefirst protocol service 112 via a plurality of second protocols encapsulated within the first protocol. Moreover, at least one of the second protocols includes a plurality of virtual channels. - In one embodiment of this aspect of the invention, a second connection is established between the
first protocol service 112 and a host service 116 using one of the secondary protocols. Communication between thefirst protocol service 112 and the host service 116 occurs via one of the secondary protocols. Specifically, each of the plurality of second connections is established between thefirst protocol service 112 and a different host service 116 and each of the plurality of second connections is established using one of the plurality of secondary protocols. In yet another embodiment, the first connection between theclient 108 and the first protocol service 116 is established through one or moreintermediary nodes 1032. - Referring now to
FIG. 12A , one embodiment of amethod 1200 for reconnecting a client to a host service after a network failure is illustrated. Atstep 1204, theclient 108 initially connects to one of a plurality of host services 116 by employing, for example. Generally, theclient 108 is required to transmit authentication credentials to the host service 116 to initiate the communication session. After theclient 108 is connected to the host service 116, theclient 108 and the host service 116 communicate, through thefirst protocol service 112, and atstep 1208, via a plurality of secondary protocols encapsulated within the first protocol as discussed above in reference toFIGS. 2A-2B andFIG. 3 . In one embodiment, thefirst protocol service 112 encrypts, prior to the transmission of any first protocol packets, communications at the level of thefirst protocol 204, thereby securing the communications. In another embodiment, thefirst protocol service 112 compresses, prior to the transmission of any first protocol packets, the communications at the level of the first protocol, thereby improving communication efficiency. - At
step 1212, theclient agent 128 determines whether theconnection 120 between theclient agent 128 and thefirst protocol service 112 has failed. For example, theconnection 120 a between theclient agent 128 and theintermediary node 1032 may have failed, theconnection 120 b between theintermediary node 1032 and thefirst protocol service 112 may have failed, or both theconnection 120 a and theconnection 120 b may have failed. If theclient agent 128 determines that theconnection 120 has not failed, themethod 1200 proceeds to step 1220. If, on the other hand, theclient agent 128 determines that theconnection 120 has failed, theclient 108 is, atstep 1216, reconnected to the host service 116. - The step of reconnecting in
step 1216 after a first communication session ends abnormally, can comprise in asystem 1100 deploying aticket authority 1036 and theclient 108 transmitting the SID and the first and second reconnection tickets to theintermediary node 1032. Theintermediary node 1032 uses the first reconnection ticket to authenticate theclient 108 and re-establish theconnection 120 between theclient 108 and theintermediate node 1032. Theintermediary node 1032 then transmits the second reconnection ticket to thefirst protocol service 112, which uses the second reconnection ticket to authenticate re-establish the connection 124 to the host service 116. The reconnection tickets thus allow theclient 108 to automatically establish a second communication session to the host service 116 without retransmitting the authentication credentials a second time. - In another embodiment, the step of reconnecting, in
step 1216, can also comprise asystem 1100 deploying anACR Service 405. In such an embodiment, theclient 108 transmits a first SID and first key to theintermediary node 1032 to authenticate theclient 108 and reestablish the connection of theclient 108 to the host service 116. - It is determined, at
step 1220, whether theclient 108 wishes to cleanly terminate itsconnection 120 with thefirst protocol service 112 and, consequently, its connections 124 a-124 n with the host services 116 a-116 n. If not, communication between theclient 108 and thefirst protocol service 112, via the plurality of secondary protocols encapsulated within the first protocol, continues atstep 1208. If so, then, atstep 1224, allconnections ACR Service 405, atstep 1224, allconnections intermediary node 1032 uses a handle it receives from theticket authority 1036 to delete a copy of a first reconnection ticket kept at the ticket authority 136. In another embodiment deploying aticket authority 1036, thefirst protocol service 112 deletes a copy of a second reconnection ticket kept at thefirst protocol service 112. In yet another embodiment deploying theACR Service 405, thefirst protocol service 112 deletes a copy of a second SID and second key kept at thefirst protocol service 112. - In a further embodiment using a
ticket authority 1036, if for some reason a secondary protocol connection 124 fails, a copy of the second reconnection ticket associated therewith and kept at thefirst protocol service 112 is deleted by thefirst protocol service 112. In yet another embodiment, a first reconnection ticket and/or a second reconnection ticket is automatically deleted after a pre-determined period of time following a failure in theconnection 120, as atstep 1212, and/or following a clean termination of theconnection 120, as atstep 1220. - In another aspect, this invention relates to methods for reconnecting the
client 108 to the host service 116 using theACR Service 405. Referring now toFIG. 12B , one embodiment of themethod 1216 to reconnect aclient 108 to a host service 116 is illustrated. Theclient 108 transmits the first SID and the first key to theACR Service 405 to reconnect to the host service (step 1255). TheACR Service 405 uses the SID (step 1258) to locate and retrieve the encrypted authentication credentials and uses the key (step 1260) to decrypt the retrieved authentication credentials. In one embodiment (not shown), theACR Service 405 uses the decrypted authentication credentials to re-authenticate theclient 108 to the maintained session between the first protocol service 113 and the host service 116. After re-authenticating, the reestablished connection of theclient 108 to the first protocol service 116 is re-linked to the maintained session between thefirst protocol service 112 and the host service 116. - In another embodiment, during the second communication session, the
ACR Service 405 generates (step 1270) a second key for the authentication credentials and then encrypts (step 1275) the authentication credentials using the second key. TheACR Service 405 creates a second SID (step 1280). Then the decrypted authentication credentials are re-authenticated with the host service 116 and the second SID is associated with the maintained communication session with the host service 116 (step 1280 a). TheACR Service 405 then transmits the second SID and second key to the client 108 (step 1285). In one embodiment, theACR Service 405 may transmit the second SID and second key through anintermediary node 1032. Theclient 108 stores the second SID and second key (step 1290). TheACR Service 405 then deletes the second key (step 1295). - Referring to
FIGS. 13A-13B , one embodiment of amethod 1300 for initially connecting theclient 108 to the host service 116 using anACR Service 405 is illustrated. Atstep 1304, theclient 108, using thebrowser 148, sends a request, such as, for example, an HTTP request, to thefirst computing node 1140. Thefirst computing node 1140 returns a web page, such as, for example, an HTML form requesting authentication information (e.g., a username and a password). A user of theclient 108 enters his authentication credentials and transmits the completed form to thefirst computing node 1140. - The
first computing node 1140, atstep 1308, then informs the user of theclient 108 of applications available for execution. In one embodiment, thefirst computing node 1140 extracts the user's credentials from the login page and transmits them to thesecond computing node 1144, together with a request for thesecond computing node 1144 to enumerate the applications available to the user. Based on the user's credentials, thesecond computing node 1144 returns a list of specific applications available to thefirst computing node 1140, which then forwards the list, in the form of a web page for example, to the user of theclient 108. - At
step 1312, the user selects the desired application and a request for that application is sent to thefirst computing node 1140. For example, in one embodiment, the user clicks on a desired application listed in the web page presented to him by thefirst computing node 1140 and an HTTP request for that application is forwarded to thefirst computing node 1140. The request is processed by the first computing node 140 and forwarded to thesecond computing node 1144. - At
step 1316, the second computing node 144 determines the host service 116 on which the desired application will be executed. Thesecond computing node 1144 can make that determination based, for example, on a load balancing equation. In one embodiment, thesecond computing node 1144 also determines afirst protocol service 112 from amongst a plurality offirst protocol services 112 that will be used to communicate with the host service 116 via a connection 124. Again, thesecond computing node 1144 can make that determination based, for example, on a load balancing equation. Thesecond computing node 1144 returns the address of the chosen host service 116 and the chosenfirst protocol service 112 to thefirst computing node 1140. - The
client 108, atstep 1320, is then provided with an initial connection session id and key, a first SID and first key, and an address for the intermediary node 1032 (which is either its actual address or its virtual address, as described below). In one embodiment, thefirst computing node 1140 provides the address for the chosen host service 116 and the chosenfirst protocol service 112 to theACR Service 405, together with a request for the initial connection session id and key. TheACR Service 405 generates the initial session id and key, and transmits the session id and key to thefirst computing node 1140, while keeping a copy for itself. - The
first computing node 1140, configured, in one embodiment, with the actual address of theintermediary node 1032, then transmits the actual address of theintermediary node 1032 and the initial connection session id and key to the browser 1148 of theclient 108. Thefirst computing node 1140 can, for example, first create a file containing both the actual address of theintermediary node 1032 and the initial connection ticket and then transmitting the file to the browser 1148 of theclient 108. Optionally, in another embodiment, thefirst computing node 1140 is configured with the actual address of two or moreintermediary nodes 1032. In such an embodiment, thefirst computing node 1140 first determines theintermediary node 1032 through which messages between theclient 108 and thefirst protocol service 112 will have to pass. Thefirst computing node 1140 then transmits the actual address of that chosenintermediary node 1032 and the initial connection ticket to the browser 1148 of theclient 108 using, for example, the file described above. In one embodiment, thefirst computing node 1140 chooses theintermediary node 1032 using a load balancing equation. Theclient agent 128 of theclient 108 is then launched and uses the address of theintermediary node 1032, to establish, atstep 1324, afirst protocol connection 120 a between theclient agent 128 of theclient 108 and theintermediary node 1032. - Alternatively, in another embodiment, the
first computing node 1140 is configured with an actual address of the third computing node 1146, which serves as a virtual address of anintermediary node 1032. In such an embodiment, thefirst computing node 1140 transmits, atstep 1320, the actual address of the third computing node 1146 and the initial connection session id and key to the browser 1148 of theclient 108 using, for example, the file described above. Theclient agent 128 of theclient 108 is then launched and uses the actual address of the third computing node 1146 to establish, atstep 1324, a first protocol connection between theclient agent 128 of theclient 108 and the third computing node 1146. The third computing node 1146 then determines theintermediary node 1032 through which messages between theclient 108 and thefirst protocol service 112 will have to pass. In one embodiment, the third computing node 1146 chooses theintermediary node 1032 using a load balancing equation. Having chosen theintermediary node 1032, the third computing node 1146 establishes a first protocol connection to theintermediary node 1032. Afirst protocol connection 120 a therefore exists, through the third computing node 1146, between theclient agent 128 of theclient 108 and theintermediary node 1032. The actual address of the third computing node 1146 is therefore mapped to the actual address of theintermediary node 1032. To theclient agent 128 of theclient 108, the actual address of the third computing node 146 therefore serves as a virtual address of theintermediary node 1032. - In one embodiment, where more than one level of
intermediary nodes 1032 a-1032 n exist, as described above, thefirst computing node 1140 or the third computing node 1146, respectively, only choose theintermediary node 1032 to which theclient agent 128 will connect at level “a.” In such an embodiment, at each of the levels “a”-“n−1”, theintermediary node 1032 through which theclient agent 128 is routed at that level thereafter determines, based on a load balancing equation for example, theintermediary node 1032 to which it will connect at the next level. Alternatively, in other embodiments, thefirst computing node 1140 or the third computing node 1146, respectively, determine, for more than one or all of the levels “a”-“n” theintermediary nodes 1032 through which theclient agent 128 will be routed. - Having established the
first protocol connection 120 a between theclient agent 128 of theclient 108 and theintermediary node 1032, for example theintermediate node 1032 at level “n” (hereinafter referred to inmethod 1300 as the intermediary node 1032), theclient agent 128 then transmits the initial connection ticket to theintermediary node 1032. - It is then determined, at
step 1328, whether the initial connection SID and key is valid. In one embodiment, theintermediary node 1032 transmits the initial connection SID and key to theACR Service 405 for validation. In one embodiment, theACR Service 405 validates the SID and key by comparing it to the copy of the SID and encrypted authentication credentials it kept atstep 1320. If theACR Service 405 determines the SID and key to be valid, theACR Service 405 transmits, atstep 1332, the address of thefirst protocol service 112 and the address of the chosen host service 116 to theintermediary node 1032. Thefirst protocol service 112 can also delete the SID and key and any copy thereof. If, on the other hand, theACR Service 405 determines the SID and key to be invalid, theclient 108 is, atstep 1330, refused connection to thefirst protocol service 112 and, consequently, connection to the host service 116. - Following
step 1332, theintermediary node 1032 uses the address of the chosenfirst protocol service 112 to establish, atstep 1336, afirst protocol connection 120 b between theintermediary node 1032 and thefirst protocol service 112. Afirst protocol connection 120 therefore now exists, through theintermediary node 1032, between theclient agent 128 of theclient 108 and thefirst protocol service 112. Theintermediary node 1032 can also pass the address of the chosen host service 116 to thefirst protocol service 112. - In one embodiment, at
step 1340, thefirst protocol service 112 uses the address of the chosen host service 116 to establish a secondary protocol connection 124 between thefirst protocol service 112 and the chosen host service 116. For example, the chosen host service 116 is in fact thehost service 116 a and asecondary protocol connection 124 a is established between thefirst protocol service 112 and thehost service 116 a. - In one embodiment, following
step 1340, the user chooses, atstep 1344, a second application to be executed and thesecond computing node 1144 determines, atstep 1348, the host service 116 on which the second application is to be executed. For example, by calculating a load balancing equation, thesecond computing node 1144 may choose thehost service 116 b to execute the second application program. Thesecond computing node 1144 then transmits the address of the chosenhost service 116 b to thefirst protocol service 112. In one embodiment, thesecond computing node 1144 is in direct communication with thefirst protocol service 112 and directly transmits the address thereto. In another embodiment, the address of the chosenhost service 116 b is indirectly transmitted to thefirst protocol service 112. For example, the address can be transmitted to thefirst protocol service 112 through any combination of thefirst computing node 1140, theACR Service 405, theintermediary node 1032, and thefirst protocol service 112. Having received the address of the chosenhost service 116 b, thefirst protocol service 112 establishes, atstep 1352, asecondary protocol connection 124 b between thefirst protocol service 112 and the chosenhost service 116 b. -
Steps first protocol service 112 over the connections 124 a-124 n using any number of secondary protocols. - Turning now to step 1356, the
first protocol service 112 can, as described above, encapsulate the plurality of secondary protocols within the first protocol. As such, theclient 108 is connected to, and simultaneously communicates with, a plurality of host services 116. - In another embodiment, prior to performing
steps host service 116 b, a user of theclient 108 ends execution of another application program, such as, for example, an application program executing onhost service 116 a. In such a case, thefirst protocol service 112 disrupts theconnection 124 a between thefirst protocol service 112 and thehost service 116 a. Thefirst protocol service 112 then establishes, by implementingsteps connection 124 b between thefirst protocol service 112 and thehost service 116 b, without interrupting theconnection 120 between theclient 108 and thefirst protocol service 112. - In one embodiment, a first SID and key is generated at
step 1360. For example, theintermediary node 1032 requests a first SID and key from theACR Service 405. Upon receiving the request, theACR Service 405 generates the first SID and key, and can also generate a handle, which is, for example, a random number. TheACR Service 405 can then transmit, at step 1364, the first SID and key and the handle to theintermediary node 1032, while keeping a copy of the first SID and key and a copy of the handle. TheACR Service 405 continues to maintain the address of thefirst protocol service 112 that was transmitted to it by thefirst computing node 1140 atstep 1320. Theintermediary node 1032 then transmits, at step 1368, the first reconnection ticket to theclient 108. - At step 1372, a second SID and key is then generated. In one embodiment, the
first protocol service 112 generates the second SID and key. Thefirst protocol service 112, at step 1376, then transmits the second SID and key, through theintermediary node 1032, to theclient 108. In doing so, thefirst protocol service 112 keeps a copy of the key and a session number associated therewith for identifying the session to be reconnected following a disruption of theconnection 120. In one embodiment, for example, thefirst protocol service 112 maintains, for a particular session number, a table listing the secondary protocol connections 124 a-124 n associated with that session number. Accordingly, following re-establishment of thefirst protocol connection 120 and validation of the second SID and key at thefirst protocol service 112, as described below, thefirst protocol service 112 can identify the secondary protocol connections 124 to be encapsulated within the re-establishedfirst protocol connection 120 for communication to theclient 108. - In an embodiment not shown in
FIGS. 13A-13C , a ticket authority 1136 can be used instead of theACR Service 405 to provide for reconnecting aclient 108 to a host service 116. In themethod 1300, the ticket authority 1326 would generate and transmit reconnection tickets instead of SIDs and keys as with theACR Service 405. For example, atsteps 1320, aticket authority 1036 would provide theclient 108 with an initial connection ticket and an address for theintermediary node 1032. Also, instep 1328, theticket authority 1036 would determine if the initial connection ticket is valid and atstep 1360, would generate a first reconnection ticket. Additionally, at steps 1364, 1368, 1372 and 1378 the ticket authority would generate and transmit the first and second reconnection tickets in accordance withmethod 1300. As such, theticket authority 1036 facilitated the reconnecting of theclient 108 to the host service 116. - Referring now to
FIG. 14 , one embodiment of amethod 1400 for providing aclient 108 with a persistent and reliable connection to one or more host services 116 and for reconnecting theclient 108 to the host services 116 (for example atstep 1216 ofFIG. 12A ) is illustrated. In particular, atstep 1404, the secondary protocol connection 124 between thefirst protocol service 112 and each of the one or more host services 116 is maintained. Moreover, atstep 1408, a queue of data packets most recently transmitted between theclient agent 128 of theclient 108 and thefirst protocol service 112, via theconnection 120 that was determined to have broken, for example, atstep 1216 ofFIG. 12 , is maintained. In one embodiment, the data packets are queued and maintained both before and upon failure of theconnection 120. The queued data packets can be maintained, for example, in a buffer by theclient agent 128. Alternatively, thefirst protocol service 112 can maintain in a buffer the queued data packets. In yet another embodiment, both theclient agent 128 and thefirst protocol service 112 maintain the queued data packets in a buffer. - At
step 1412, a newfirst protocol connection 120 is established between theclient agent 128 of theclient 108 and thefirst protocol service 112 and linked to the maintained secondary protocol connection 124 between thefirst protocol service 112 and each of the one or more host services 116, thereby reconnecting theclient 108 to the host services 116. After theclient 108 is reconnected, the queued data packets maintained atstep 1408 can be transmitted, atstep 1416, via the newly establishedfirst protocol connection 120. As such, the communication session between the host services 116 and theclient 108, through thefirst protocol service 112, is persistent and proceeds without any loss of data. In one embodiment, theACR Service 405 authenticates theclient 108 to the host service 116 before reconnecting theclient 108 to a host service 116. In another embodiment, thefirst protocol service 112 validates a reconnection ticket with theticket authority 1036 before reconnecting theclient 108 to a host service 116. -
FIGS. 15A-15B , illustrate one embodiment of amethod 1500 for reconnecting theclient 108 to the one or more host services 116 using anACR Service 405 as in the embodiment of thesystem 1100 depicted inFIG. 11B . - At
step 1504, any remaining connections between theclient 108 and thefirst protocol service 112 are broken. For example, where theconnection 120 a has failed, but theconnection 120 b has not, theconnection 120 b is broken. Alternatively, where theconnection 120 b has failed, but theconnection 120 a has not, theconnection 120 a is broken. - In one embodiment, using the actual address of the
intermediary node 1032 provided to theclient 108, theclient agent 128 of theclient 108 then re-establishes, atstep 1508, thefirst protocol connection 120 a between theclient agent 128 and theintermediary node 1032. Alternatively, in another embodiment, using the actual address of the third computing node 1146 provided to theclient 108, theclient agent 128 of theclient 108 then re-establishes, atstep 1508, a first protocol connection between theclient agent 128 and the third computing node 1146. The third computing node 1146 then determines theintermediary node 1032 through which messages between theclient 108 and thefirst protocol service 112 will have to pass. In one embodiment, the third computing node 1146 chooses theintermediary node 1032 using a load balancing equation. Theintermediary node 1032 chosen by the third computing node 1146 in reconnecting theclient 108 to the one or more host services 116 can be different from that chosen to initially connect theclient 108 to the one or more host services 116. Having chosen theintermediary node 1032, the third computing node 1146 re-establishes a first protocol connection to theintermediary node 1032. Afirst protocol connection 120 a is therefore re-established, through the third computing node 1146, between theclient agent 128 of theclient 108 and theintermediary node 1032. - In one embodiment, where more than one level of
intermediary nodes 1032 exist, theintermediary node 1032 through which theclient agent 128 is routed at each of the levels. - “a”-“n−1” thereafter determines, based on a load balancing equation for example, the
intermediary node 1032 to which it will connect at the next level. Alternatively, in another embodiment, the third computing node 1146 determines, for more than one or all of the levels “a”-“n”, theintermediary nodes 1032 through which theclient agent 128 will be routed. - Having re-established the
first protocol connection 120 a between theclient agent 128 of theclient 108 and theintermediary node 1032, for example theintermediate node 1032 at level “n” (hereinafter referred to inmethod 1500 as the intermediary node 1032), theclient agent 128 then transmits, atstep 1512, the first SID and key and the second SID and key to theintermediary node 1032. - It is then determined, at
step 1516, whether the first SID and key is valid. In one embodiment, the validity of the first SID and key is determined by using theACR Service 405. For example, theintermediary node 1032 transmits the first SID and key to theACR Service 405. In one embodiment, theACR Service 405 determines the validity of the first SID and key by comparing it to a copy of the first SID stored inmemory 430. If theACR Service 405 determines the first SID and key to be valid, theACR Service 405 re-authenticates theclient 108 to the host service 116 and transmits, atstep 1520, the address of thefirst protocol service 112 to theintermediary node 1032. Otherwise, if theACR Service 405 determines the first SID and key to be invalid, theclient 108 is, atstep 1524, refused reconnection to thefirst protocol service 112 and, consequently, reconnection to the host services 116. - At
step 1528, the first SID and key is deleted by, for example, theACR Service 405 and a replacement second SID and key is generated by theACR Service 405. In some such embodiments, theACR Service 405 transmits the second SID and key to theintermediary node 1032. In some embodiments, theACR Service 405 waits for theclient 108 to acknowledge that it has received the second SID and key before it proceeds to delete the first SID and key. - After the first SID and key is validated, the
intermediary node 1032, using the address of thefirst protocol service 112, re-establishes, atstep 1532, thefirst protocol connection 120 b between theintermediary node 1032 and thefirst protocol service 112. Having re-established thefirst protocol connection 120 b between theintermediary node 1032 and thefirst protocol service 112, it is then determined, at step 1536, whether the second SID and key is valid. In one embodiment, the validity of the second SID and key is determined by using thefirst protocol service 112. For example, theintermediary node 1032 transmits the second SID and key to thefirst protocol service 112. In one embodiment, thefirst protocol service 112 determines the validity of the second SID and key by comparing it to a previously kept copy of the second SID and encrypted authentication credentials. If thefirst protocol service 112 determines the second SID and key to be valid, the re-establishedfirst protocol connection 120 b between the firstintermediary node 1032 and thefirst protocol service 112 is linked, atstep 1540, to the maintained secondary protocol connection 124 between thefirst protocol service 112 and each of the one or more host services 116. Otherwise, if thefirst protocol service 112 determines the second SID and key to be invalid, the re-establishedfirst protocol connection 120 b is not linked to the one or more maintained secondary protocol connections 124 and theclient 108 is, at step 1544, refused reconnection to the one or more host services 116. - At
step 1548, the second SID and key is deleted by, for example, thefirst protocol service 112 and a replacement second SID and key is generated by, for example, thefirst protocol service 112 for transmission to theclient 108. In such an embodiment, thefirst protocol service 112 keeps a copy of the replacement second SID and key. In some embodiments, thefirst protocol service 112 waits for theclient 108 to acknowledge that it has received the replacement second SID and key before it proceeds to delete the second session id and key. - At
step 1552, the replacement second SID and key are transmitted to the client. For example, theACR Service 405 can transmit, through theintermediary node 1032, the replacement second SID and key to theclient 108. Moreover, in one embodiment, thefirst protocol service 112 transmits, through theintermediary node 1032, the replacement second SID and key to theclient 108. - In an embodiment not shown in
FIGS. 15A-15C , aticket authority 1036 could also be used instead of theACR Service 405 for reconnecting aclient 108 to a host service 116. In themethod 1500, theticket authority 1036 would generate and transmit reconnection tickets instead of SIDs and keys as with theACR Service 405. For example, atsteps 1512, aticket authority 1036 would determine instep 1516 if a first reconnect ticket received from theintermediary node 1032 instep 1512 is valid. Atstep 1528 theticket authority 1036 would delete the first reconnection ticket and generates a second reconnection ticket with a handle. As such, theticket authority 1036 facilitates re-establishing and re-authenticating the communication session of theclient 108 to the host service 116. - Many alterations and modifications may be made by those having ordinary skill in the art without departing from the spirit and scope of the invention. Therefore, it must be expressly understood that the illustrated embodiments have been shown only for the purposes of example and should not be taken as limiting the invention, which is defined by the following claims. These claims are to be read as including what they set forth literally and also those equivalent elements which are insubstantially different, even though not identical in other respects to what is shown and described in the above illustrations.
Claims (24)
1. A method for reconnecting a client to a host service, the method comprising the steps of:
(a) providing a first connection between a client and a first protocol service, and a second connection between the first protocol service and a host service;
(b) detecting a disruption in the first connection;
(c) re-establishing the first connection between the client and the first protocol service while maintaining the second connection between the first protocol service and the host service;
(d) receiving at the first protocol service a ticket associated with the client;
(e) validating the ticket; and
(f) linking, after the ticket is validated, the re-established first connection to the maintained second connection.
2. The method of claim 1 wherein step (a) further comprises authenticating the client with the host service during a first communication session between the client and the host service.
3. The method of claim 1 wherein step (e) further comprises obtaining, from the ticket, a key and session id.
4. The method of claim 3 wherein step (e) further comprises using the session id from the ticket to retrieve encrypted authentication credentials.
5. The method of claim 4 wherein step (e) further comprises using the key from the ticket to decrypt the retrieved authentication credentials.
6. The method of claim 5 wherein step (e) further comprises re-authenticating the client with the host service using the decrypted authentication credentials.
7. The method of claim 1 wherein step (f) further comprises deleting, after the ticket is validated, the ticket.
8. The method of claim 2 wherein step (f) further comprises generating, after the ticket is deleted, a replacement ticket.
9. The method of claim 1 wherein step (a) further comprises generating a ticket at the first protocol service.
10. The method of claim 9 wherein step (a) further comprises saving, at the first protocol service, a copy of the ticket.
11. The method of claim 4 wherein step (a) further comprises transmitting the ticket from the first protocol service to the client.
12. The method of claim 1 wherein step (a) further comprises deleting the ticket automatically after a pre-determined period of time.
13. A system for reconnecting a client to a host service, the system comprising:
a client configured to maintain a first connection with a first protocol service; and
the first protocol service configured to maintain the first connection with the client and a second connection with the host service, wherein:
a disruption is detected in the first connection;
the first connection is re-established between the client and the first protocol service while the second connection between the first protocol service and the host service is maintained;
a ticket associated with the client is transmitted from the client to the first protocol service;
the ticket is validated; and
after the ticket is validated, the re-established first connection is linked to the maintained second connection.
14. The system of claim 13 wherein the client is authenticated with the host service during a first communication session between the client and the host service.
15. The system of claim 13 wherein the ticket comprises a key and session id.
16. The system of claim 15 wherein the ticket is validated by the first protocol service using the session id to retrieve encrypted authentication credentials.
17. The system of claim 16 wherein the ticket is further validated by decrypting the retrieved authentication credentials with the key from the ticket.
18. The system of claim 17 wherein the client is re-authenticated with the host service using the decrypted authentication credentials.
19. The system of claim 13 wherein the first protocol service is further configured to delete, after the ticket is validated, the ticket.
20. The system of claim 19 wherein the first protocol service is further configured to generate, after the ticket is deleted, a replacement ticket.
21. The system of claim 13 wherein the first protocol service is further configured to generate the ticket.
22. The system of claim 12 wherein the first protocol service is further configured to save a copy of the ticket.
23. The system of claim 13 wherein the first protocol service is further configured to transmit the ticket to the client.
24. The system of claim 13 wherein the first protocol service is further configured to automatically delete the ticket after a pre-determined period of time.
Priority Applications (15)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/711,646 US20050198379A1 (en) | 2001-06-13 | 2004-09-29 | Automatically reconnecting a client across reliable and persistent communication sessions |
AT04794632T ATE406751T1 (en) | 2003-10-10 | 2004-10-08 | AUTOMATICALLY RECONNECT A CLIENT THROUGH RELIABLE AND PERSISTENT COMMUNICATION SESSIONS |
AU2004306771A AU2004306771A1 (en) | 2003-10-10 | 2004-10-08 | Automatically reconnecting a client across reliable and persistent communication sessions |
DE602004016200T DE602004016200D1 (en) | 2003-10-10 | 2004-10-08 | AUTOMATIC RECONNECTION OF A CLIENT THROUGH RELIABLE AND PERSISTENT COMMUNICATIONS SESSIONS |
PCT/US2004/033333 WO2005036857A1 (en) | 2003-10-10 | 2004-10-08 | Automatically reconnecting a client across reliable and persistent communication sessions |
JP2006534409A JP2007514337A (en) | 2003-10-10 | 2004-10-08 | Automatic client reconnection through a reliable and persistent communication session |
KR1020067006932A KR20060120035A (en) | 2003-10-10 | 2004-10-08 | Automatically reconnecting a client across reliable and persistent communication sessions |
EP04794632A EP1678917B1 (en) | 2003-10-10 | 2004-10-08 | Automatically reconnecting a client across reliable and persistent communication sessions |
CA2542139A CA2542139C (en) | 2003-10-10 | 2004-10-08 | Automatically reconnecting a client across reliable and persistent communication sessions |
US11/157,289 US8090874B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a client's network connection thru a change in network identifier |
US11/157,315 US7340772B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for continuing an operation interrupted from a reconnection between a client and server |
US11/158,156 US7502726B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a session between a client and host service |
IL174814A IL174814A0 (en) | 2003-10-10 | 2006-04-05 | Automatically reconnecting a client across reliable and persistent communication sessions |
HK07100142.0A HK1096212A1 (en) | 2003-10-10 | 2007-01-04 | Automatically reconnecting a client across reliable and persistent communication sessions |
US13/008,634 US8874791B2 (en) | 2001-06-13 | 2011-01-18 | Automatically reconnecting a client across reliable and persistent communication sessions |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/880,268 US7100200B2 (en) | 2001-06-13 | 2001-06-13 | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
US10/683,881 US7562146B2 (en) | 2003-10-10 | 2003-10-10 | Encapsulating protocol for session persistence and reliability |
US10/711,646 US20050198379A1 (en) | 2001-06-13 | 2004-09-29 | Automatically reconnecting a client across reliable and persistent communication sessions |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/880,268 Continuation-In-Part US7100200B2 (en) | 2001-06-13 | 2001-06-13 | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
US10/683,881 Continuation-In-Part US7562146B2 (en) | 2001-06-13 | 2003-10-10 | Encapsulating protocol for session persistence and reliability |
Related Child Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/158,156 Division US7502726B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a session between a client and host service |
US11/157,315 Division US7340772B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for continuing an operation interrupted from a reconnection between a client and server |
US11/157,289 Division US8090874B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a client's network connection thru a change in network identifier |
Publications (1)
Publication Number | Publication Date |
---|---|
US20050198379A1 true US20050198379A1 (en) | 2005-09-08 |
Family
ID=34437417
Family Applications (5)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/711,646 Abandoned US20050198379A1 (en) | 2001-06-13 | 2004-09-29 | Automatically reconnecting a client across reliable and persistent communication sessions |
US11/157,289 Expired - Fee Related US8090874B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a client's network connection thru a change in network identifier |
US11/158,156 Expired - Fee Related US7502726B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a session between a client and host service |
US11/157,315 Expired - Lifetime US7340772B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for continuing an operation interrupted from a reconnection between a client and server |
US13/008,634 Expired - Lifetime US8874791B2 (en) | 2001-06-13 | 2011-01-18 | Automatically reconnecting a client across reliable and persistent communication sessions |
Family Applications After (4)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/157,289 Expired - Fee Related US8090874B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a client's network connection thru a change in network identifier |
US11/158,156 Expired - Fee Related US7502726B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for maintaining a session between a client and host service |
US11/157,315 Expired - Lifetime US7340772B2 (en) | 2001-06-13 | 2005-06-20 | Systems and methods for continuing an operation interrupted from a reconnection between a client and server |
US13/008,634 Expired - Lifetime US8874791B2 (en) | 2001-06-13 | 2011-01-18 | Automatically reconnecting a client across reliable and persistent communication sessions |
Country Status (7)
Country | Link |
---|---|
US (5) | US20050198379A1 (en) |
EP (1) | EP1678917B1 (en) |
JP (1) | JP2007514337A (en) |
KR (1) | KR20060120035A (en) |
AU (1) | AU2004306771A1 (en) |
CA (1) | CA2542139C (en) |
WO (1) | WO2005036857A1 (en) |
Cited By (76)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030188195A1 (en) * | 2002-04-01 | 2003-10-02 | Abdo Nadim Y. | Automatic re-authentication |
US20030212776A1 (en) * | 2002-05-07 | 2003-11-13 | Roberts David Gary | Methods and systems for changing a topology of a network |
US20060067244A1 (en) * | 2004-09-30 | 2006-03-30 | Microsoft Corporation | Registration identifier reuse |
US20060174117A1 (en) * | 2005-02-03 | 2006-08-03 | Nokia Corporation | Authentication using GAA functionality for unidirectional network connections |
US20060259626A1 (en) * | 2005-03-16 | 2006-11-16 | Stone-Kaplan Kimberly A | Automatic reconnect and reacquisition in a computer investigation system |
US20060271681A1 (en) * | 2005-05-31 | 2006-11-30 | Microsoft Corporation | Re-establishing a connection for an application layer via a service layer |
US20070021113A1 (en) * | 2005-06-28 | 2007-01-25 | Bitfone Corp. | Device management network with support for roaming |
US20070146766A1 (en) * | 2005-12-28 | 2007-06-28 | Konica Minolta Business Technologies, Inc. | Image processor, an image processing system, and a method of executing jobs |
WO2007089179A1 (en) * | 2006-02-03 | 2007-08-09 | Mideye Ab | A system, an arrangement and a method for end user authentication |
EP1868353A1 (en) * | 2006-06-15 | 2007-12-19 | NEC Corporation | Thin client system using session managing server and session managing method |
US20080091970A1 (en) * | 2006-10-12 | 2008-04-17 | Takehiro Hanai | Information processing system and method |
US20080263653A1 (en) * | 2007-04-17 | 2008-10-23 | International Business Machines Corporation | Apparatus, system, and method for establishing a reusable and reconfigurable model for fast and persistent connections in database drivers |
US20090328172A1 (en) * | 2007-09-18 | 2009-12-31 | Microsoft Corporation | Sessionless redirection in terminal services |
US20100040066A1 (en) * | 2008-08-13 | 2010-02-18 | Lucent Technologies Inc. | Network address lookup based on bloom filters |
US20100070757A1 (en) * | 2008-09-12 | 2010-03-18 | Michael Anthony Martinez | System and method to authenticate a user utilizing a time-varying auxiliary code |
US20100318813A1 (en) * | 2001-12-05 | 2010-12-16 | Sandra Lynn Carrico | Network security device and method |
WO2011008284A1 (en) | 2009-07-15 | 2011-01-20 | Alibaba Group Holding Limited | Management of an instant message session |
US20110047219A1 (en) * | 2009-08-18 | 2011-02-24 | Microsoft Corporation | Maintaining communication connections during temporary network disruptions |
US7937370B2 (en) | 2000-09-22 | 2011-05-03 | Axeda Corporation | Retrieving data from a server |
US7966418B2 (en) | 2003-02-21 | 2011-06-21 | Axeda Corporation | Establishing a virtual tunnel between two computer programs |
US8023985B1 (en) * | 2004-06-07 | 2011-09-20 | Nortel Networks Limited | Transitioning a state of a connection in response to an indication that a wireless link to a wireless device has been lost |
US8055758B2 (en) | 2000-07-28 | 2011-11-08 | Axeda Corporation | Reporting the state of an apparatus to a remote computer |
US8060886B2 (en) | 2002-04-17 | 2011-11-15 | Axeda Corporation | XML scripting of SOAP commands |
US8065397B2 (en) | 2006-12-26 | 2011-11-22 | Axeda Acquisition Corporation | Managing configurations of distributed devices |
US8108543B2 (en) | 2000-09-22 | 2012-01-31 | Axeda Corporation | Retrieving data from a server |
US20120084561A1 (en) * | 2010-09-30 | 2012-04-05 | Microsoft Corporation | Token-based authentication using middle tier |
CN102739635A (en) * | 2011-03-21 | 2012-10-17 | 微软公司 | Automatic rejoining of conferences |
US20120271956A1 (en) * | 2011-04-19 | 2012-10-25 | Fujitsu Limited | Transmission apparatus, transmission control method, and transmission control program |
US8370479B2 (en) | 2006-10-03 | 2013-02-05 | Axeda Acquisition Corporation | System and method for dynamically grouping devices based on present device conditions |
US20130054734A1 (en) * | 2011-08-23 | 2013-02-28 | Microsoft Corporation | Migration of cloud applications between a local computing device and cloud |
US8406119B2 (en) | 2001-12-20 | 2013-03-26 | Axeda Acquisition Corporation | Adaptive device-initiated polling |
US8468515B2 (en) | 2000-11-17 | 2013-06-18 | Hewlett-Packard Development Company, L.P. | Initialization and update of software and/or firmware in electronic devices |
US8479189B2 (en) | 2000-11-17 | 2013-07-02 | Hewlett-Packard Development Company, L.P. | Pattern detection preprocessor in an electronic device update generation system |
US8526940B1 (en) | 2004-08-17 | 2013-09-03 | Palm, Inc. | Centralized rules repository for smart phone customer care |
US20130262867A1 (en) * | 2012-04-03 | 2013-10-03 | Audax Health Solutions, Inc. | Methods and apparatus for protecting sensitive data in distributed applications |
US8555273B1 (en) | 2003-09-17 | 2013-10-08 | Palm. Inc. | Network for updating electronic devices |
US8578361B2 (en) | 2004-04-21 | 2013-11-05 | Palm, Inc. | Updating an electronic device with update agent code |
US8612611B2 (en) | 2010-02-03 | 2013-12-17 | Nec Corporation | Proxy apparatus and operation method thereof |
US8752044B2 (en) | 2006-07-27 | 2014-06-10 | Qualcomm Incorporated | User experience and dependency management in a mobile device |
US20140235355A1 (en) * | 2012-12-11 | 2014-08-21 | Tencent Technology (Shenzhen) Company Limited | Method and communication system for unlocking user data |
US8893110B2 (en) | 2006-06-08 | 2014-11-18 | Qualcomm Incorporated | Device management in a network |
US8902449B1 (en) * | 2007-01-03 | 2014-12-02 | Crimson Corporation | Systems and methods for determining when results from a criteria scan are deleted from a computing device |
US8966112B1 (en) | 2009-11-30 | 2015-02-24 | Dell Software Inc. | Network protocol proxy |
US20150082390A1 (en) * | 2013-09-08 | 2015-03-19 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
US20150113603A1 (en) * | 2003-03-21 | 2015-04-23 | David M. T. Ting | System and method for data and request filtering |
US20150149536A1 (en) * | 2013-11-27 | 2015-05-28 | Sharp Kabushiki Kaisha | Network system, constant connection method, communication method, electronic device, constant connection server, application server, and program |
US20150200926A1 (en) * | 2014-01-15 | 2015-07-16 | Ricoh Company, Ltd. | Information processing system and authentication method |
US9118650B1 (en) * | 2013-09-23 | 2015-08-25 | Amazon Technologies, Inc. | Persistent connections for email web applications |
TWI502375B (en) * | 2010-03-09 | 2015-10-01 | Alibaba Group Holding Ltd | Instant messaging method, system and device |
US9276979B2 (en) | 2010-09-01 | 2016-03-01 | Vuclip (Singapore) Pte. Ltd. | System and methods for resilient media streaming |
US9323921B2 (en) | 2010-07-13 | 2016-04-26 | Microsoft Technology Licensing, Llc | Ultra-low cost sandboxing for application appliances |
US9389933B2 (en) | 2011-12-12 | 2016-07-12 | Microsoft Technology Licensing, Llc | Facilitating system service request interactions for hardware-protected applications |
US9398111B1 (en) | 2013-08-30 | 2016-07-19 | hopTo Inc. | File caching upon disconnection |
US9413538B2 (en) | 2011-12-12 | 2016-08-09 | Microsoft Technology Licensing, Llc | Cryptographic certification of secure hosted execution environments |
US20160330220A1 (en) * | 2015-05-07 | 2016-11-10 | Cyber-Ark Software Ltd. | Systems and Methods for Detecting and Reacting to Malicious Activity in Computer Networks |
US9495183B2 (en) | 2011-05-16 | 2016-11-15 | Microsoft Technology Licensing, Llc | Instruction set emulation for guest operating systems |
US20160337420A1 (en) * | 2008-04-15 | 2016-11-17 | Vmware, Inc. | Media Acceleration for Virtual Computing Services |
US20160352708A1 (en) * | 2015-05-29 | 2016-12-01 | Nagravision S.A. | Systems and methods for conducting secure voip multi-party calls |
CN106416172A (en) * | 2014-03-24 | 2017-02-15 | 诺基亚技术有限公司 | Content management |
US9588803B2 (en) | 2009-05-11 | 2017-03-07 | Microsoft Technology Licensing, Llc | Executing native-code applications in a browser |
US20170207921A1 (en) * | 2014-07-18 | 2017-07-20 | Nokia Technologies Oy | Access to a node |
CN107113178A (en) * | 2015-01-08 | 2017-08-29 | 耐腾信股份公司 | Recover the network communication method of function with terminal session |
EP1934780B1 (en) * | 2005-09-12 | 2017-11-08 | Microsoft Technology Licensing, LLC | Creating secure interactive connections with remote resources |
US20170339258A1 (en) * | 2016-05-20 | 2017-11-23 | Citrix Systems, Inc. | Adaptive Session Reliability over Multiple Transports |
US9891882B2 (en) | 2015-06-01 | 2018-02-13 | Nagravision S.A. | Methods and systems for conveying encrypted data to a communication device |
US9900366B2 (en) | 2013-09-17 | 2018-02-20 | Amazon Technologies, Inc. | Email webclient notification queuing |
US9900769B2 (en) | 2015-05-29 | 2018-02-20 | Nagravision S.A. | Methods and systems for establishing an encrypted-audio session |
US20180082050A1 (en) * | 2013-09-08 | 2018-03-22 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
US9961027B2 (en) | 2013-09-17 | 2018-05-01 | Amazon Technolgies, Inc. | Email webclient automatic failover |
US20180247029A1 (en) * | 2017-02-28 | 2018-08-30 | 19Labs Inc. | System and method for a telemedicine device to securely relay personal data to a remote terminal |
US10356059B2 (en) | 2015-06-04 | 2019-07-16 | Nagravision S.A. | Methods and systems for communication-session arrangement on behalf of cryptographic endpoints |
US10432592B2 (en) * | 2015-05-10 | 2019-10-01 | Citrix Systems, Inc. | Password encryption for hybrid cloud services |
US10447672B2 (en) * | 2016-11-01 | 2019-10-15 | Salesforce.Com, Inc. | Facilitating encrypted persistent storage in browsers |
US10698739B2 (en) | 2012-03-07 | 2020-06-30 | Vmware, Inc. | Multitenant access to multiple desktops on host machine partitions in a service provider network |
US11082217B1 (en) * | 2019-01-31 | 2021-08-03 | Amazon Technologies, Inc. | Session resumption |
US11449328B2 (en) * | 2019-08-30 | 2022-09-20 | Fujitsu Limited | Communication control device, communication control method, and storage medium |
Families Citing this family (167)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7290288B2 (en) | 1997-06-11 | 2007-10-30 | Prism Technologies, L.L.C. | Method and system for controlling access, by an authentication server, to protected computer resources provided via an internet protocol network |
US6928469B1 (en) | 1998-12-29 | 2005-08-09 | Citrix Systems, Inc. | Apparatus and method for determining a program neighborhood for a client node in a client-server network using markup language techniques |
US20050198379A1 (en) | 2001-06-13 | 2005-09-08 | Citrix Systems, Inc. | Automatically reconnecting a client across reliable and persistent communication sessions |
US7363376B2 (en) * | 2001-07-31 | 2008-04-22 | Arraycomm Llc | Method and apparatus for generating an identifier to facilitate delivery of enhanced data services in a mobile computing environment |
US8135843B2 (en) * | 2002-03-22 | 2012-03-13 | Citrix Systems, Inc. | Methods and systems for providing access to an application |
JP3882917B2 (en) * | 2003-04-03 | 2007-02-21 | 日本アイ・ビー・エム株式会社 | Information processing system, information processing apparatus, and program |
US8473620B2 (en) * | 2003-04-14 | 2013-06-25 | Riverbed Technology, Inc. | Interception of a cloud-based communication connection |
US7409451B1 (en) | 2003-05-30 | 2008-08-05 | Aol Llc, A Delaware Limited Liability Company | Switching between connectivity types to maintain connectivity |
US9081620B1 (en) * | 2003-09-11 | 2015-07-14 | Oracle America, Inc. | Multi-grid mechanism using peer-to-peer protocols |
US7978716B2 (en) | 2003-11-24 | 2011-07-12 | Citrix Systems, Inc. | Systems and methods for providing a VPN solution |
US8954590B2 (en) * | 2004-04-27 | 2015-02-10 | Sap Ag | Tunneling apparatus and method for client-server communication |
US7580867B2 (en) * | 2004-05-04 | 2009-08-25 | Paul Nykamp | Methods for interactively displaying product information and for collaborative product design |
US8495305B2 (en) | 2004-06-30 | 2013-07-23 | Citrix Systems, Inc. | Method and device for performing caching of dynamically generated objects in a data communication network |
US8739274B2 (en) | 2004-06-30 | 2014-05-27 | Citrix Systems, Inc. | Method and device for performing integrated caching in a data communication network |
US7757074B2 (en) | 2004-06-30 | 2010-07-13 | Citrix Application Networking, Llc | System and method for establishing a virtual private network |
KR20070037649A (en) | 2004-07-23 | 2007-04-05 | 사이트릭스 시스템스, 인크. | A method and systems for routing packets from a gateway to an endpoint |
EP1771998B1 (en) | 2004-07-23 | 2015-04-15 | Citrix Systems, Inc. | Systems and methods for optimizing communications between network nodes |
KR20070083482A (en) | 2004-08-13 | 2007-08-24 | 사이트릭스 시스템스, 인크. | A method for maintaining transaction integrity across multiple remote access servers |
US8954595B2 (en) | 2004-12-30 | 2015-02-10 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP buffering |
US8706877B2 (en) | 2004-12-30 | 2014-04-22 | Citrix Systems, Inc. | Systems and methods for providing client-side dynamic redirection to bypass an intermediary |
US8549149B2 (en) | 2004-12-30 | 2013-10-01 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP multiplexing |
US7810089B2 (en) | 2004-12-30 | 2010-10-05 | Citrix Systems, Inc. | Systems and methods for automatic installation and execution of a client-side acceleration program |
US8700695B2 (en) | 2004-12-30 | 2014-04-15 | Citrix Systems, Inc. | Systems and methods for providing client-side accelerated access to remote applications via TCP pooling |
EP2739014B1 (en) * | 2005-01-24 | 2018-08-01 | Citrix Systems, Inc. | Systems and methods for performing caching of dynamically generated objects in a network |
US8255456B2 (en) | 2005-12-30 | 2012-08-28 | Citrix Systems, Inc. | System and method for performing flash caching of dynamically generated objects in a data communication network |
US7831833B2 (en) * | 2005-04-22 | 2010-11-09 | Citrix Systems, Inc. | System and method for key recovery |
US8438628B2 (en) * | 2005-08-10 | 2013-05-07 | Riverbed Technology, Inc. | Method and apparatus for split-terminating a secure network connection, with client authentication |
US8478986B2 (en) * | 2005-08-10 | 2013-07-02 | Riverbed Technology, Inc. | Reducing latency of split-terminated secure communication protocol sessions |
US7725737B2 (en) * | 2005-10-14 | 2010-05-25 | Check Point Software Technologies, Inc. | System and methodology providing secure workspace environment |
JP4670598B2 (en) * | 2005-11-04 | 2011-04-13 | 日本電気株式会社 | Network system, proxy server, session management method, and program |
US7921184B2 (en) | 2005-12-30 | 2011-04-05 | Citrix Systems, Inc. | System and method for performing flash crowd caching of dynamically generated objects in a data communication network |
US8301839B2 (en) | 2005-12-30 | 2012-10-30 | Citrix Systems, Inc. | System and method for performing granular invalidation of cached dynamically generated objects in a data communication network |
US8788807B2 (en) | 2006-01-13 | 2014-07-22 | Qualcomm Incorporated | Privacy protection in communication systems |
US8782393B1 (en) | 2006-03-23 | 2014-07-15 | F5 Networks, Inc. | Accessing SSL connection data by a third-party |
US7904563B2 (en) * | 2006-03-31 | 2011-03-08 | Microsoft Corporation | Establishing and utilizing terminal server dynamic virtual channels |
US8356171B2 (en) * | 2006-04-26 | 2013-01-15 | Cisco Technology, Inc. | System and method for implementing fast reauthentication |
JP2007318650A (en) * | 2006-05-29 | 2007-12-06 | Funai Electric Co Ltd | Client/server system |
US20070288645A1 (en) * | 2006-06-08 | 2007-12-13 | International Business Machines Corporation | Method and System for Persistent and Reliable Data Transmission |
US20090005122A1 (en) * | 2006-07-10 | 2009-01-01 | David Elliot Goldfarb | Advertisement-based dialing |
US20080075096A1 (en) * | 2006-09-22 | 2008-03-27 | Enthenergy, Llc | Remote access to secure network devices |
US20080091814A1 (en) * | 2006-10-16 | 2008-04-17 | Tao Xie | Network Connection Fast Recovery |
WO2008074366A1 (en) * | 2006-12-19 | 2008-06-26 | Telefonaktiebolaget Lm Ericsson (Publ) | Managing user access in a communications network |
EP2103019A4 (en) | 2007-01-09 | 2012-07-11 | Visa Usa Inc | Contactless transaction |
US8201218B2 (en) * | 2007-02-28 | 2012-06-12 | Microsoft Corporation | Strategies for securely applying connection policies via a gateway |
US8650297B2 (en) * | 2007-03-14 | 2014-02-11 | Cisco Technology, Inc. | Unified user interface for network management systems |
US8020195B2 (en) * | 2007-03-30 | 2011-09-13 | Citrix Systems, Inc. | Systems and methods for user login |
US8224919B2 (en) * | 2007-04-04 | 2012-07-17 | Research In Motion Limited | Mobile communications system including intermediate service provider and related methods |
US8291483B2 (en) * | 2007-04-30 | 2012-10-16 | Hewlett-Packard Development Company, L.P. | Remote network device with security policy failsafe |
US20090003387A1 (en) * | 2007-06-27 | 2009-01-01 | Microsoft Corporation | Synchronization Between Connection Manager and Extension Components |
US20090006537A1 (en) * | 2007-06-29 | 2009-01-01 | Microsoft Corporation | Virtual Desktop Integration with Terminal Services |
KR101092675B1 (en) * | 2007-07-06 | 2011-12-09 | 엘지전자 주식회사 | Wireless network management method, and station supporting the method |
JP5002830B2 (en) * | 2007-07-31 | 2012-08-15 | ソフトバンクモバイル株式会社 | COMMUNICATION MODULE, COMMUNICATION METHOD, COMMUNICATION PROGRAM, COMMUNICATION TERMINAL, AND COMMUNICATION CONTROL DEVICE |
US8782251B2 (en) * | 2008-02-27 | 2014-07-15 | Microsoft Corporation | Automated configuration of network mode |
US8683062B2 (en) | 2008-02-28 | 2014-03-25 | Microsoft Corporation | Centralized publishing of network resources |
US20090259757A1 (en) * | 2008-04-15 | 2009-10-15 | Microsoft Corporation | Securely Pushing Connection Settings to a Terminal Server Using Tickets |
US8112487B2 (en) * | 2008-05-20 | 2012-02-07 | Raytheon Company | System and method for message filtering |
EP2304567A2 (en) * | 2008-05-20 | 2011-04-06 | Raytheon Company | Method and apparatus for providing a synchronous interface for an asynchronous service |
US8200751B2 (en) * | 2008-05-20 | 2012-06-12 | Raytheon Company | System and method for maintaining stateful information |
US20090292785A1 (en) * | 2008-05-20 | 2009-11-26 | Raytheon Company | System and method for dynamic contact lists |
WO2009143107A2 (en) * | 2008-05-20 | 2009-11-26 | Raytheon Company | System and method for collaborative messaging and data distribution |
WO2009147215A2 (en) * | 2008-06-04 | 2009-12-10 | Nokia Siemens Networks Oy | Device management in visited network |
US8346225B2 (en) | 2009-01-28 | 2013-01-01 | Headwater Partners I, Llc | Quality of service for device assisted services |
US8832777B2 (en) | 2009-03-02 | 2014-09-09 | Headwater Partners I Llc | Adapting network policies based on device service processor configuration |
US8626115B2 (en) * | 2009-01-28 | 2014-01-07 | Headwater Partners I Llc | Wireless network service interfaces |
US8548428B2 (en) | 2009-01-28 | 2013-10-01 | Headwater Partners I Llc | Device group partitions and settlement platform |
US8340634B2 (en) | 2009-01-28 | 2012-12-25 | Headwater Partners I, Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
US8402111B2 (en) | 2009-01-28 | 2013-03-19 | Headwater Partners I, Llc | Device assisted services install |
US8275830B2 (en) | 2009-01-28 | 2012-09-25 | Headwater Partners I Llc | Device assisted CDR creation, aggregation, mediation and billing |
US8391834B2 (en) | 2009-01-28 | 2013-03-05 | Headwater Partners I Llc | Security techniques for device assisted services |
US8406748B2 (en) | 2009-01-28 | 2013-03-26 | Headwater Partners I Llc | Adaptive ambient services |
US8589541B2 (en) | 2009-01-28 | 2013-11-19 | Headwater Partners I Llc | Device-assisted services for protecting network capacity |
US8630192B2 (en) | 2009-01-28 | 2014-01-14 | Headwater Partners I Llc | Verifiable and accurate service usage monitoring for intermediate networking devices |
US8612862B2 (en) * | 2008-06-27 | 2013-12-17 | Microsoft Corporation | Integrated client for access to remote resources |
US8149431B2 (en) | 2008-11-07 | 2012-04-03 | Citrix Systems, Inc. | Systems and methods for managing printer settings in a networked computing environment |
JP5161736B2 (en) * | 2008-11-18 | 2013-03-13 | 株式会社東芝 | Fault diagnosis program, method, and communication apparatus |
US10492102B2 (en) | 2009-01-28 | 2019-11-26 | Headwater Research Llc | Intermediate networking devices |
US10841839B2 (en) | 2009-01-28 | 2020-11-17 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US10200541B2 (en) | 2009-01-28 | 2019-02-05 | Headwater Research Llc | Wireless end-user device with divided user space/kernel space traffic policy system |
US9572019B2 (en) | 2009-01-28 | 2017-02-14 | Headwater Partners LLC | Service selection set published to device agent with on-device service selection |
US11218854B2 (en) | 2009-01-28 | 2022-01-04 | Headwater Research Llc | Service plan design, user interfaces, application programming interfaces, and device management |
US9954975B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Enhanced curfew and protection associated with a device group |
US10248996B2 (en) | 2009-01-28 | 2019-04-02 | Headwater Research Llc | Method for operating a wireless end-user device mobile payment agent |
US10715342B2 (en) | 2009-01-28 | 2020-07-14 | Headwater Research Llc | Managing service user discovery and service launch object placement on a device |
US9392462B2 (en) | 2009-01-28 | 2016-07-12 | Headwater Partners I Llc | Mobile end-user device with agent limiting wireless data communication for specified background applications based on a stored policy |
US9270559B2 (en) | 2009-01-28 | 2016-02-23 | Headwater Partners I Llc | Service policy implementation for an end-user device having a control application or a proxy agent for routing an application traffic flow |
US9980146B2 (en) | 2009-01-28 | 2018-05-22 | Headwater Research Llc | Communications device with secure data path processing agents |
US10326800B2 (en) | 2009-01-28 | 2019-06-18 | Headwater Research Llc | Wireless network service interfaces |
US10779177B2 (en) | 2009-01-28 | 2020-09-15 | Headwater Research Llc | Device group partitions and settlement platform |
US9955332B2 (en) | 2009-01-28 | 2018-04-24 | Headwater Research Llc | Method for child wireless device activation to subscriber account of a master wireless device |
US10783581B2 (en) | 2009-01-28 | 2020-09-22 | Headwater Research Llc | Wireless end-user device providing ambient or sponsored services |
US10798252B2 (en) | 2009-01-28 | 2020-10-06 | Headwater Research Llc | System and method for providing user notifications |
US9565707B2 (en) | 2009-01-28 | 2017-02-07 | Headwater Partners I Llc | Wireless end-user device with wireless data attribution to multiple personas |
US10484858B2 (en) | 2009-01-28 | 2019-11-19 | Headwater Research Llc | Enhanced roaming services and converged carrier networks with device assisted services and a proxy |
US10237757B2 (en) | 2009-01-28 | 2019-03-19 | Headwater Research Llc | System and method for wireless network offloading |
US10264138B2 (en) | 2009-01-28 | 2019-04-16 | Headwater Research Llc | Mobile device and service management |
US10064055B2 (en) | 2009-01-28 | 2018-08-28 | Headwater Research Llc | Security, fraud detection, and fraud mitigation in device-assisted services systems |
US10057775B2 (en) | 2009-01-28 | 2018-08-21 | Headwater Research Llc | Virtualized policy and charging system |
US9706061B2 (en) | 2009-01-28 | 2017-07-11 | Headwater Partners I Llc | Service design center for device assisted services |
US8707043B2 (en) * | 2009-03-03 | 2014-04-22 | Riverbed Technology, Inc. | Split termination of secure communication sessions with mutual certificate-based authentication |
US8555069B2 (en) * | 2009-03-06 | 2013-10-08 | Microsoft Corporation | Fast-reconnection of negotiable authentication network clients |
US9578113B2 (en) | 2009-04-15 | 2017-02-21 | Wyse Technology L.L.C. | Method and apparatus for transferring remote session data |
US9553953B2 (en) | 2009-04-15 | 2017-01-24 | Dell Products L.P. | Method and apparatus for extending capabilities of a virtualization domain to support features available in a normal desktop application |
US8676926B2 (en) | 2009-04-15 | 2014-03-18 | Wyse Technology L.L.C. | System and method for handling remote drawing commands |
US9444894B2 (en) * | 2009-04-15 | 2016-09-13 | Wyse Technology Llc | System and method for communicating events at a server to a remote device |
US8930527B2 (en) * | 2009-05-26 | 2015-01-06 | Oracle International Corporation | High availability enabler |
US8219676B2 (en) | 2009-06-22 | 2012-07-10 | Citrix Systems, Inc. | Systems and methods for web logging of trace data in a multi-core system |
CN101997673B (en) * | 2009-08-17 | 2012-11-21 | 成都市华为赛门铁克科技有限公司 | Network agent implementation method and device |
US20110047610A1 (en) * | 2009-08-19 | 2011-02-24 | Keypair Technologies, Inc. | Modular Framework for Virtualization of Identity and Authentication Processing for Multi-Factor Authentication |
US8599834B2 (en) * | 2009-09-29 | 2013-12-03 | Ipc Systems, Inc. | Systems, methods, and computer program products for providing a manual ring-down communication line using session initiation protocol |
US8688816B2 (en) * | 2009-11-19 | 2014-04-01 | Oracle International Corporation | High availability by letting application session processing occur independent of protocol servers |
US8479268B2 (en) | 2009-12-15 | 2013-07-02 | International Business Machines Corporation | Securing asynchronous client server transactions |
US8265591B1 (en) * | 2010-02-02 | 2012-09-11 | Sprint Communications Company L.P. | Blocking subscribers defaulting payment from network access |
US8700892B2 (en) | 2010-03-19 | 2014-04-15 | F5 Networks, Inc. | Proxy SSL authentication in split SSL for client-side proxy agent resources with content insertion |
US9443078B2 (en) | 2010-04-20 | 2016-09-13 | International Business Machines Corporation | Secure access to a virtual machine |
US8452877B2 (en) * | 2010-04-28 | 2013-05-28 | Lenovo (Singapore) Pte. Ltd. | Establishing a remote desktop |
US20120084369A1 (en) * | 2010-09-30 | 2012-04-05 | Microsoft Corporation | Unified Reconnection To Multiple Remote Servers |
US8607306B1 (en) * | 2010-11-10 | 2013-12-10 | Google Inc. | Background auto-submit of login credentials |
KR20140109478A (en) * | 2010-12-30 | 2014-09-15 | 인터디지탈 패튼 홀딩스, 인크 | Authentication and secure channel setup for communication handoff scenarios |
JP5677899B2 (en) * | 2011-06-16 | 2015-02-25 | 株式会社三菱東京Ufj銀行 | Information processing apparatus and information processing method |
US10855734B2 (en) * | 2011-06-29 | 2020-12-01 | Interdigital Ce Patent Holdings | Remote management of devices |
US9215225B2 (en) | 2013-03-29 | 2015-12-15 | Citrix Systems, Inc. | Mobile device locking with context |
US20140032733A1 (en) | 2011-10-11 | 2014-01-30 | Citrix Systems, Inc. | Policy-Based Application Management |
US9143530B2 (en) | 2011-10-11 | 2015-09-22 | Citrix Systems, Inc. | Secure container for protecting enterprise data on a mobile device |
US8806570B2 (en) | 2011-10-11 | 2014-08-12 | Citrix Systems, Inc. | Policy-based application management |
US9280377B2 (en) | 2013-03-29 | 2016-03-08 | Citrix Systems, Inc. | Application with multiple operation modes |
US20140053234A1 (en) | 2011-10-11 | 2014-02-20 | Citrix Systems, Inc. | Policy-Based Application Management |
US9537899B2 (en) | 2012-02-29 | 2017-01-03 | Microsoft Technology Licensing, Llc | Dynamic selection of security protocol |
US10936591B2 (en) | 2012-05-15 | 2021-03-02 | Microsoft Technology Licensing, Llc | Idempotent command execution |
US9239868B2 (en) | 2012-06-19 | 2016-01-19 | Microsoft Technology Licensing, Llc | Virtual session management and reestablishment |
US9251194B2 (en) | 2012-07-26 | 2016-02-02 | Microsoft Technology Licensing, Llc | Automatic data request recovery after session failure |
US8898109B2 (en) | 2012-07-27 | 2014-11-25 | Microsoft Corporation | Automatic transaction retry after session failure |
US9553935B2 (en) * | 2012-09-29 | 2017-01-24 | Oracle International Corporation | Mechanism for configuring service endpoints in native client applications at runtime |
US20140108558A1 (en) | 2012-10-12 | 2014-04-17 | Citrix Systems, Inc. | Application Management Framework for Secure Data Sharing in an Orchestration Framework for Connected Devices |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US20140109176A1 (en) | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Configuring and providing profiles that manage execution of mobile applications |
US20140109171A1 (en) * | 2012-10-15 | 2014-04-17 | Citrix Systems, Inc. | Providing Virtualized Private Network tunnels |
US8910239B2 (en) * | 2012-10-15 | 2014-12-09 | Citrix Systems, Inc. | Providing virtualized private network tunnels |
US20140108793A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Controlling mobile device access to secure data |
US9235464B2 (en) | 2012-10-16 | 2016-01-12 | Microsoft Technology Licensing, Llc | Smart error recovery for database applications |
US20140109072A1 (en) | 2012-10-16 | 2014-04-17 | Citrix Systems, Inc. | Application wrapping for application management framework |
US9606774B2 (en) | 2012-10-16 | 2017-03-28 | Citrix Systems, Inc. | Wrapping an application with field-programmable business logic |
US9971585B2 (en) | 2012-10-16 | 2018-05-15 | Citrix Systems, Inc. | Wrapping unmanaged applications on a mobile device |
US9485233B1 (en) | 2012-11-02 | 2016-11-01 | Wyse Technology L.L.C. | Virtual desktop accelerator support for network gateway |
US9374351B1 (en) * | 2012-11-02 | 2016-06-21 | Wyse Technology L.L.C. | Virtual desktop accelerator support for network gateway |
US9992185B1 (en) | 2012-11-02 | 2018-06-05 | Wyse Technology L.L.C. | Virtual desktop accelerator support for network gateway |
US9560069B1 (en) | 2012-12-02 | 2017-01-31 | Symantec Corporation | Method and system for protection of messages in an electronic messaging system |
WO2014159862A1 (en) | 2013-03-14 | 2014-10-02 | Headwater Partners I Llc | Automated credential porting for mobile devices |
US9355223B2 (en) | 2013-03-29 | 2016-05-31 | Citrix Systems, Inc. | Providing a managed browser |
US8850049B1 (en) | 2013-03-29 | 2014-09-30 | Citrix Systems, Inc. | Providing mobile device management functionalities for a managed browser |
US10284627B2 (en) | 2013-03-29 | 2019-05-07 | Citrix Systems, Inc. | Data management for an application with multiple operation modes |
US9985850B2 (en) | 2013-03-29 | 2018-05-29 | Citrix Systems, Inc. | Providing mobile device management functionalities |
US9413736B2 (en) | 2013-03-29 | 2016-08-09 | Citrix Systems, Inc. | Providing an enterprise application store |
KR101586151B1 (en) * | 2013-08-28 | 2016-01-18 | 주식회사 케이티 | Method for reconnection between controllers and network apparatus |
US9553925B2 (en) | 2014-02-21 | 2017-01-24 | Dell Products L.P. | Front-end high availability proxy |
US9936002B2 (en) | 2014-02-21 | 2018-04-03 | Dell Products L.P. | Video compose function |
US20150244835A1 (en) * | 2014-02-21 | 2015-08-27 | Andrew T. Fausak | Transcoding instance with multiple channels |
US9930013B2 (en) * | 2014-11-14 | 2018-03-27 | Cisco Technology, Inc. | Control of out-of-band multipath connections |
KR101506223B1 (en) * | 2014-12-10 | 2015-03-27 | (주)한위드정보기술 | Automatic Reconnection System For Virtualization Service |
FR3057373A1 (en) * | 2016-10-12 | 2018-04-13 | Orange | SECURING AN AUTHENTICATION DATABASE THROUGH A NETWORK |
US10791103B2 (en) * | 2016-10-28 | 2020-09-29 | Vmware, Inc. | Adapting remote display protocols to remote applications |
KR102034528B1 (en) * | 2016-11-07 | 2019-10-21 | 한국전자통신연구원 | Method and apparatus for transceiving data based on multiple channels |
US10613994B2 (en) * | 2017-03-29 | 2020-04-07 | Intel Corporation | Methods and apparatus to establish a connection between a supplicant and a secured network |
JP7033978B2 (en) * | 2018-03-28 | 2022-03-11 | 株式会社トプコン | Remote control system for surveying instruments |
EP3970016A4 (en) * | 2019-06-21 | 2022-05-18 | Snapt, Inc | Control configuration for a plurality of endpoint devices |
CN113206790B (en) * | 2021-04-30 | 2022-10-18 | 网络通信与安全紫金山实验室 | SRv6 transmission path authentication method, system and storage medium based on time period |
US20220377061A1 (en) * | 2021-05-20 | 2022-11-24 | Zebra Technonolgies Corporation | Accelerated Reconnection in Authenticated Networks |
KR102339028B1 (en) * | 2021-06-17 | 2021-12-15 | 농업협동조합중앙회 | Robot process automation apparatus and operating method of thereof |
Citations (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4438511A (en) * | 1980-11-10 | 1984-03-20 | Telebit Corporation | Packetized ensemble modem |
US4649510A (en) * | 1982-04-30 | 1987-03-10 | Schmidt Walter E | Methods and apparatus for the protection and control of computer programs |
US4736369A (en) * | 1986-06-13 | 1988-04-05 | International Business Machines Corp. | Adaptive session-level pacing |
US4750171A (en) * | 1986-07-11 | 1988-06-07 | Tadiran Electronics Industries Ltd. | Data switching system and method |
US4768190A (en) * | 1986-04-30 | 1988-08-30 | Og Corporation | Packet switching network |
US4837800A (en) * | 1988-03-18 | 1989-06-06 | Motorola, Inc. | Cellular data telephone system and cellular data telephone therefor |
US4893307A (en) * | 1988-02-29 | 1990-01-09 | International Business Machines Corporation | Method and apparatus for linking SNA terminals to an SNA host over a packet switched communications network |
US4912756A (en) * | 1989-04-07 | 1990-03-27 | Unilink Corporation | Method and apparatus for error-free digital data transmission during cellular telephone handoff, etc. |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
US4941089A (en) * | 1986-12-12 | 1990-07-10 | Datapoint Corporation | Input/output network for computer system |
US4953159A (en) * | 1989-01-03 | 1990-08-28 | American Telephone And Telegraph Company | Audiographics conferencing arrangement |
US5010549A (en) * | 1988-04-23 | 1991-04-23 | Kabushiki Kaisha Kenwood | Packet data generator |
US5021949A (en) * | 1988-02-29 | 1991-06-04 | International Business Machines Corporation | Method and apparatus for linking an SNA host to a remote SNA host over a packet switched communications network |
US5181200A (en) * | 1990-10-29 | 1993-01-19 | International Business Machines Corporation | Handoff method and apparatus for mobile wireless workstation |
US5204897A (en) * | 1991-06-28 | 1993-04-20 | Digital Equipment Corporation | Management interface for license management system |
US5210753A (en) * | 1991-10-31 | 1993-05-11 | International Business Machines Corporation | Robust scheduling mechanm for efficient band-width usage in muliticell wireless local networks |
US5212806A (en) * | 1990-10-29 | 1993-05-18 | International Business Machines Corporation | Distributed control methods for management of migrating data stations in a wireless communications network |
US5220501A (en) * | 1989-12-08 | 1993-06-15 | Online Resources, Ltd. | Method and system for remote delivery of retail banking services |
US5224098A (en) * | 1991-07-17 | 1993-06-29 | International Business Machines Corporation | Compensation for mismatched transport protocols in a data communications network |
US5276680A (en) * | 1991-04-11 | 1994-01-04 | Telesystems Slw Inc. | Wireless coupling of devices to wired network |
US5307490A (en) * | 1992-08-28 | 1994-04-26 | Tandem Computers, Inc. | Method and system for implementing remote procedure calls in a distributed computer system |
US5325361A (en) * | 1992-12-01 | 1994-06-28 | Legent Corporation | System and method for multiplexing data transmissions |
US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
US5410543A (en) * | 1993-01-04 | 1995-04-25 | Apple Computer, Inc. | Method for connecting a mobile computer to a computer network by using an address server |
US5412717A (en) * | 1992-05-15 | 1995-05-02 | Fischer; Addison M. | Computer system security method and apparatus having program authorization information data structures |
US5412654A (en) * | 1994-01-10 | 1995-05-02 | International Business Machines Corporation | Highly dynamic destination-sequenced destination vector routing for mobile computers |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5426637A (en) * | 1992-12-14 | 1995-06-20 | International Business Machines Corporation | Methods and apparatus for interconnecting local area networks with wide area backbone networks |
US5481721A (en) * | 1991-07-17 | 1996-01-02 | Next Computer, Inc. | Method for providing automatic and dynamic translation of object oriented programming language-based message passing into operation system message passing using proxy objects |
US5481535A (en) * | 1994-06-29 | 1996-01-02 | General Electric Company | Datagram message communication service employing a hybrid network |
US5490139A (en) * | 1994-09-28 | 1996-02-06 | International Business Machines Corporation | Mobility enabling access point architecture for wireless attachment to source routing networks |
US5491800A (en) * | 1993-12-20 | 1996-02-13 | Taligent, Inc. | Object-oriented remote procedure call networking system |
US5491750A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
US5499343A (en) * | 1993-12-17 | 1996-03-12 | Taligent, Inc. | Object-oriented networking system with dynamically configurable communication links |
US5504814A (en) * | 1991-07-10 | 1996-04-02 | Hughes Aircraft Company | Efficient security kernel for the 80960 extended architecture |
US5509070A (en) * | 1992-12-15 | 1996-04-16 | Softlock Services Inc. | Method for encouraging purchase of executable and non-executable software |
US5515508A (en) * | 1993-12-17 | 1996-05-07 | Taligent, Inc. | Client server system and method of operation including a dynamically configurable protocol stack |
US5524238A (en) * | 1994-03-23 | 1996-06-04 | Breakout I/O Corporation | User specific intelligent interface which intercepts and either replaces or passes commands to a data identity and the field accessed |
US5592549A (en) * | 1995-06-15 | 1997-01-07 | Infosafe Systems, Inc. | Method and apparatus for retrieving selected information from a secure information source |
US5594490A (en) * | 1994-05-23 | 1997-01-14 | Cable Services Technologies, Inc. | System for distributing video/audio files from central location to a plurality of cable headends |
US5602916A (en) * | 1994-10-05 | 1997-02-11 | Motorola, Inc. | Method and apparatus for preventing unauthorized monitoring of wireless data transmissions |
US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5610595A (en) * | 1991-12-09 | 1997-03-11 | Intermec Corporation | Packet radio communication system protocol |
US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US5623601A (en) * | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
US5627892A (en) * | 1995-04-19 | 1997-05-06 | General Instrument Corporation Of Delaware | Data security scheme for point-to-point communication sessions |
US5627821A (en) * | 1994-03-15 | 1997-05-06 | Hitachi, Ltd. | Defect notification method in a multipoint ATM network |
US5633868A (en) * | 1994-10-17 | 1997-05-27 | Lucent Technologies Inc. | Virtual circuit management in cellular telecommunications |
US5638513A (en) * | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5638358A (en) * | 1994-04-27 | 1997-06-10 | Nec Corporation | Protection switching system having impedance matching circuits |
US5652789A (en) * | 1994-09-30 | 1997-07-29 | Wildfire Communications, Inc. | Network based knowledgeable assistant |
US5717737A (en) * | 1995-06-01 | 1998-02-10 | Padcom, Inc. | Apparatus and method for transparent wireless communication between a remote device and a host system |
US5721818A (en) * | 1996-01-25 | 1998-02-24 | Apple Computer, Inc. | Method and system for enabling a file server to service multiple networks of the same network protocol family by invoking multiple instances of a network session protocol |
US5724346A (en) * | 1995-01-11 | 1998-03-03 | Fujitsu Limited | Means for maintaining connectable access points owing to movement of a mobile station between cells in a wireless LAN system |
US5729734A (en) * | 1995-11-03 | 1998-03-17 | Apple Computer, Inc. | File privilege administration apparatus and methods |
US5732074A (en) * | 1996-01-16 | 1998-03-24 | Cellport Labs, Inc. | Mobile portable wireless communication system |
US5737416A (en) * | 1994-04-25 | 1998-04-07 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub |
US5742757A (en) * | 1996-05-30 | 1998-04-21 | Mitsubishi Semiconductor America, Inc. | Automatic software license manager |
US5748897A (en) * | 1996-07-02 | 1998-05-05 | Sun Microsystems, Inc. | Apparatus and method for operating an aggregation of server computers using a dual-role proxy server computer |
US5752185A (en) * | 1994-11-21 | 1998-05-12 | Lucent Technologies Inc. | Disconnection management system for wireless voice communications |
US5754774A (en) * | 1996-02-15 | 1998-05-19 | International Business Machine Corp. | Client/server communication system |
US5758186A (en) * | 1995-10-06 | 1998-05-26 | Sun Microsystems, Inc. | Method and apparatus for generically handling diverse protocol method calls in a client/server computer system |
US5768525A (en) * | 1995-09-08 | 1998-06-16 | U.S. Robotics Corp. | Transparent support of protocol and data compression features for data communication |
US5771459A (en) * | 1994-06-21 | 1998-06-23 | U.S. Philips Corporation | Communication system for use with stationary and second entities, via a wireless intermediate network with gateway devices, a gateway device for use with such system, and a mobile entity provided with such gateway device |
US5784643A (en) * | 1996-03-28 | 1998-07-21 | International Business Machines Corporation | System incorporating program for intercepting and interpreting or altering commands for generating I/O activity for enabling real-time user feedback by sending substitute characters to modem |
US5856974A (en) * | 1996-02-13 | 1999-01-05 | Novell, Inc. | Internetwork address mapping gateway |
US5889816A (en) * | 1996-02-02 | 1999-03-30 | Lucent Technologies, Inc. | Wireless adapter architecture for mobile computing |
US5909431A (en) * | 1996-06-28 | 1999-06-01 | At&T Corp. | Packet mode multimedia conferencing services over an ISDN wide area network |
US5923756A (en) * | 1997-02-12 | 1999-07-13 | Gte Laboratories Incorporated | Method for providing secure remote command execution over an insecure computer network |
US6058480A (en) * | 1996-06-03 | 2000-05-02 | Cranberry Properties, Llc | System for remote pass-phase authentication |
US6065120A (en) * | 1997-12-09 | 2000-05-16 | Phone.Com, Inc. | Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices |
US6085247A (en) * | 1998-06-08 | 2000-07-04 | Microsoft Corporation | Server operating system for supporting multiple client-server sessions and dynamic reconnection of users to previous sessions using different computers |
US6094423A (en) * | 1998-08-03 | 2000-07-25 | Motorola, Inc. | Wireless protocol method and apparatus supporting transaction requests with variable length responses |
US6169992B1 (en) * | 1995-11-07 | 2001-01-02 | Cadis Inc. | Search engine for remote access to database management systems |
US6199113B1 (en) * | 1998-04-15 | 2001-03-06 | Sun Microsystems, Inc. | Apparatus and method for providing trusted network security |
US6226618B1 (en) * | 1998-08-13 | 2001-05-01 | International Business Machines Corporation | Electronic content delivery system |
US20020012320A1 (en) * | 2000-03-16 | 2002-01-31 | Ogier Richard G. | Mobile ad hoc extensions for the internet |
US6349337B1 (en) * | 1997-11-14 | 2002-02-19 | Microsoft Corporation | Maintaining a first session on a first computing device and subsequently connecting to the first session via different computing devices and adapting the first session to conform to the different computing devices system configurations |
US20020029340A1 (en) * | 1999-05-28 | 2002-03-07 | Pensak David A. | Method of encrypting information for remote access while maintaining access control |
US6360265B1 (en) * | 1998-07-08 | 2002-03-19 | Lucent Technologies Inc. | Arrangement of delivering internet protocol datagrams for multimedia services to the same server |
US20020078208A1 (en) * | 1998-10-07 | 2002-06-20 | Richard Crump | Efficient recovery of multiple connections in a communication network |
US6421768B1 (en) * | 1999-05-04 | 2002-07-16 | First Data Corporation | Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment |
US20030018913A1 (en) * | 2001-06-20 | 2003-01-23 | Brezak John E. | Methods and systems for controlling the scope of delegation of authentication credentials |
US6564320B1 (en) * | 1998-06-30 | 2003-05-13 | Verisign, Inc. | Local hosting of digital certificate services |
US6574239B1 (en) * | 1998-10-07 | 2003-06-03 | Eric Morgan Dowling | Virtual connection of a remote unit to a server |
US6681017B1 (en) * | 1997-09-03 | 2004-01-20 | Lucent Technologies Inc. | Simplified secure shared key establishment and data delivery protocols for electronic commerce |
US6691232B1 (en) * | 1999-08-05 | 2004-02-10 | Sun Microsystems, Inc. | Security architecture with environment sensitive credential sufficiency evaluation |
US6697377B1 (en) * | 2000-10-21 | 2004-02-24 | Innomedia Pte Ltd. | Method for communicating audio data in a packet switched network |
US6714536B1 (en) * | 1998-07-21 | 2004-03-30 | Eric M. Dowling | Method and apparatus for cosocket telephony |
US6725376B1 (en) * | 1997-11-13 | 2004-04-20 | Ncr Corporation | Method of using an electronic ticket and distributed server computer architecture for the same |
US6757283B1 (en) * | 1999-01-25 | 2004-06-29 | Nippon Telegraph And Telephone Corporation | Push network |
US6845387B1 (en) * | 2000-04-07 | 2005-01-18 | Advanced Digital Information Corporation | Creating virtual private connections between end points across a SAN |
US6857071B1 (en) * | 1998-07-29 | 2005-02-15 | Nec Corporation | System and method for distributing digital works, apparatus and method for reproducing digital works, and computer program product |
US6874086B1 (en) * | 2000-08-10 | 2005-03-29 | Oridus, Inc. | Method and apparatus implemented in a firewall for communicating information between programs employing different protocols |
US20050144186A1 (en) * | 1999-12-02 | 2005-06-30 | Lambertus Hesselink | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
US20050149481A1 (en) * | 1999-12-02 | 2005-07-07 | Lambertus Hesselink | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
US6993652B2 (en) * | 2001-10-05 | 2006-01-31 | General Instrument Corporation | Method and system for providing client privacy when requesting content from a public server |
US6996631B1 (en) * | 2000-08-17 | 2006-02-07 | International Business Machines Corporation | System having a single IP address associated with communication protocol stacks in a cluster of processing systems |
US7010300B1 (en) * | 2000-06-15 | 2006-03-07 | Sprint Spectrum L.P. | Method and system for intersystem wireless communications session hand-off |
Family Cites Families (341)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4435511A (en) | 1982-09-13 | 1984-03-06 | Owens-Illinois, Inc. | Glasses suitable for sealing ferrites |
GB2168831B (en) | 1984-11-13 | 1988-04-27 | Dowty Information Services Lim | Password-protected data link |
US5349678A (en) | 1991-08-21 | 1994-09-20 | Norand Corporation | Versatile RF data capture system |
DE69030340T2 (en) | 1989-02-24 | 1997-11-20 | Digital Equipment Corp | Broker for the selection of computer network servers |
CA2048306A1 (en) | 1990-10-02 | 1992-04-03 | Steven P. Miller | Distributed configuration profile for computing system |
US5159592A (en) | 1990-10-29 | 1992-10-27 | International Business Machines Corporation | Network address management for a wired network supporting wireless communication to a plurality of mobile users |
US5241542A (en) | 1991-08-23 | 1993-08-31 | International Business Machines Corporation | Battery efficient operation of scheduled access protocol |
DE4131133B4 (en) | 1991-09-19 | 2005-09-08 | Robert Bosch Gmbh | Method and device for exchanging data in data processing systems |
US5359721A (en) * | 1991-12-18 | 1994-10-25 | Sun Microsystems, Inc. | Non-supervisor mode cross address space dynamic linking |
US6850252B1 (en) | 1999-10-05 | 2005-02-01 | Steven M. Hoffberg | Intelligent electronic appliance system and method |
AU3944793A (en) | 1992-03-31 | 1993-11-08 | Aggregate Computing, Inc. | An integrated remote execution system for a heterogenous computer network environment |
US6026452A (en) | 1997-02-26 | 2000-02-15 | Pitts; William Michael | Network distributed site cache RAM claimed as up/down stream request/reply channel for storing anticipated data and meta data |
US5265159A (en) | 1992-06-23 | 1993-11-23 | Hughes Aircraft Company | Secure file erasure |
US5442633A (en) | 1992-07-08 | 1995-08-15 | International Business Machines Corporation | Shortcut network layer routing for mobile hosts |
CA2103297A1 (en) | 1992-12-07 | 1994-06-08 | Donald J. Kennedy | Interception system and method including user interface |
US5550976A (en) | 1992-12-08 | 1996-08-27 | Sun Hydraulics Corporation | Decentralized distributed asynchronous object oriented system and method for electronic data management, storage, and communication |
FR2703362B1 (en) * | 1993-03-31 | 1997-08-29 | Aerospatiale | METHOD AND MACHINE FOR BONDING AN ADHESIVE PROTECTION EDGE ON THE EDGE OF A MULTI-LAYER PANEL SUCH AS A THERMAL PROTECTION PANEL OF A SPACE ENGINE. |
US6006090A (en) | 1993-04-28 | 1999-12-21 | Proxim, Inc. | Providing roaming capability for mobile computers in a standard network |
US5796727A (en) | 1993-04-30 | 1998-08-18 | International Business Machines Corporation | Wide-area wireless lan access |
US5446915A (en) | 1993-05-25 | 1995-08-29 | Intel Corporation | Parallel processing system virtual connection method and apparatus with protection and flow control |
FI107102B (en) | 1993-05-31 | 2001-05-31 | Nokia Networks Oy | Method for reporting call costs and subscriber unit |
EP0631455A1 (en) | 1993-06-25 | 1994-12-28 | Siemens Aktiengesellschaft | Method for maintaining virtual connections in case of at least partial breakdown of branches |
US5794207A (en) | 1996-09-04 | 1998-08-11 | Walker Asset Management Limited Partnership | Method and apparatus for a cryptographically assisted commercial network system designed to facilitate buyer-driven conditional purchase offers |
US6249818B1 (en) | 1993-06-30 | 2001-06-19 | Compaq Computer Corporation | Network transport driver interfacing |
US5564070A (en) | 1993-07-30 | 1996-10-08 | Xerox Corporation | Method and system for maintaining processing continuity to mobile computers in a wireless network |
US5359593A (en) | 1993-08-26 | 1994-10-25 | International Business Machines Corporation | Dynamic bandwidth estimation and adaptation for packet communications networks |
US5544246A (en) | 1993-09-17 | 1996-08-06 | At&T Corp. | Smartcard adapted for a plurality of service providers and for remote installation of same |
US5446736A (en) | 1993-10-07 | 1995-08-29 | Ast Research, Inc. | Method and apparatus for connecting a node to a wireless network using a standard protocol |
US5455953A (en) | 1993-11-03 | 1995-10-03 | Wang Laboratories, Inc. | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
US5835726A (en) | 1993-12-15 | 1998-11-10 | Check Point Software Technologies Ltd. | System for securing the flow of and selectively modifying packets in a computer network |
US5564016A (en) * | 1993-12-17 | 1996-10-08 | International Business Machines Corporation | Method for controlling access to a computer resource based on a timing policy |
US5548723A (en) | 1993-12-17 | 1996-08-20 | Taligent, Inc. | Object-oriented network protocol configuration system utilizing a dynamically configurable protocol stack |
US5559800A (en) | 1994-01-19 | 1996-09-24 | Research In Motion Limited | Remote control of gateway functions in a wireless data communication network |
US5553139A (en) * | 1994-04-04 | 1996-09-03 | Novell, Inc. | Method and apparatus for electronic license distribution |
US5757907A (en) | 1994-04-25 | 1998-05-26 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification |
US5574774A (en) | 1994-05-04 | 1996-11-12 | Ericsson Inc. | Method and apparatus of maintaining an open communications channel between a cellular terminal and an associated cellular radio network |
US5586257A (en) | 1994-05-05 | 1996-12-17 | Perlman; Stephen G. | Network architecture to support multiple site real-time video games |
US5550981A (en) * | 1994-06-21 | 1996-08-27 | At&T Global Information Solutions Company | Dynamic binding of network identities to locally-meaningful identities in computer networks |
US5557732A (en) | 1994-08-11 | 1996-09-17 | International Business Machines Corporation | Method and apparatus for protecting software executing on a demonstration computer |
US5659544A (en) | 1994-10-17 | 1997-08-19 | Lucent Technologies Inc. | Method and system for distributed control in wireless cellular and personal communication systems |
US5566225A (en) | 1994-11-21 | 1996-10-15 | Lucent Technologies Inc. | Wireless data communications system for detecting a disabled condition and simulating a functioning mode in response to detection |
US5668999A (en) | 1994-12-20 | 1997-09-16 | Sun Microsystems, Inc. | System and method for pre-verification of stack usage in bytecode program loops |
US5682478A (en) | 1995-01-19 | 1997-10-28 | Microsoft Corporation | Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server |
JPH08235114A (en) | 1995-02-28 | 1996-09-13 | Hitachi Ltd | Server access method and charge information managing method |
US5664007A (en) | 1995-03-06 | 1997-09-02 | Samadi; Behrokh | Method and apparatus for providing continuation of a communication call across multiple networks |
US5572528A (en) | 1995-03-20 | 1996-11-05 | Novell, Inc. | Mobile networking method and apparatus |
EP0734144A3 (en) | 1995-03-20 | 1999-08-18 | Siemens Aktiengesellschaft | Method and apparatus for determination of user charges in a subscriber apparatus |
US5623492A (en) | 1995-03-24 | 1997-04-22 | U S West Technologies, Inc. | Methods and systems for managing bandwidth resources in a fast packet switching network |
US5666501A (en) | 1995-03-30 | 1997-09-09 | International Business Machines Corporation | Method and apparatus for installing software |
US5689708A (en) * | 1995-03-31 | 1997-11-18 | Showcase Corporation | Client/server computer systems having control of client-based application programs, and application-program control means therefor |
US6418324B1 (en) | 1995-06-01 | 2002-07-09 | Padcom, Incorporated | Apparatus and method for transparent wireless communication between a remote device and host system |
US5657390A (en) | 1995-08-25 | 1997-08-12 | Netscape Communications Corporation | Secure socket layer application program apparatus and method |
US5682534A (en) | 1995-09-12 | 1997-10-28 | International Business Machines Corporation | Transparent local RPC optimization |
KR100307016B1 (en) | 1995-11-14 | 2001-11-02 | 포만 제프리 엘 | Information handling system for allowing a generic web browser to access servers of a plurality of different protocol types |
US6112085A (en) | 1995-11-30 | 2000-08-29 | Amsc Subsidiary Corporation | Virtual network configuration and management system for satellite communication system |
US5673322A (en) | 1996-03-22 | 1997-09-30 | Bell Communications Research, Inc. | System and method for providing protocol translation and filtering to access the world wide web from wireless or low-bandwidth networks |
JP3510042B2 (en) * | 1996-04-26 | 2004-03-22 | 株式会社日立製作所 | Database management method and system |
GB2313524A (en) * | 1996-05-24 | 1997-11-26 | Ibm | Providing communications links in a computer network |
EP0851628A1 (en) | 1996-12-23 | 1998-07-01 | ICO Services Ltd. | Key distribution for mobile network |
US6324525B1 (en) | 1996-06-17 | 2001-11-27 | Hewlett-Packard Company | Settlement of aggregated electronic transactions over a network |
US5987132A (en) | 1996-06-17 | 1999-11-16 | Verifone, Inc. | System, method and article of manufacture for conditionally accepting a payment method utilizing an extensible, flexible architecture |
US5850446A (en) | 1996-06-17 | 1998-12-15 | Verifone, Inc. | System, method and article of manufacture for virtual point of sale processing utilizing an extensible, flexible architecture |
US5983208A (en) | 1996-06-17 | 1999-11-09 | Verifone, Inc. | System, method and article of manufacture for handling transaction results in a gateway payment architecture utilizing a multichannel, extensible, flexible architecture |
US6119105A (en) | 1996-06-17 | 2000-09-12 | Verifone, Inc. | System, method and article of manufacture for initiation of software distribution from a point of certificate creation utilizing an extensible, flexible architecture |
US6178409B1 (en) | 1996-06-17 | 2001-01-23 | Verifone, Inc. | System, method and article of manufacture for multiple-entry point virtual point of sale architecture |
US6373950B1 (en) | 1996-06-17 | 2002-04-16 | Hewlett-Packard Company | System, method and article of manufacture for transmitting messages within messages utilizing an extensible, flexible architecture |
US6026379A (en) | 1996-06-17 | 2000-02-15 | Verifone, Inc. | System, method and article of manufacture for managing transactions in a high availability system |
US6002767A (en) | 1996-06-17 | 1999-12-14 | Verifone, Inc. | System, method and article of manufacture for a modular gateway server architecture |
US5943424A (en) | 1996-06-17 | 1999-08-24 | Hewlett-Packard Company | System, method and article of manufacture for processing a plurality of transactions from a single initiation point on a multichannel, extensible, flexible architecture |
US6072870A (en) | 1996-06-17 | 2000-06-06 | Verifone Inc. | System, method and article of manufacture for a gateway payment architecture utilizing a multichannel, extensible, flexible architecture |
US6253027B1 (en) | 1996-06-17 | 2001-06-26 | Hewlett-Packard Company | System, method and article of manufacture for exchanging software and configuration data over a multichannel, extensible, flexible architecture |
US5889863A (en) | 1996-06-17 | 1999-03-30 | Verifone, Inc. | System, method and article of manufacture for remote virtual point of sale processing utilizing a multichannel, extensible, flexible architecture |
US5812668A (en) | 1996-06-17 | 1998-09-22 | Verifone, Inc. | System, method and article of manufacture for verifying the operation of a remote transaction clearance system utilizing a multichannel, extensible, flexible architecture |
US6058250A (en) * | 1996-06-19 | 2000-05-02 | At&T Corp | Bifurcated transaction system in which nonsensitive information is exchanged using a public network connection and sensitive information is exchanged after automatically configuring a private network connection |
US6088451A (en) | 1996-06-28 | 2000-07-11 | Mci Communications Corporation | Security system and method for network element access |
US6272556B1 (en) | 1996-07-01 | 2001-08-07 | Sun Microsystems, Inc. | Object-oriented system, method and article of manufacture for migrating a client-server application (#5) |
US5812671A (en) | 1996-07-17 | 1998-09-22 | Xante Corporation | Cryptographic communication system |
US5848064A (en) | 1996-08-07 | 1998-12-08 | Telxon Corporation | Wireless software upgrades with version control |
US5931917A (en) | 1996-09-26 | 1999-08-03 | Verifone, Inc. | System, method and article of manufacture for a gateway system architecture with system administration information accessible from a browser |
US5978840A (en) | 1996-09-26 | 1999-11-02 | Verifone, Inc. | System, method and article of manufacture for a payment gateway system architecture for processing encrypted payment transactions utilizing a multichannel, extensible, flexible architecture |
US5944791A (en) * | 1996-10-04 | 1999-08-31 | Contigo Software Llc | Collaborative web browser |
JP3492865B2 (en) * | 1996-10-16 | 2004-02-03 | 株式会社東芝 | Mobile computer device and packet encryption authentication method |
JPH10178421A (en) * | 1996-10-18 | 1998-06-30 | Toshiba Corp | Packet processor, mobile computer, packet transferring method and packet processing method |
US6101543A (en) | 1996-10-25 | 2000-08-08 | Digital Equipment Corporation | Pseudo network adapter for frame capture, encapsulation and encryption |
JP3651721B2 (en) | 1996-11-01 | 2005-05-25 | 株式会社東芝 | Mobile computer device, packet processing device, and communication control method |
US5974151A (en) | 1996-11-01 | 1999-10-26 | Slavin; Keith R. | Public key cryptographic system having differential security levels |
US6131116A (en) * | 1996-12-13 | 2000-10-10 | Visto Corporation | System and method for globally accessing computer services |
US5987611A (en) | 1996-12-31 | 1999-11-16 | Zone Labs, Inc. | System and methodology for managing internet access on a per application basis for client computers connected to the internet |
US6026440A (en) | 1997-01-27 | 2000-02-15 | International Business Machines Corporation | Web server account manager plug-in for monitoring resources |
US6055575A (en) | 1997-01-28 | 2000-04-25 | Ascend Communications, Inc. | Virtual private network system and method |
US5996076A (en) | 1997-02-19 | 1999-11-30 | Verifone, Inc. | System, method and article of manufacture for secure digital certification of electronic commerce |
AU6654798A (en) * | 1997-02-26 | 1998-09-18 | Siebel Systems, Inc. | Method of determining visibility to a remote database client of a plurality of database transactions using a networked proxy server |
US6304637B1 (en) * | 1997-03-14 | 2001-10-16 | Itxc, Inc. | Method and apparatus for establishing and facilitating a direct quality voice call to a telephone extension on behalf of a client computer |
US6282172B1 (en) | 1997-04-01 | 2001-08-28 | Yipes Communications, Inc. | Generating acknowledgement signals in a data communication system |
US6161123A (en) | 1997-05-06 | 2000-12-12 | Intermec Ip Corporation | Providing reliable communication over an unreliable transport layer in a hand-held device using a persistent session |
US20020115407A1 (en) | 1997-05-07 | 2002-08-22 | Broadcloud Communications, Inc. | Wireless ASP systems and methods |
US6166729A (en) | 1997-05-07 | 2000-12-26 | Broadcloud Communications, Inc. | Remote digital image viewing system and method |
US6408174B1 (en) | 1997-05-13 | 2002-06-18 | Telefonaktiebolaget Lm Ericsson (Publ) | Communication method, system, and device for reducing processor load at tariff switch |
US6201962B1 (en) * | 1997-05-14 | 2001-03-13 | Telxon Corporation | Seamless roaming among multiple networks including seamless transitioning between multiple devices |
US6154461A (en) | 1997-05-14 | 2000-11-28 | Telxon Corporation | Seamless roaming among multiple networks |
US6091951A (en) | 1997-05-14 | 2000-07-18 | Telxon Corporation | Seamless roaming among multiple networks |
US5968176A (en) | 1997-05-29 | 1999-10-19 | 3Com Corporation | Multilayer firewall system |
US5958016A (en) | 1997-07-13 | 1999-09-28 | Bell Atlantic Network Services, Inc. | Internet-web link for access to intelligent network service control |
US6006268A (en) | 1997-07-31 | 1999-12-21 | Cisco Technology, Inc. | Method and apparatus for reducing overhead on a proxied connection |
US5935212A (en) | 1997-08-07 | 1999-08-10 | I-Planet, Inc. | Connection-oriented session emulation |
US6061796A (en) | 1997-08-26 | 2000-05-09 | V-One Corporation | Multi-access virtual private network |
IL126149A (en) | 1997-09-09 | 2003-07-31 | Sanctum Ltd | Method and system for protecting operations of trusted internal networks |
US6377993B1 (en) | 1997-09-26 | 2002-04-23 | Mci Worldcom, Inc. | Integrated proxy interface for web based data management reports |
US6023724A (en) | 1997-09-26 | 2000-02-08 | 3Com Corporation | Apparatus and methods for use therein for an ISDN LAN modem that displays fault information to local hosts through interception of host DNS request messages |
US6256739B1 (en) | 1997-10-30 | 2001-07-03 | Juno Online Services, Inc. | Method and apparatus to determine user identity and limit access to a communications network |
SG118132A1 (en) | 1997-11-13 | 2006-01-27 | Hyperspace Communications Inc | File transfer system |
AU1421799A (en) | 1997-11-25 | 1999-06-15 | Packeteer, Inc. | Method for automatically classifying traffic in a packet communications network |
US6230004B1 (en) | 1997-12-01 | 2001-05-08 | Telefonaktiebolaget Lm Ericsson | Remote procedure calls using short message service |
US6145109A (en) | 1997-12-12 | 2000-11-07 | 3Com Corporation | Forward error correction system for packet based real time media |
US6170075B1 (en) * | 1997-12-18 | 2001-01-02 | 3Com Corporation | Data and real-time media communication over a lossy network |
US5870412A (en) | 1997-12-12 | 1999-02-09 | 3Com Corporation | Forward error correction system for packet based real time media |
ATE218778T1 (en) | 1997-12-12 | 2002-06-15 | 3Com Corp | A FORWARD ERROR CORRECTION SYSTEM FOR REAL-TIME PACKET-BASED MEDIA |
FR2773935A1 (en) * | 1998-01-19 | 1999-07-23 | Canon Kk | COMMUNICATION METHODS BETWEEN COMPUTER SYSTEMS AND DEVICES USING THE SAME |
US6226750B1 (en) * | 1998-01-20 | 2001-05-01 | Proact Technologies Corp. | Secure session tracking method and system for client-server environment |
US6415329B1 (en) | 1998-03-06 | 2002-07-02 | Massachusetts Institute Of Technology | Method and apparatus for improving efficiency of TCP/IP protocol over high delay-bandwidth network |
US6147986A (en) | 1998-03-06 | 2000-11-14 | Lucent Technologies Inc. | Address updating of wireless mobile terminal hosts affiliated with a wired network |
US6327242B1 (en) | 1998-03-17 | 2001-12-04 | Infolibria, Inc. | Message redirector with cut-through switch for highly reliable and efficient network traffic processor deployment |
US6590588B2 (en) | 1998-05-29 | 2003-07-08 | Palm, Inc. | Wireless, radio-frequency communications using a handheld computer |
US6289461B1 (en) | 1998-06-09 | 2001-09-11 | Placeware, Inc. | Bi-directional process-to-process byte stream protocol |
US6243753B1 (en) | 1998-06-12 | 2001-06-05 | Microsoft Corporation | Method, system, and computer program product for creating a raw data channel form an integrating component to a series of kernel mode filters |
US6308273B1 (en) | 1998-06-12 | 2001-10-23 | Microsoft Corporation | Method and system of security location discrimination |
IL134611A (en) | 1998-06-19 | 2004-05-12 | Juniper Networks Inc | Interconnect network for operation within a communication node |
US6640248B1 (en) | 1998-07-10 | 2003-10-28 | Malibu Networks, Inc. | Application-aware, quality of service (QoS) sensitive, media access control (MAC) layer |
US6452915B1 (en) | 1998-07-10 | 2002-09-17 | Malibu Networks, Inc. | IP-flow classification in a wireless point to multi-point (PTMP) transmission system |
US6269402B1 (en) | 1998-07-20 | 2001-07-31 | Motorola, Inc. | Method for providing seamless communication across bearers in a wireless communication system |
US7277424B1 (en) * | 1998-07-21 | 2007-10-02 | Dowling Eric M | Method and apparatus for co-socket telephony |
US6233619B1 (en) * | 1998-07-31 | 2001-05-15 | Unisys Corporation | Virtual transport layer interface and messaging subsystem for high-speed communications between heterogeneous computer systems |
US6308281B1 (en) | 1998-09-02 | 2001-10-23 | International Business Machines Corporation | Virtual client to gateway connection over multiple physical connections |
GB2341523B (en) | 1998-09-12 | 2003-10-29 | Ibm | Apparatus and method for establishing communication in a computer network |
JP3929186B2 (en) * | 1998-09-18 | 2007-06-13 | 三菱電機株式会社 | Client / server system |
US6546425B1 (en) | 1998-10-09 | 2003-04-08 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
US7136645B2 (en) | 1998-10-09 | 2006-11-14 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
JP2000125029A (en) | 1998-10-12 | 2000-04-28 | Matsushita Electric Ind Co Ltd | Network control unit |
FI108195B (en) * | 1998-10-19 | 2001-11-30 | Nokia Networks Oy | Mechanism for network initiated information transfer |
US6700902B1 (en) | 1998-10-19 | 2004-03-02 | Elster Electricity, Llc | Method and system for improving wireless data packet delivery |
CA2347011A1 (en) | 1998-10-28 | 2000-05-04 | Ellwood Mcgrogan | Apparatus and methods for cryptographic synchronization in packet based communications |
DE69929627T2 (en) | 1998-11-02 | 2006-09-14 | Airbiquity Inc., Bainbridge Island | GEO-ROOM ADDRESSING TO THE INTERNET PROTOCOL |
US6449651B1 (en) * | 1998-11-19 | 2002-09-10 | Toshiba America Information Systems, Inc. | System and method for providing temporary remote access to a computer |
US6253327B1 (en) | 1998-12-02 | 2001-06-26 | Cisco Technology, Inc. | Single step network logon based on point to point protocol |
US6697844B1 (en) | 1998-12-08 | 2004-02-24 | Lucent Technologies, Inc. | Internet browsing using cache-based compaction |
US6333931B1 (en) | 1998-12-28 | 2001-12-25 | Cisco Technology, Inc. | Method and apparatus for interconnecting a circuit-switched telephony network and a packet-switched data network, and applications thereof |
US6452923B1 (en) | 1998-12-31 | 2002-09-17 | At&T Corp | Cable connected wan interconnectivity services for corporate telecommuters |
US6760748B1 (en) | 1999-01-20 | 2004-07-06 | Accenture Llp | Instructional system grouping student terminals |
US6615357B1 (en) | 1999-01-29 | 2003-09-02 | International Business Machines Corporation | System and method for network address translation integration with IP security |
JP2000242589A (en) | 1999-02-25 | 2000-09-08 | Mitsubishi Electric Corp | Computer system for control of transfer of data |
WO2000052552A2 (en) | 1999-03-02 | 2000-09-08 | Quixtar Investments, Inc. | Electronic commerce transactions within a marketing system that may contain a membership buying opportunity |
US6662221B1 (en) | 1999-04-12 | 2003-12-09 | Lucent Technologies Inc. | Integrated network and service management with automated flow through configuration and provisioning of virtual private networks |
US7103068B1 (en) | 1999-05-04 | 2006-09-05 | Sprint Communication Company L.P. | System and method for configuring bandwidth transmission rates for call connections |
US7152092B2 (en) | 1999-05-05 | 2006-12-19 | Indeliq, Inc. | Creating chat rooms with multiple roles for multiple participants |
US6611822B1 (en) | 1999-05-05 | 2003-08-26 | Ac Properties B.V. | System method and article of manufacture for creating collaborative application sharing |
US6505230B1 (en) | 1999-05-14 | 2003-01-07 | Pivia, Inc. | Client-server independent intermediary mechanism |
US6792615B1 (en) | 1999-05-19 | 2004-09-14 | New Horizons Telecasting, Inc. | Encapsulated, streaming media automation and distribution system |
DE60029217T2 (en) | 1999-05-21 | 2007-05-31 | International Business Machines Corp. | METHOD AND DEVICE FOR INITIALIZING SAFE CONNECTIONS BETWEEN AND BETWEEN ONLY CUSTOMIZED CORDLESS EQUIPMENT |
US6957186B1 (en) | 1999-05-27 | 2005-10-18 | Accenture Llp | System method and article of manufacture for building, managing, and supporting various components of a system |
US6536037B1 (en) | 1999-05-27 | 2003-03-18 | Accenture Llp | Identification of redundancies and omissions among components of a web based architecture |
US6519571B1 (en) | 1999-05-27 | 2003-02-11 | Accenture Llp | Dynamic customer profile management |
US6473794B1 (en) | 1999-05-27 | 2002-10-29 | Accenture Llp | System for establishing plan to test components of web based framework by displaying pictorial representation and conveying indicia coded components of existing network framework |
US7165041B1 (en) | 1999-05-27 | 2007-01-16 | Accenture, Llp | Web-based architecture sales tool |
US6615166B1 (en) | 1999-05-27 | 2003-09-02 | Accenture Llp | Prioritizing components of a network framework required for implementation of technology |
US6721713B1 (en) | 1999-05-27 | 2004-04-13 | Andersen Consulting Llp | Business alliance identification in a web architecture framework |
US7882247B2 (en) | 1999-06-11 | 2011-02-01 | Netmotion Wireless, Inc. | Method and apparatus for providing secure connectivity in mobile and other intermittent computing environments |
US6704873B1 (en) | 1999-07-30 | 2004-03-09 | Accenture Llp | Secure gateway interconnection in an e-commerce based environment |
US6601233B1 (en) | 1999-07-30 | 2003-07-29 | Accenture Llp | Business components framework |
US7100195B1 (en) | 1999-07-30 | 2006-08-29 | Accenture Llp | Managing user information on an e-commerce system |
US6523027B1 (en) | 1999-07-30 | 2003-02-18 | Accenture Llp | Interfacing servers in a Java based e-commerce architecture |
US6609128B1 (en) | 1999-07-30 | 2003-08-19 | Accenture Llp | Codes table framework design in an E-commerce architecture |
US6718535B1 (en) | 1999-07-30 | 2004-04-06 | Accenture Llp | System, method and article of manufacture for an activity framework design in an e-commerce based environment |
US6633878B1 (en) | 1999-07-30 | 2003-10-14 | Accenture Llp | Initializing an ecommerce database framework |
US6609198B1 (en) * | 1999-08-05 | 2003-08-19 | Sun Microsystems, Inc. | Log-on service providing credential level change without loss of session continuity |
US6606660B1 (en) | 1999-08-31 | 2003-08-12 | Accenture Llp | Stream-based communication in a communication services patterns environment |
US6477580B1 (en) | 1999-08-31 | 2002-11-05 | Accenture Llp | Self-described stream in a communication services patterns environment |
US6442748B1 (en) | 1999-08-31 | 2002-08-27 | Accenture Llp | System, method and article of manufacture for a persistent state and persistent object separator in an information services patterns environment |
US6539396B1 (en) | 1999-08-31 | 2003-03-25 | Accenture Llp | Multi-object identifier system and method for information service pattern environment |
US6549949B1 (en) | 1999-08-31 | 2003-04-15 | Accenture Llp | Fixed format stream in a communication services patterns environment |
US6571282B1 (en) | 1999-08-31 | 2003-05-27 | Accenture Llp | Block-based communication in a communication services patterns environment |
US6640244B1 (en) | 1999-08-31 | 2003-10-28 | Accenture Llp | Request batcher in a transaction services patterns environment |
US6636242B2 (en) | 1999-08-31 | 2003-10-21 | Accenture Llp | View configurer in a presentation services patterns environment |
US6289382B1 (en) | 1999-08-31 | 2001-09-11 | Andersen Consulting, Llp | System, method and article of manufacture for a globally addressable interface in a communication services patterns environment |
US6611867B1 (en) | 1999-08-31 | 2003-08-26 | Accenture Llp | System, method and article of manufacture for implementing a hybrid network |
US6496850B1 (en) | 1999-08-31 | 2002-12-17 | Accenture Llp | Clean-up of orphaned server contexts |
US6529909B1 (en) | 1999-08-31 | 2003-03-04 | Accenture Llp | Method for translating an object attribute converter in an information services patterns environment |
US6434628B1 (en) | 1999-08-31 | 2002-08-13 | Accenture Llp | Common interface for handling exception interface name with additional prefix and suffix for handling exceptions in environment services patterns |
US6502213B1 (en) | 1999-08-31 | 2002-12-31 | Accenture Llp | System, method, and article of manufacture for a polymorphic exception handler in environment services patterns |
US6339832B1 (en) | 1999-08-31 | 2002-01-15 | Accenture Llp | Exception response table in environment services patterns |
US6477665B1 (en) | 1999-08-31 | 2002-11-05 | Accenture Llp | System, method, and article of manufacture for environment services patterns in a netcentic environment |
US6742015B1 (en) | 1999-08-31 | 2004-05-25 | Accenture Llp | Base services patterns in a netcentric environment |
US6715145B1 (en) | 1999-08-31 | 2004-03-30 | Accenture Llp | Processing pipeline in a base services pattern environment |
US6345239B1 (en) | 1999-08-31 | 2002-02-05 | Accenture Llp | Remote demonstration of business capabilities in an e-commerce environment |
US6697824B1 (en) | 1999-08-31 | 2004-02-24 | Accenture Llp | Relationship management in an E-commerce application framework |
US6438594B1 (en) | 1999-08-31 | 2002-08-20 | Accenture Llp | Delivering service to a client via a locally addressable interface |
US6640249B1 (en) | 1999-08-31 | 2003-10-28 | Accenture Llp | Presentation services patterns in a netcentric environment |
US6842906B1 (en) | 1999-08-31 | 2005-01-11 | Accenture Llp | System and method for a refreshable proxy pool in a communication services patterns environment |
US6601234B1 (en) | 1999-08-31 | 2003-07-29 | Accenture Llp | Attribute dictionary in a business logic services environment |
US6427132B1 (en) | 1999-08-31 | 2002-07-30 | Accenture Llp | System, method and article of manufacture for demonstrating E-commerce capabilities via a simulation on a network |
US6529948B1 (en) | 1999-08-31 | 2003-03-04 | Accenture Llp | Multi-object fetch component |
US6615253B1 (en) | 1999-08-31 | 2003-09-02 | Accenture Llp | Efficient server side data retrieval for execution of client side applications |
US6578068B1 (en) | 1999-08-31 | 2003-06-10 | Accenture Llp | Load balancer in environment services patterns |
US6615199B1 (en) | 1999-08-31 | 2003-09-02 | Accenture, Llp | Abstraction factory in a base services pattern environment |
US6640238B1 (en) | 1999-08-31 | 2003-10-28 | Accenture Llp | Activity component in a presentation services patterns environment |
US6550057B1 (en) | 1999-08-31 | 2003-04-15 | Accenture Llp | Piecemeal retrieval in an information services patterns environment |
US6601192B1 (en) | 1999-08-31 | 2003-07-29 | Accenture Llp | Assertion component in environment services patterns |
US6434568B1 (en) | 1999-08-31 | 2002-08-13 | Accenture Llp | Information services patterns in a netcentric environment |
US6332163B1 (en) | 1999-09-01 | 2001-12-18 | Accenture, Llp | Method for providing communication services over a computer network system |
US6732269B1 (en) | 1999-10-01 | 2004-05-04 | International Business Machines Corporation | Methods, systems and computer program products for enhanced security identity utilizing an SSL proxy |
US6826696B1 (en) | 1999-10-12 | 2004-11-30 | Webmd, Inc. | System and method for enabling single sign-on for networked applications |
US6363065B1 (en) | 1999-11-10 | 2002-03-26 | Quintum Technologies, Inc. | okApparatus for a voice over IP (voIP) telephony gateway and methods for use therein |
US6870921B1 (en) | 1999-11-12 | 2005-03-22 | Metro One Telecommunications, Inc. | Enhanced directory assistance service providing individual or group directories |
US7124101B1 (en) | 1999-11-22 | 2006-10-17 | Accenture Llp | Asset tracking in a network-based supply chain environment |
US6671818B1 (en) | 1999-11-22 | 2003-12-30 | Accenture Llp | Problem isolation through translating and filtering events into a standard object format in a network based supply chain |
US6606744B1 (en) | 1999-11-22 | 2003-08-12 | Accenture, Llp | Providing collaborative installation management in a network-based supply chain environment |
US7130807B1 (en) | 1999-11-22 | 2006-10-31 | Accenture Llp | Technology sharing during demand and supply planning in a network-based supply chain environment |
US20020010866A1 (en) | 1999-12-16 | 2002-01-24 | Mccullough David J. | Method and apparatus for improving peer-to-peer bandwidth between remote networks by combining multiple connections which use arbitrary data paths |
US6904449B1 (en) | 2000-01-14 | 2005-06-07 | Accenture Llp | System and method for an application provider framework |
US6496520B1 (en) | 2000-01-21 | 2002-12-17 | Broadcloud Communications, Inc. | Wireless network system and method |
US6496776B1 (en) | 2000-02-29 | 2002-12-17 | Brad W. Blumberg | Position-based information access device and method |
US7072665B1 (en) | 2000-02-29 | 2006-07-04 | Blumberg Brad W | Position-based information access device and method of searching |
US7058973B1 (en) | 2000-03-03 | 2006-06-06 | Symantec Corporation | Network address translation gateway for local area networks using local IP addresses and non-translatable port addresses |
JP3630065B2 (en) * | 2000-03-03 | 2005-03-16 | 株式会社村田製作所 | Ceramic green sheet manufacturing method and ceramic green sheet manufacturing apparatus |
US7065547B2 (en) | 2000-03-09 | 2006-06-20 | Persels Conrad G | Integrated on-line system with enchanced data transfer protocol |
US7111060B2 (en) | 2000-03-14 | 2006-09-19 | Aep Networks, Inc. | Apparatus and accompanying methods for providing, through a centralized server site, a secure, cost-effective, web-enabled, integrated virtual office environment remotely accessible through a network-connected web browser |
US7343413B2 (en) | 2000-03-21 | 2008-03-11 | F5 Networks, Inc. | Method and system for optimizing a network by independently scaling control segments and data flow |
US8380854B2 (en) | 2000-03-21 | 2013-02-19 | F5 Networks, Inc. | Simplified method for processing multiple connections from the same client |
US6701514B1 (en) | 2000-03-27 | 2004-03-02 | Accenture Llp | System, method, and article of manufacture for test maintenance in an automated scripting framework |
US6502102B1 (en) | 2000-03-27 | 2002-12-31 | Accenture Llp | System, method and article of manufacture for a table-driven automated scripting architecture |
US6907546B1 (en) | 2000-03-27 | 2005-06-14 | Accenture Llp | Language-driven interface for an automated testing framework |
US6553377B1 (en) | 2000-03-31 | 2003-04-22 | Network Associates, Inc. | System and process for maintaining a plurality of remote security applications using a modular framework in a distributed computing environment |
IL135555A0 (en) | 2000-04-09 | 2001-05-20 | Vidius Inc | Preventing unauthorized access to data sent via computer networks |
US7028333B2 (en) | 2000-04-12 | 2006-04-11 | Corente, Inc. | Methods and systems for partners in virtual networks |
US6996628B2 (en) | 2000-04-12 | 2006-02-07 | Corente, Inc. | Methods and systems for managing virtual addresses for virtual networks |
US7181766B2 (en) | 2000-04-12 | 2007-02-20 | Corente, Inc. | Methods and system for providing network services using at least one processor interfacing a base network |
US7028334B2 (en) | 2000-04-12 | 2006-04-11 | Corente, Inc. | Methods and systems for using names in virtual networks |
US7085854B2 (en) | 2000-04-12 | 2006-08-01 | Corente, Inc. | Methods and systems for enabling communication between a processor and a network operations center |
US7047424B2 (en) | 2000-04-12 | 2006-05-16 | Corente, Inc. | Methods and systems for hairpins in virtual networks |
US6671729B1 (en) * | 2000-04-13 | 2003-12-30 | Lockheed Martin Corporation | Autonomously established secure and persistent internet connection and autonomously reestablished without user intervention that connection if it lost |
US6981041B2 (en) | 2000-04-13 | 2005-12-27 | Aep Networks, Inc. | Apparatus and accompanying methods for providing, through a centralized server site, an integrated virtual office environment, remotely accessible via a network-connected web browser, with remote network monitoring and management capabilities |
GB0010238D0 (en) * | 2000-04-28 | 2000-06-14 | Northeastern Components Intern | Locking mechanism for chair and pushbutton control therefor |
US7047279B1 (en) | 2000-05-05 | 2006-05-16 | Accenture, Llp | Creating collaborative application sharing |
US7152047B1 (en) | 2000-05-24 | 2006-12-19 | Esecure.Biz, Inc. | System and method for production and authentication of original documents |
US6732314B1 (en) | 2000-05-26 | 2004-05-04 | 3Com Corporation | Method and apparatus for L2TP forward error correction |
US6766373B1 (en) * | 2000-05-31 | 2004-07-20 | International Business Machines Corporation | Dynamic, seamless switching of a network session from one connection route to another |
US9038170B2 (en) * | 2000-07-10 | 2015-05-19 | Oracle International Corporation | Logging access system events |
WO2002009458A2 (en) | 2000-07-24 | 2002-01-31 | Bluesocket, Inc. | Method and system for enabling seamless roaming in a wireless network |
DE60134255D1 (en) | 2000-07-25 | 2008-07-10 | Juniper Networks Inc | NETWORK ARCHITECTURE AND METHOD FOR TRANSPARENT ONLINE CROSS SECTION CODING AND TRANSMISSION OF NETWORK COMMUNICATION DATA |
US7221660B1 (en) | 2000-08-08 | 2007-05-22 | E.F. Johnson Company | System and method for multicast communications using real time transport protocol (RTP) |
US6691227B1 (en) | 2000-09-08 | 2004-02-10 | Reefedge, Inc. | Location-independent packet routing and secure access in a short-range wireless networking environment |
US20020038339A1 (en) | 2000-09-08 | 2002-03-28 | Wei Xu | Systems and methods for packet distribution |
CA2421609A1 (en) * | 2000-09-12 | 2002-03-21 | Netmotion Wireless, Inc. | Method and apparatus for providing mobile and other intermittent connectivity in a computing environment |
US8250357B2 (en) | 2000-09-13 | 2012-08-21 | Fortinet, Inc. | Tunnel interface for securing traffic over a network |
US6990480B1 (en) | 2000-09-18 | 2006-01-24 | Trancept Limited | Information manager method and system |
US7958185B2 (en) | 2000-09-18 | 2011-06-07 | Bentley Systems, Inc. | Spatial data enabled engineering, construction, and operations computer-aided design (CAD) project system, method and computer program product |
EP1327214A1 (en) | 2000-10-16 | 2003-07-16 | IIS Inc | Method for offering multilingual information translated in many languages through a communication network |
US7620719B2 (en) | 2002-06-06 | 2009-11-17 | Juniper Networks, Inc. | Method and system for providing secure access to private networks |
US8996698B1 (en) * | 2000-11-03 | 2015-03-31 | Truphone Limited | Cooperative network for mobile internet access |
US7140044B2 (en) | 2000-11-13 | 2006-11-21 | Digital Doors, Inc. | Data security system and method for separation of user communities |
US7191252B2 (en) | 2000-11-13 | 2007-03-13 | Digital Doors, Inc. | Data security system and method adjunct to e-mail, browser or telecom program |
US7146644B2 (en) | 2000-11-13 | 2006-12-05 | Digital Doors, Inc. | Data security system and method responsive to electronic attacks |
JP4183379B2 (en) | 2000-11-27 | 2008-11-19 | 富士通株式会社 | Network and edge router |
US6735601B1 (en) | 2000-12-29 | 2004-05-11 | Vmware, Inc. | System and method for remote file access by computer |
US7096009B2 (en) | 2001-03-09 | 2006-08-22 | Research In Motion Limited | Advanced voice and data operations in a mobile data communication device |
US7039606B2 (en) | 2001-03-23 | 2006-05-02 | Restaurant Services, Inc. | System, method and computer program product for contract consistency in a supply chain management framework |
US7120596B2 (en) | 2001-03-23 | 2006-10-10 | Restaurant Services, Inc. | System, method and computer program product for landed cost reporting in a supply chain management framework |
US7171379B2 (en) | 2001-03-23 | 2007-01-30 | Restaurant Services, Inc. | System, method and computer program product for normalizing data in a supply chain management framework |
US6954736B2 (en) | 2001-03-23 | 2005-10-11 | Restaurant Services, Inc. | System, method and computer program product for order confirmation in a supply chain management framework |
US7533409B2 (en) | 2001-03-22 | 2009-05-12 | Corente, Inc. | Methods and systems for firewalling virtual private networks |
US20030074206A1 (en) | 2001-03-23 | 2003-04-17 | Restaurant Services, Inc. | System, method and computer program product for utilizing market demand information for generating revenue |
US7072843B2 (en) | 2001-03-23 | 2006-07-04 | Restaurant Services, Inc. | System, method and computer program product for error checking in a supply chain management framework |
US7136364B2 (en) | 2001-03-29 | 2006-11-14 | Intel Corporation | Maintaining a reliable link |
US7139406B2 (en) | 2001-04-03 | 2006-11-21 | L-3 Communications Security And Detection Systems | Remote baggage screening system, software and method |
US20030041175A2 (en) | 2001-05-03 | 2003-02-27 | Singhal Sandeep K | Method and System for Adapting Short-Range Wireless Access Points for Participation in a Coordinated Networked Environment |
US7224979B2 (en) | 2001-05-03 | 2007-05-29 | Symantec Corporation | Location-aware service proxies in a short-range wireless environment |
US6925481B2 (en) | 2001-05-03 | 2005-08-02 | Symantec Corp. | Technique for enabling remote data access and manipulation from a pervasive device |
US6947444B2 (en) | 2001-06-06 | 2005-09-20 | Ipr Licensing, Inc. | Method and apparatus for improving utilization efficiency of wireless links for web-based applications |
US7216173B2 (en) | 2001-06-12 | 2007-05-08 | Varian Medical Systems Technologies, Inc. | Virtual private network software system |
US7100200B2 (en) * | 2001-06-13 | 2006-08-29 | Citrix Systems, Inc. | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
US20050198379A1 (en) * | 2001-06-13 | 2005-09-08 | Citrix Systems, Inc. | Automatically reconnecting a client across reliable and persistent communication sessions |
US20040107360A1 (en) | 2002-12-02 | 2004-06-03 | Zone Labs, Inc. | System and Methodology for Policy Enforcement |
US6873988B2 (en) | 2001-07-06 | 2005-03-29 | Check Point Software Technologies, Inc. | System and methods providing anti-virus cooperative enforcement |
US7546629B2 (en) | 2002-03-06 | 2009-06-09 | Check Point Software Technologies, Inc. | System and methodology for security policy arbitration |
US7908472B2 (en) | 2001-07-06 | 2011-03-15 | Juniper Networks, Inc. | Secure sockets layer cut through architecture |
US8200818B2 (en) | 2001-07-06 | 2012-06-12 | Check Point Software Technologies, Inc. | System providing internet access management with router-based policy enforcement |
US6832260B2 (en) | 2001-07-26 | 2004-12-14 | International Business Machines Corporation | Methods, systems and computer program products for kernel based transaction processing |
US7013290B2 (en) | 2001-08-03 | 2006-03-14 | John Allen Ananian | Personalized interactive digital catalog profiling |
AU2002323364A1 (en) | 2001-08-24 | 2003-03-10 | Peribit Networks, Inc. | Dynamic multi-point meshed overlay network |
US20030046586A1 (en) | 2001-09-05 | 2003-03-06 | Satyam Bheemarasetti | Secure remote access to data between peers |
US20030046587A1 (en) | 2001-09-05 | 2003-03-06 | Satyam Bheemarasetti | Secure remote access using enterprise peer networks |
AUPR797501A0 (en) * | 2001-09-28 | 2001-10-25 | BlastMedia Pty Limited | A method of displaying content |
US20030084165A1 (en) * | 2001-10-12 | 2003-05-01 | Openwave Systems Inc. | User-centric session management for client-server interaction using multiple applications and devices |
US20030078983A1 (en) | 2001-10-23 | 2003-04-24 | Sullivan Terence Sean | Message prioritization and buffering in a limited network |
US20030078985A1 (en) * | 2001-10-23 | 2003-04-24 | David Holbrook | Proactive message buffering across intermittent network connections |
US7631084B2 (en) | 2001-11-02 | 2009-12-08 | Juniper Networks, Inc. | Method and system for providing secure access to private networks with client redirection |
US7042879B2 (en) * | 2001-11-02 | 2006-05-09 | General Instrument Corporation | Method and apparatus for transferring a communication session |
WO2003043285A2 (en) | 2001-11-13 | 2003-05-22 | Ems Technologies, Inc. | Flow control between performance enhancing proxies over variable bandwidth split links |
US7028183B2 (en) * | 2001-11-13 | 2006-04-11 | Symantec Corporation | Enabling secure communication in a clustered or distributed architecture |
US7054944B2 (en) | 2001-12-19 | 2006-05-30 | Intel Corporation | Access control management system utilizing network and application layer access control lists |
US7509393B2 (en) | 2001-12-19 | 2009-03-24 | International Business Machines Corporation | Method and system for caching role-specific fragments |
KR100436435B1 (en) | 2001-12-26 | 2004-06-16 | 한국전자통신연구원 | Method and Apparatus for Transmitting Packet Using Indirect Ackowledgement over Wire/Wireless Integrated Network |
US7984157B2 (en) | 2002-02-26 | 2011-07-19 | Citrix Systems, Inc. | Persistent and reliable session securely traversing network components using an encapsulating protocol |
US7661129B2 (en) * | 2002-02-26 | 2010-02-09 | Citrix Systems, Inc. | Secure traversal of network components |
US7023979B1 (en) | 2002-03-07 | 2006-04-04 | Wai Wu | Telephony control system with intelligent call routing |
US7107285B2 (en) | 2002-03-16 | 2006-09-12 | Questerra Corporation | Method, system, and program for an improved enterprise spatial system |
US7707287B2 (en) | 2002-03-22 | 2010-04-27 | F5 Networks, Inc. | Virtual host acceleration system |
AU2003226128A1 (en) | 2002-03-27 | 2003-10-13 | First Virtual Communications | System and method for traversing firewalls with protocol communications |
JP4315696B2 (en) | 2002-03-29 | 2009-08-19 | 富士通株式会社 | Host terminal emulation program, relay program, and host terminal emulation method |
US7080404B2 (en) * | 2002-04-01 | 2006-07-18 | Microsoft Corporation | Automatic re-authentication |
US20030208602A1 (en) | 2002-04-08 | 2003-11-06 | Cisco Technology, Inc. | System and method for pushing data in an internet protocol network environment |
US7804785B2 (en) | 2002-04-19 | 2010-09-28 | Avaya Inc. | Network system having an instructional sequence for performing packet processing and optimizing the packet processing |
US7197553B2 (en) | 2002-04-19 | 2007-03-27 | Nortel Networks Limited | Network system having a virtual-service-module |
US7246178B2 (en) | 2002-05-07 | 2007-07-17 | Nortel Networks Limited | Methods and systems for changing a topology of a network |
US20030217126A1 (en) | 2002-05-14 | 2003-11-20 | Polcha Andrew J. | System and method for automatically configuring remote computer |
US7203192B2 (en) | 2002-06-04 | 2007-04-10 | Fortinet, Inc. | Network packet steering |
AU2003276819A1 (en) * | 2002-06-13 | 2003-12-31 | Engedi Technologies, Inc. | Out-of-band remote management station |
US6744774B2 (en) | 2002-06-27 | 2004-06-01 | Nokia, Inc. | Dynamic routing over secure networks |
US7114180B1 (en) | 2002-07-16 | 2006-09-26 | F5 Networks, Inc. | Method and system for authenticating and authorizing requestors interacting with content servers |
US6826627B2 (en) | 2002-09-03 | 2004-11-30 | Burnbag, Ltd. | Data transformation architecture |
US20040078772A1 (en) | 2002-10-16 | 2004-04-22 | Cosine Communications, Inc. | Dynamic route exchange |
US7363347B2 (en) * | 2002-11-07 | 2008-04-22 | Hewlett-Packard Development Company, L.P. | Method and system for reestablishing connection information on a switch connected to plural servers in a computer network |
US20040203296A1 (en) | 2002-11-15 | 2004-10-14 | Globespan Virata Inc. | Method and system for attaching a USB network adapter supporting both RNDIS and non-RNDIS capable operating systems |
TWI234969B (en) | 2002-11-26 | 2005-06-21 | Ind Tech Res Inst | Dynamic network address translation system and method of transparent private network device |
AU2003293381A1 (en) | 2002-12-03 | 2004-06-23 | Funk Software, Inc. | Tunneled authentication protocol for preventing man-in-the-middle attacks |
US7587587B2 (en) | 2002-12-05 | 2009-09-08 | Broadcom Corporation | Data path security processing |
JP4554598B2 (en) | 2003-03-27 | 2010-09-29 | サンディスク アイエル リミテッド | A data storage device that is fully accessible by all users |
US7026954B2 (en) | 2003-06-10 | 2006-04-11 | Bellsouth Intellectual Property Corporation | Automated parking director systems and related methods |
US7746799B2 (en) | 2003-06-20 | 2010-06-29 | Juniper Networks, Inc. | Controlling data link layer elements with network layer elements |
US7467214B2 (en) * | 2003-06-20 | 2008-12-16 | Motorola, Inc. | Invoking protocol translation in a multicast network |
US7532640B2 (en) * | 2003-07-02 | 2009-05-12 | Caterpillar Inc. | Systems and methods for performing protocol conversions in a machine |
US7453852B2 (en) | 2003-07-14 | 2008-11-18 | Lucent Technologies Inc. | Method and system for mobility across heterogeneous address spaces |
WO2005043360A1 (en) | 2003-10-21 | 2005-05-12 | Green Border Technologies | Systems and methods for secure client applications |
US7584500B2 (en) | 2003-11-19 | 2009-09-01 | Hughes Network Systems, Llc | Pre-fetching secure content using proxy architecture |
US8572249B2 (en) | 2003-12-10 | 2013-10-29 | Aventail Llc | Network appliance for balancing load and platform services |
WO2005059684A2 (en) | 2003-12-10 | 2005-06-30 | Aventail Corporation | End point control |
US7113779B1 (en) | 2004-01-08 | 2006-09-26 | Iwao Fujisaki | Carrier |
US7555772B2 (en) | 2004-01-26 | 2009-06-30 | Juniper Networks, Inc. | Wireless firewall with tear down messaging |
US9626655B2 (en) | 2004-02-19 | 2017-04-18 | Intellectual Ventures I Llc | Method, apparatus and system for regulating electronic mail |
EP1575238A1 (en) | 2004-03-08 | 2005-09-14 | Nokia Corporation | IP mobility in mobile telecommunications system |
US20050262357A1 (en) | 2004-03-11 | 2005-11-24 | Aep Networks | Network access using reverse proxy |
US7502925B2 (en) | 2004-04-19 | 2009-03-10 | Nvidia Corporation | Method and apparatus for reducing TCP frame transmit latency |
-
2004
- 2004-09-29 US US10/711,646 patent/US20050198379A1/en not_active Abandoned
- 2004-10-08 EP EP04794632A patent/EP1678917B1/en active Active
- 2004-10-08 CA CA2542139A patent/CA2542139C/en active Active
- 2004-10-08 AU AU2004306771A patent/AU2004306771A1/en not_active Abandoned
- 2004-10-08 KR KR1020067006932A patent/KR20060120035A/en not_active Application Discontinuation
- 2004-10-08 JP JP2006534409A patent/JP2007514337A/en active Pending
- 2004-10-08 WO PCT/US2004/033333 patent/WO2005036857A1/en active Application Filing
-
2005
- 2005-06-20 US US11/157,289 patent/US8090874B2/en not_active Expired - Fee Related
- 2005-06-20 US US11/158,156 patent/US7502726B2/en not_active Expired - Fee Related
- 2005-06-20 US US11/157,315 patent/US7340772B2/en not_active Expired - Lifetime
-
2011
- 2011-01-18 US US13/008,634 patent/US8874791B2/en not_active Expired - Lifetime
Patent Citations (99)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4438511A (en) * | 1980-11-10 | 1984-03-20 | Telebit Corporation | Packetized ensemble modem |
US4649510A (en) * | 1982-04-30 | 1987-03-10 | Schmidt Walter E | Methods and apparatus for the protection and control of computer programs |
US4768190A (en) * | 1986-04-30 | 1988-08-30 | Og Corporation | Packet switching network |
US4736369A (en) * | 1986-06-13 | 1988-04-05 | International Business Machines Corp. | Adaptive session-level pacing |
US4750171A (en) * | 1986-07-11 | 1988-06-07 | Tadiran Electronics Industries Ltd. | Data switching system and method |
US4941089A (en) * | 1986-12-12 | 1990-07-10 | Datapoint Corporation | Input/output network for computer system |
US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
US5021949A (en) * | 1988-02-29 | 1991-06-04 | International Business Machines Corporation | Method and apparatus for linking an SNA host to a remote SNA host over a packet switched communications network |
US4893307A (en) * | 1988-02-29 | 1990-01-09 | International Business Machines Corporation | Method and apparatus for linking SNA terminals to an SNA host over a packet switched communications network |
US4837800A (en) * | 1988-03-18 | 1989-06-06 | Motorola, Inc. | Cellular data telephone system and cellular data telephone therefor |
US5010549A (en) * | 1988-04-23 | 1991-04-23 | Kabushiki Kaisha Kenwood | Packet data generator |
US4924378A (en) * | 1988-06-13 | 1990-05-08 | Prime Computer, Inc. | License mangagement system and license storage key |
US4953159A (en) * | 1989-01-03 | 1990-08-28 | American Telephone And Telegraph Company | Audiographics conferencing arrangement |
US4912756A (en) * | 1989-04-07 | 1990-03-27 | Unilink Corporation | Method and apparatus for error-free digital data transmission during cellular telephone handoff, etc. |
US5220501A (en) * | 1989-12-08 | 1993-06-15 | Online Resources, Ltd. | Method and system for remote delivery of retail banking services |
US5181200A (en) * | 1990-10-29 | 1993-01-19 | International Business Machines Corporation | Handoff method and apparatus for mobile wireless workstation |
US5212806A (en) * | 1990-10-29 | 1993-05-18 | International Business Machines Corporation | Distributed control methods for management of migrating data stations in a wireless communications network |
US5276680A (en) * | 1991-04-11 | 1994-01-04 | Telesystems Slw Inc. | Wireless coupling of devices to wired network |
US5204897A (en) * | 1991-06-28 | 1993-04-20 | Digital Equipment Corporation | Management interface for license management system |
US5504814A (en) * | 1991-07-10 | 1996-04-02 | Hughes Aircraft Company | Efficient security kernel for the 80960 extended architecture |
US5224098A (en) * | 1991-07-17 | 1993-06-29 | International Business Machines Corporation | Compensation for mismatched transport protocols in a data communications network |
US5481721A (en) * | 1991-07-17 | 1996-01-02 | Next Computer, Inc. | Method for providing automatic and dynamic translation of object oriented programming language-based message passing into operation system message passing using proxy objects |
US5210753A (en) * | 1991-10-31 | 1993-05-11 | International Business Machines Corporation | Robust scheduling mechanm for efficient band-width usage in muliticell wireless local networks |
US5610595A (en) * | 1991-12-09 | 1997-03-11 | Intermec Corporation | Packet radio communication system protocol |
US5412717A (en) * | 1992-05-15 | 1995-05-02 | Fischer; Addison M. | Computer system security method and apparatus having program authorization information data structures |
US5307490A (en) * | 1992-08-28 | 1994-04-26 | Tandem Computers, Inc. | Method and system for implementing remote procedure calls in a distributed computer system |
US5325361A (en) * | 1992-12-01 | 1994-06-28 | Legent Corporation | System and method for multiplexing data transmissions |
US5426637A (en) * | 1992-12-14 | 1995-06-20 | International Business Machines Corporation | Methods and apparatus for interconnecting local area networks with wide area backbone networks |
US5509070A (en) * | 1992-12-15 | 1996-04-16 | Softlock Services Inc. | Method for encouraging purchase of executable and non-executable software |
US5410543A (en) * | 1993-01-04 | 1995-04-25 | Apple Computer, Inc. | Method for connecting a mobile computer to a computer network by using an address server |
US5499343A (en) * | 1993-12-17 | 1996-03-12 | Taligent, Inc. | Object-oriented networking system with dynamically configurable communication links |
US5515508A (en) * | 1993-12-17 | 1996-05-07 | Taligent, Inc. | Client server system and method of operation including a dynamically configurable protocol stack |
US5491800A (en) * | 1993-12-20 | 1996-02-13 | Taligent, Inc. | Object-oriented remote procedure call networking system |
US5638513A (en) * | 1993-12-22 | 1997-06-10 | Ananda; Mohan | Secure software rental system using continuous asynchronous password verification |
US5491750A (en) * | 1993-12-30 | 1996-02-13 | International Business Machines Corporation | Method and apparatus for three-party entity authentication and key distribution using message authentication codes |
US5412654A (en) * | 1994-01-10 | 1995-05-02 | International Business Machines Corporation | Highly dynamic destination-sequenced destination vector routing for mobile computers |
US5627821A (en) * | 1994-03-15 | 1997-05-06 | Hitachi, Ltd. | Defect notification method in a multipoint ATM network |
US5524238A (en) * | 1994-03-23 | 1996-06-04 | Breakout I/O Corporation | User specific intelligent interface which intercepts and either replaces or passes commands to a data identity and the field accessed |
US5737416A (en) * | 1994-04-25 | 1998-04-07 | International Business Machines Corporation | Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub |
US5638358A (en) * | 1994-04-27 | 1997-06-10 | Nec Corporation | Protection switching system having impedance matching circuits |
US5594490A (en) * | 1994-05-23 | 1997-01-14 | Cable Services Technologies, Inc. | System for distributing video/audio files from central location to a plurality of cable headends |
US5416842A (en) * | 1994-06-10 | 1995-05-16 | Sun Microsystems, Inc. | Method and apparatus for key-management scheme for use with internet protocols at site firewalls |
US5771459A (en) * | 1994-06-21 | 1998-06-23 | U.S. Philips Corporation | Communication system for use with stationary and second entities, via a wireless intermediate network with gateway devices, a gateway device for use with such system, and a mobile entity provided with such gateway device |
US5481535A (en) * | 1994-06-29 | 1996-01-02 | General Electric Company | Datagram message communication service employing a hybrid network |
US5604490A (en) * | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5490139A (en) * | 1994-09-28 | 1996-02-06 | International Business Machines Corporation | Mobility enabling access point architecture for wireless attachment to source routing networks |
US5652789A (en) * | 1994-09-30 | 1997-07-29 | Wildfire Communications, Inc. | Network based knowledgeable assistant |
US5602916A (en) * | 1994-10-05 | 1997-02-11 | Motorola, Inc. | Method and apparatus for preventing unauthorized monitoring of wireless data transmissions |
US5633868A (en) * | 1994-10-17 | 1997-05-27 | Lucent Technologies Inc. | Virtual circuit management in cellular telecommunications |
US5623601A (en) * | 1994-11-18 | 1997-04-22 | Milkway Networks Corporation | Apparatus and method for providing a secure gateway for communication and data exchanges between networks |
US5752185A (en) * | 1994-11-21 | 1998-05-12 | Lucent Technologies Inc. | Disconnection management system for wireless voice communications |
US5724346A (en) * | 1995-01-11 | 1998-03-03 | Fujitsu Limited | Means for maintaining connectable access points owing to movement of a mobile station between cells in a wireless LAN system |
US5627892A (en) * | 1995-04-19 | 1997-05-06 | General Instrument Corporation Of Delaware | Data security scheme for point-to-point communication sessions |
US5717737A (en) * | 1995-06-01 | 1998-02-10 | Padcom, Inc. | Apparatus and method for transparent wireless communication between a remote device and a host system |
US5592549A (en) * | 1995-06-15 | 1997-01-07 | Infosafe Systems, Inc. | Method and apparatus for retrieving selected information from a secure information source |
US5768525A (en) * | 1995-09-08 | 1998-06-16 | U.S. Robotics Corp. | Transparent support of protocol and data compression features for data communication |
US5623600A (en) * | 1995-09-26 | 1997-04-22 | Trend Micro, Incorporated | Virus detection and removal apparatus for computer networks |
US5758186A (en) * | 1995-10-06 | 1998-05-26 | Sun Microsystems, Inc. | Method and apparatus for generically handling diverse protocol method calls in a client/server computer system |
US5729734A (en) * | 1995-11-03 | 1998-03-17 | Apple Computer, Inc. | File privilege administration apparatus and methods |
US6169992B1 (en) * | 1995-11-07 | 2001-01-02 | Cadis Inc. | Search engine for remote access to database management systems |
US5732074A (en) * | 1996-01-16 | 1998-03-24 | Cellport Labs, Inc. | Mobile portable wireless communication system |
US5721818A (en) * | 1996-01-25 | 1998-02-24 | Apple Computer, Inc. | Method and system for enabling a file server to service multiple networks of the same network protocol family by invoking multiple instances of a network session protocol |
US5889816A (en) * | 1996-02-02 | 1999-03-30 | Lucent Technologies, Inc. | Wireless adapter architecture for mobile computing |
US5856974A (en) * | 1996-02-13 | 1999-01-05 | Novell, Inc. | Internetwork address mapping gateway |
US5754774A (en) * | 1996-02-15 | 1998-05-19 | International Business Machine Corp. | Client/server communication system |
US5784643A (en) * | 1996-03-28 | 1998-07-21 | International Business Machines Corporation | System incorporating program for intercepting and interpreting or altering commands for generating I/O activity for enabling real-time user feedback by sending substitute characters to modem |
US5742757A (en) * | 1996-05-30 | 1998-04-21 | Mitsubishi Semiconductor America, Inc. | Automatic software license manager |
US6058480A (en) * | 1996-06-03 | 2000-05-02 | Cranberry Properties, Llc | System for remote pass-phase authentication |
US5909431A (en) * | 1996-06-28 | 1999-06-01 | At&T Corp. | Packet mode multimedia conferencing services over an ISDN wide area network |
US5748897A (en) * | 1996-07-02 | 1998-05-05 | Sun Microsystems, Inc. | Apparatus and method for operating an aggregation of server computers using a dual-role proxy server computer |
US5923756A (en) * | 1997-02-12 | 1999-07-13 | Gte Laboratories Incorporated | Method for providing secure remote command execution over an insecure computer network |
US6681017B1 (en) * | 1997-09-03 | 2004-01-20 | Lucent Technologies Inc. | Simplified secure shared key establishment and data delivery protocols for electronic commerce |
US6725376B1 (en) * | 1997-11-13 | 2004-04-20 | Ncr Corporation | Method of using an electronic ticket and distributed server computer architecture for the same |
US6349337B1 (en) * | 1997-11-14 | 2002-02-19 | Microsoft Corporation | Maintaining a first session on a first computing device and subsequently connecting to the first session via different computing devices and adapting the first session to conform to the different computing devices system configurations |
US6065120A (en) * | 1997-12-09 | 2000-05-16 | Phone.Com, Inc. | Method and system for self-provisioning a rendezvous to ensure secure access to information in a database from multiple devices |
US6199113B1 (en) * | 1998-04-15 | 2001-03-06 | Sun Microsystems, Inc. | Apparatus and method for providing trusted network security |
US6085247A (en) * | 1998-06-08 | 2000-07-04 | Microsoft Corporation | Server operating system for supporting multiple client-server sessions and dynamic reconnection of users to previous sessions using different computers |
US6564320B1 (en) * | 1998-06-30 | 2003-05-13 | Verisign, Inc. | Local hosting of digital certificate services |
US6360265B1 (en) * | 1998-07-08 | 2002-03-19 | Lucent Technologies Inc. | Arrangement of delivering internet protocol datagrams for multimedia services to the same server |
US6714536B1 (en) * | 1998-07-21 | 2004-03-30 | Eric M. Dowling | Method and apparatus for cosocket telephony |
US6857071B1 (en) * | 1998-07-29 | 2005-02-15 | Nec Corporation | System and method for distributing digital works, apparatus and method for reproducing digital works, and computer program product |
US6094423A (en) * | 1998-08-03 | 2000-07-25 | Motorola, Inc. | Wireless protocol method and apparatus supporting transaction requests with variable length responses |
US6226618B1 (en) * | 1998-08-13 | 2001-05-01 | International Business Machines Corporation | Electronic content delivery system |
US20020078208A1 (en) * | 1998-10-07 | 2002-06-20 | Richard Crump | Efficient recovery of multiple connections in a communication network |
US6574239B1 (en) * | 1998-10-07 | 2003-06-03 | Eric Morgan Dowling | Virtual connection of a remote unit to a server |
US6757283B1 (en) * | 1999-01-25 | 2004-06-29 | Nippon Telegraph And Telephone Corporation | Push network |
US6421768B1 (en) * | 1999-05-04 | 2002-07-16 | First Data Corporation | Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment |
US20020029340A1 (en) * | 1999-05-28 | 2002-03-07 | Pensak David A. | Method of encrypting information for remote access while maintaining access control |
US6691232B1 (en) * | 1999-08-05 | 2004-02-10 | Sun Microsystems, Inc. | Security architecture with environment sensitive credential sufficiency evaluation |
US20050149481A1 (en) * | 1999-12-02 | 2005-07-07 | Lambertus Hesselink | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
US20050144186A1 (en) * | 1999-12-02 | 2005-06-30 | Lambertus Hesselink | Managed peer-to-peer applications, systems and methods for distributed data access and storage |
US20020012320A1 (en) * | 2000-03-16 | 2002-01-31 | Ogier Richard G. | Mobile ad hoc extensions for the internet |
US6845387B1 (en) * | 2000-04-07 | 2005-01-18 | Advanced Digital Information Corporation | Creating virtual private connections between end points across a SAN |
US7010300B1 (en) * | 2000-06-15 | 2006-03-07 | Sprint Spectrum L.P. | Method and system for intersystem wireless communications session hand-off |
US6874086B1 (en) * | 2000-08-10 | 2005-03-29 | Oridus, Inc. | Method and apparatus implemented in a firewall for communicating information between programs employing different protocols |
US6996631B1 (en) * | 2000-08-17 | 2006-02-07 | International Business Machines Corporation | System having a single IP address associated with communication protocol stacks in a cluster of processing systems |
US6697377B1 (en) * | 2000-10-21 | 2004-02-24 | Innomedia Pte Ltd. | Method for communicating audio data in a packet switched network |
US20030018913A1 (en) * | 2001-06-20 | 2003-01-23 | Brezak John E. | Methods and systems for controlling the scope of delegation of authentication credentials |
US6993652B2 (en) * | 2001-10-05 | 2006-01-31 | General Instrument Corporation | Method and system for providing client privacy when requesting content from a public server |
Cited By (155)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8898294B2 (en) | 2000-07-28 | 2014-11-25 | Axeda Corporation | Reporting the state of an apparatus to a remote computer |
US8055758B2 (en) | 2000-07-28 | 2011-11-08 | Axeda Corporation | Reporting the state of an apparatus to a remote computer |
US10069937B2 (en) | 2000-09-22 | 2018-09-04 | Ptc Inc. | Retrieving data from a server |
US7937370B2 (en) | 2000-09-22 | 2011-05-03 | Axeda Corporation | Retrieving data from a server |
US8108543B2 (en) | 2000-09-22 | 2012-01-31 | Axeda Corporation | Retrieving data from a server |
US8762497B2 (en) | 2000-09-22 | 2014-06-24 | Axeda Corporation | Retrieving data from a server |
US8468515B2 (en) | 2000-11-17 | 2013-06-18 | Hewlett-Packard Development Company, L.P. | Initialization and update of software and/or firmware in electronic devices |
US8479189B2 (en) | 2000-11-17 | 2013-07-02 | Hewlett-Packard Development Company, L.P. | Pattern detection preprocessor in an electronic device update generation system |
US20100318813A1 (en) * | 2001-12-05 | 2010-12-16 | Sandra Lynn Carrico | Network security device and method |
US20130125207A1 (en) * | 2001-12-05 | 2013-05-16 | At&T Corp. | Network security device and method |
US8769619B2 (en) * | 2001-12-05 | 2014-07-01 | At&T Intellectual Property Ii, L.P. | Network security device and method |
US8356189B2 (en) * | 2001-12-05 | 2013-01-15 | At&T Intellectual Property Ii, L.P. | Network security device and method |
US9674067B2 (en) | 2001-12-20 | 2017-06-06 | PTC, Inc. | Adaptive device-initiated polling |
US8406119B2 (en) | 2001-12-20 | 2013-03-26 | Axeda Acquisition Corporation | Adaptive device-initiated polling |
US9170902B2 (en) | 2001-12-20 | 2015-10-27 | Ptc Inc. | Adaptive device-initiated polling |
US7080404B2 (en) * | 2002-04-01 | 2006-07-18 | Microsoft Corporation | Automatic re-authentication |
US20030188195A1 (en) * | 2002-04-01 | 2003-10-02 | Abdo Nadim Y. | Automatic re-authentication |
US7475421B2 (en) | 2002-04-01 | 2009-01-06 | Microsoft Corporation | Automatic re-authentication |
US20060117106A1 (en) * | 2002-04-01 | 2006-06-01 | Microsoft Corporation | Automatic Re-Authentication |
US7383571B2 (en) | 2002-04-01 | 2008-06-03 | Microsoft Corporation | Automatic re-authentication |
US20060101505A1 (en) * | 2002-04-01 | 2006-05-11 | Microsoft Corporation | Automatic Re-Authentication |
US9591065B2 (en) | 2002-04-17 | 2017-03-07 | Ptc Inc. | Scripting of SOAP commands |
US8752074B2 (en) | 2002-04-17 | 2014-06-10 | Axeda Corporation | Scripting of soap commands |
US8060886B2 (en) | 2002-04-17 | 2011-11-15 | Axeda Corporation | XML scripting of SOAP commands |
US10708346B2 (en) | 2002-04-17 | 2020-07-07 | Ptc Inc. | Scripting of soap commands |
US7246178B2 (en) * | 2002-05-07 | 2007-07-17 | Nortel Networks Limited | Methods and systems for changing a topology of a network |
US20030212776A1 (en) * | 2002-05-07 | 2003-11-13 | Roberts David Gary | Methods and systems for changing a topology of a network |
US9002980B2 (en) | 2003-02-21 | 2015-04-07 | Axeda Corporation | Establishing a virtual tunnel between two computer programs |
US10069939B2 (en) | 2003-02-21 | 2018-09-04 | Ptc Inc. | Establishing a virtual tunnel between two computers |
US7966418B2 (en) | 2003-02-21 | 2011-06-21 | Axeda Corporation | Establishing a virtual tunnel between two computer programs |
US8291039B2 (en) | 2003-02-21 | 2012-10-16 | Axeda Corporation | Establishing a virtual tunnel between two computer programs |
US20150113603A1 (en) * | 2003-03-21 | 2015-04-23 | David M. T. Ting | System and method for data and request filtering |
US10505930B2 (en) * | 2003-03-21 | 2019-12-10 | Imprivata, Inc. | System and method for data and request filtering |
US8555273B1 (en) | 2003-09-17 | 2013-10-08 | Palm. Inc. | Network for updating electronic devices |
US8578361B2 (en) | 2004-04-21 | 2013-11-05 | Palm, Inc. | Updating an electronic device with update agent code |
US8023985B1 (en) * | 2004-06-07 | 2011-09-20 | Nortel Networks Limited | Transitioning a state of a connection in response to an indication that a wireless link to a wireless device has been lost |
US8526940B1 (en) | 2004-08-17 | 2013-09-03 | Palm, Inc. | Centralized rules repository for smart phone customer care |
US20060067244A1 (en) * | 2004-09-30 | 2006-03-30 | Microsoft Corporation | Registration identifier reuse |
US8726023B2 (en) * | 2005-02-03 | 2014-05-13 | Nokia Corporation | Authentication using GAA functionality for unidirectional network connections |
US20060174117A1 (en) * | 2005-02-03 | 2006-08-03 | Nokia Corporation | Authentication using GAA functionality for unidirectional network connections |
US7275176B2 (en) * | 2005-03-16 | 2007-09-25 | Guidance Software, Inc. | Automatic reconnect and reacquisition in a computer investigation system |
US7168000B2 (en) * | 2005-03-16 | 2007-01-23 | Guidance Software, Inc. | Automatic reconnect and reacquisition in a computer investigation system |
WO2006099575A3 (en) * | 2005-03-16 | 2007-03-08 | Guidance Software Inc | Automatic reconnect and reacquisition in a computer investigation system |
US20060259626A1 (en) * | 2005-03-16 | 2006-11-16 | Stone-Kaplan Kimberly A | Automatic reconnect and reacquisition in a computer investigation system |
US20070043967A1 (en) * | 2005-03-16 | 2007-02-22 | Stone-Kaplan Kimberly A | Automatic reconnect and reacquisition in a computer investigation system |
US7594020B2 (en) * | 2005-05-31 | 2009-09-22 | Microsoft Corporation | Re-establishing a connection for an application layer via a service layer |
US20060271681A1 (en) * | 2005-05-31 | 2006-11-30 | Microsoft Corporation | Re-establishing a connection for an application layer via a service layer |
US7986947B2 (en) * | 2005-06-28 | 2011-07-26 | Hewlett-Packard Development Company, L.P. | Device management network with support for roaming |
US20070021113A1 (en) * | 2005-06-28 | 2007-01-25 | Bitfone Corp. | Device management network with support for roaming |
EP1934780B1 (en) * | 2005-09-12 | 2017-11-08 | Microsoft Technology Licensing, LLC | Creating secure interactive connections with remote resources |
US20070146766A1 (en) * | 2005-12-28 | 2007-06-28 | Konica Minolta Business Technologies, Inc. | Image processor, an image processing system, and a method of executing jobs |
US8493582B2 (en) * | 2005-12-28 | 2013-07-23 | Konica Minolta Business Technologies, Inc. | Image processor, an image processing system, and a method of executing jobs |
WO2007089179A1 (en) * | 2006-02-03 | 2007-08-09 | Mideye Ab | A system, an arrangement and a method for end user authentication |
KR101300414B1 (en) | 2006-02-03 | 2013-08-26 | 미드아이 에이비 | A system, an arrangement and a method for end user authentication |
AU2006337227B2 (en) * | 2006-02-03 | 2010-09-09 | Mideye Ab | A system, an arrangement and a method for end user authentication |
US8893110B2 (en) | 2006-06-08 | 2014-11-18 | Qualcomm Incorporated | Device management in a network |
EP1868353A1 (en) * | 2006-06-15 | 2007-12-19 | NEC Corporation | Thin client system using session managing server and session managing method |
US8752044B2 (en) | 2006-07-27 | 2014-06-10 | Qualcomm Incorporated | User experience and dependency management in a mobile device |
US9081638B2 (en) | 2006-07-27 | 2015-07-14 | Qualcomm Incorporated | User experience and dependency management in a mobile device |
US8769095B2 (en) | 2006-10-03 | 2014-07-01 | Axeda Acquisition Corp. | System and method for dynamically grouping devices based on present device conditions |
US9491071B2 (en) | 2006-10-03 | 2016-11-08 | Ptc Inc. | System and method for dynamically grouping devices based on present device conditions |
US10212055B2 (en) | 2006-10-03 | 2019-02-19 | Ptc Inc. | System and method for dynamically grouping devices based on present device conditions |
US8370479B2 (en) | 2006-10-03 | 2013-02-05 | Axeda Acquisition Corporation | System and method for dynamically grouping devices based on present device conditions |
US20080091970A1 (en) * | 2006-10-12 | 2008-04-17 | Takehiro Hanai | Information processing system and method |
US7716522B2 (en) * | 2006-10-12 | 2010-05-11 | Hitachi, Ltd. | Information processing system and method for executing process during communication error |
US9491049B2 (en) | 2006-12-26 | 2016-11-08 | Ptc Inc. | Managing configurations of distributed devices |
US8788632B2 (en) | 2006-12-26 | 2014-07-22 | Axeda Acquisition Corp. | Managing configurations of distributed devices |
US9712385B2 (en) | 2006-12-26 | 2017-07-18 | PTC, Inc. | Managing configurations of distributed devices |
US8065397B2 (en) | 2006-12-26 | 2011-11-22 | Axeda Acquisition Corporation | Managing configurations of distributed devices |
US8902449B1 (en) * | 2007-01-03 | 2014-12-02 | Crimson Corporation | Systems and methods for determining when results from a criteria scan are deleted from a computing device |
US20080263653A1 (en) * | 2007-04-17 | 2008-10-23 | International Business Machines Corporation | Apparatus, system, and method for establishing a reusable and reconfigurable model for fast and persistent connections in database drivers |
US7770214B2 (en) | 2007-04-17 | 2010-08-03 | International Business Machines Corporation | Apparatus, system, and method for establishing a reusable and reconfigurable model for fast and persistent connections in database drivers |
US20090328172A1 (en) * | 2007-09-18 | 2009-12-31 | Microsoft Corporation | Sessionless redirection in terminal services |
US8291481B2 (en) | 2007-09-18 | 2012-10-16 | Microsoft Corporation | Sessionless redirection in terminal services |
US10721282B2 (en) | 2008-04-15 | 2020-07-21 | Vmware, Inc. | Media acceleration for virtual computing services |
US20160337420A1 (en) * | 2008-04-15 | 2016-11-17 | Vmware, Inc. | Media Acceleration for Virtual Computing Services |
US9973557B2 (en) * | 2008-04-15 | 2018-05-15 | Vmware, Inc. | Media acceleration for virtual computing services |
US20100040066A1 (en) * | 2008-08-13 | 2010-02-18 | Lucent Technologies Inc. | Network address lookup based on bloom filters |
US8018940B2 (en) | 2008-08-13 | 2011-09-13 | Alcatel Lucent | Network address lookup based on bloom filters |
US7694130B1 (en) * | 2008-09-12 | 2010-04-06 | Michael Anthony Martinez | System and method to authenticate a user utilizing a time-varying auxiliary code |
US20100070757A1 (en) * | 2008-09-12 | 2010-03-18 | Michael Anthony Martinez | System and method to authenticate a user utilizing a time-varying auxiliary code |
US9588803B2 (en) | 2009-05-11 | 2017-03-07 | Microsoft Technology Licensing, Llc | Executing native-code applications in a browser |
US10824716B2 (en) | 2009-05-11 | 2020-11-03 | Microsoft Technology Licensing, Llc | Executing native-code applications in a browser |
US20110016516A1 (en) * | 2009-07-15 | 2011-01-20 | Alibaba Group Holding Limited | Management of an instant message session |
EP2454679A1 (en) * | 2009-07-15 | 2012-05-23 | Alibaba Group Holding Limited | Management of an instant message session |
WO2011008284A1 (en) | 2009-07-15 | 2011-01-20 | Alibaba Group Holding Limited | Management of an instant message session |
US8826402B2 (en) * | 2009-07-15 | 2014-09-02 | Alibaba Group Holding Limited | Management of an instant message session |
EP2454679A4 (en) * | 2009-07-15 | 2013-01-16 | Alibaba Group Holding Ltd | Management of an instant message session |
US20110047219A1 (en) * | 2009-08-18 | 2011-02-24 | Microsoft Corporation | Maintaining communication connections during temporary network disruptions |
US9438448B2 (en) | 2009-08-18 | 2016-09-06 | Microsoft Technology Licensing, Llc | Maintaining communication connections during temporary network disruptions |
US9054913B1 (en) | 2009-11-30 | 2015-06-09 | Dell Software Inc. | Network protocol proxy |
US8966112B1 (en) | 2009-11-30 | 2015-02-24 | Dell Software Inc. | Network protocol proxy |
US8612611B2 (en) | 2010-02-03 | 2013-12-17 | Nec Corporation | Proxy apparatus and operation method thereof |
TWI502375B (en) * | 2010-03-09 | 2015-10-01 | Alibaba Group Holding Ltd | Instant messaging method, system and device |
US9323921B2 (en) | 2010-07-13 | 2016-04-26 | Microsoft Technology Licensing, Llc | Ultra-low cost sandboxing for application appliances |
US9276979B2 (en) | 2010-09-01 | 2016-03-01 | Vuclip (Singapore) Pte. Ltd. | System and methods for resilient media streaming |
US9003191B2 (en) | 2010-09-30 | 2015-04-07 | Microsoft Technology Licensing, Llc | Token-based authentication using middle tier |
US20120084561A1 (en) * | 2010-09-30 | 2012-04-05 | Microsoft Corporation | Token-based authentication using middle tier |
US8819424B2 (en) * | 2010-09-30 | 2014-08-26 | Microsoft Corporation | Token-based authentication using middle tier |
CN102739635A (en) * | 2011-03-21 | 2012-10-17 | 微软公司 | Automatic rejoining of conferences |
US20120271956A1 (en) * | 2011-04-19 | 2012-10-25 | Fujitsu Limited | Transmission apparatus, transmission control method, and transmission control program |
US9495183B2 (en) | 2011-05-16 | 2016-11-15 | Microsoft Technology Licensing, Llc | Instruction set emulation for guest operating systems |
US10289435B2 (en) | 2011-05-16 | 2019-05-14 | Microsoft Technology Licensing, Llc | Instruction set emulation for guest operating systems |
US20130054734A1 (en) * | 2011-08-23 | 2013-02-28 | Microsoft Corporation | Migration of cloud applications between a local computing device and cloud |
US9425965B2 (en) | 2011-12-12 | 2016-08-23 | Microsoft Technology Licensing, Llc | Cryptographic certification of secure hosted execution environments |
US9413538B2 (en) | 2011-12-12 | 2016-08-09 | Microsoft Technology Licensing, Llc | Cryptographic certification of secure hosted execution environments |
US9389933B2 (en) | 2011-12-12 | 2016-07-12 | Microsoft Technology Licensing, Llc | Facilitating system service request interactions for hardware-protected applications |
US10698739B2 (en) | 2012-03-07 | 2020-06-30 | Vmware, Inc. | Multitenant access to multiple desktops on host machine partitions in a service provider network |
US10148438B2 (en) * | 2012-04-03 | 2018-12-04 | Rally Health, Inc. | Methods and apparatus for protecting sensitive data in distributed applications |
US20130262867A1 (en) * | 2012-04-03 | 2013-10-03 | Audax Health Solutions, Inc. | Methods and apparatus for protecting sensitive data in distributed applications |
US9762656B2 (en) * | 2012-12-11 | 2017-09-12 | Tencent Technology (Shenzhen) Company Limited | Method and communication system for unlocking user data |
US20140235355A1 (en) * | 2012-12-11 | 2014-08-21 | Tencent Technology (Shenzhen) Company Limited | Method and communication system for unlocking user data |
US10356163B2 (en) | 2012-12-11 | 2019-07-16 | Tencent Technology (Shenzhen) Company Limited | Method and communication system for unlocking user data |
US9398111B1 (en) | 2013-08-30 | 2016-07-19 | hopTo Inc. | File caching upon disconnection |
US20150082390A1 (en) * | 2013-09-08 | 2015-03-19 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
US20180082050A1 (en) * | 2013-09-08 | 2018-03-22 | Yona Flink | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device |
US9900366B2 (en) | 2013-09-17 | 2018-02-20 | Amazon Technologies, Inc. | Email webclient notification queuing |
US10484449B2 (en) | 2013-09-17 | 2019-11-19 | Amazon Technologies, Inc. | Email webclient notification queuing |
US9961027B2 (en) | 2013-09-17 | 2018-05-01 | Amazon Technolgies, Inc. | Email webclient automatic failover |
US9118650B1 (en) * | 2013-09-23 | 2015-08-25 | Amazon Technologies, Inc. | Persistent connections for email web applications |
US9749278B1 (en) | 2013-09-23 | 2017-08-29 | Amazon Technologies, Inc. | Persistent connections for email web applications |
US10218659B1 (en) | 2013-09-23 | 2019-02-26 | Amazon Technologies, Inc. | Persistent connections for email web applications |
US20150149536A1 (en) * | 2013-11-27 | 2015-05-28 | Sharp Kabushiki Kaisha | Network system, constant connection method, communication method, electronic device, constant connection server, application server, and program |
US9331999B2 (en) * | 2014-01-15 | 2016-05-03 | Ricoh Company, Ltd. | Information processing system and authentication method |
US20150200926A1 (en) * | 2014-01-15 | 2015-07-16 | Ricoh Company, Ltd. | Information processing system and authentication method |
CN106416172A (en) * | 2014-03-24 | 2017-02-15 | 诺基亚技术有限公司 | Content management |
US10341312B2 (en) * | 2014-03-24 | 2019-07-02 | Nokia Technologies Oy | Content management |
US20170207921A1 (en) * | 2014-07-18 | 2017-07-20 | Nokia Technologies Oy | Access to a node |
US10630479B2 (en) * | 2015-01-08 | 2020-04-21 | Nettention Co., Ltd. | Network communication method having function of recovering terminal session |
US20170359178A1 (en) * | 2015-01-08 | 2017-12-14 | Nettention Co., Ltd. | Network communication method having function of recovering terminal session |
CN107113178A (en) * | 2015-01-08 | 2017-08-29 | 耐腾信股份公司 | Recover the network communication method of function with terminal session |
US10044726B2 (en) * | 2015-05-07 | 2018-08-07 | Cyberark Software Ltd. | Systems and methods for detecting and reacting to malicious activity in computer networks |
US20160330220A1 (en) * | 2015-05-07 | 2016-11-10 | Cyber-Ark Software Ltd. | Systems and Methods for Detecting and Reacting to Malicious Activity in Computer Networks |
US11722465B2 (en) * | 2015-05-10 | 2023-08-08 | Citrix Systems, Inc. | Password encryption for hybrid cloud services |
US10432592B2 (en) * | 2015-05-10 | 2019-10-01 | Citrix Systems, Inc. | Password encryption for hybrid cloud services |
US20160352708A1 (en) * | 2015-05-29 | 2016-12-01 | Nagravision S.A. | Systems and methods for conducting secure voip multi-party calls |
US9900769B2 (en) | 2015-05-29 | 2018-02-20 | Nagravision S.A. | Methods and systems for establishing an encrypted-audio session |
US10251055B2 (en) | 2015-05-29 | 2019-04-02 | Nagravision S.A. | Methods and systems for establishing an encrypted-audio session |
US10715557B2 (en) | 2015-05-29 | 2020-07-14 | Nagravision S.A. | Systems and methods for conducting secure VOIP multi-party calls |
US10122767B2 (en) * | 2015-05-29 | 2018-11-06 | Nagravision S.A. | Systems and methods for conducting secure VOIP multi-party calls |
US11606398B2 (en) | 2015-05-29 | 2023-03-14 | Nagravision S.A. | Systems and methods for conducting secure VOIP multi-party calls |
US10649717B2 (en) | 2015-06-01 | 2020-05-12 | Nagravision S.A. | Methods and systems for conveying encrypted data to a communication device |
US9891882B2 (en) | 2015-06-01 | 2018-02-13 | Nagravision S.A. | Methods and systems for conveying encrypted data to a communication device |
US10356059B2 (en) | 2015-06-04 | 2019-07-16 | Nagravision S.A. | Methods and systems for communication-session arrangement on behalf of cryptographic endpoints |
US10582022B2 (en) * | 2016-05-20 | 2020-03-03 | Citrix Systems, Inc. | Adaptive session reliability over multiple transports |
US20170339258A1 (en) * | 2016-05-20 | 2017-11-23 | Citrix Systems, Inc. | Adaptive Session Reliability over Multiple Transports |
US11233882B2 (en) * | 2016-05-20 | 2022-01-25 | Citrix Systems, Inc. | Adaptive session reliability over multiple transports |
US20220131957A1 (en) * | 2016-05-20 | 2022-04-28 | Citrix Systems, Inc. | Adaptive session reliability over multiple transports |
US11671518B2 (en) * | 2016-05-20 | 2023-06-06 | Citrix Systems, Inc. | Adaptive session reliability over multiple transports |
US10447672B2 (en) * | 2016-11-01 | 2019-10-15 | Salesforce.Com, Inc. | Facilitating encrypted persistent storage in browsers |
US11038863B2 (en) | 2016-11-01 | 2021-06-15 | Salesforce.Com, Inc. | Facilitating encrypted persistent storage in browsers |
US20180247029A1 (en) * | 2017-02-28 | 2018-08-30 | 19Labs Inc. | System and method for a telemedicine device to securely relay personal data to a remote terminal |
US11348685B2 (en) * | 2017-02-28 | 2022-05-31 | 19Labs, Inc. | System and method for a telemedicine device to securely relay personal data to a remote terminal |
US11082217B1 (en) * | 2019-01-31 | 2021-08-03 | Amazon Technologies, Inc. | Session resumption |
US11449328B2 (en) * | 2019-08-30 | 2022-09-20 | Fujitsu Limited | Communication control device, communication control method, and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CA2542139C (en) | 2014-11-25 |
US8090874B2 (en) | 2012-01-03 |
EP1678917B1 (en) | 2008-08-27 |
WO2005036857A1 (en) | 2005-04-21 |
EP1678917A1 (en) | 2006-07-12 |
AU2004306771A1 (en) | 2005-04-21 |
US20050246445A1 (en) | 2005-11-03 |
CA2542139A1 (en) | 2005-04-21 |
US7502726B2 (en) | 2009-03-10 |
US7340772B2 (en) | 2008-03-04 |
US20050267974A1 (en) | 2005-12-01 |
JP2007514337A (en) | 2007-05-31 |
KR20060120035A (en) | 2006-11-24 |
US8874791B2 (en) | 2014-10-28 |
US20110113247A1 (en) | 2011-05-12 |
US20050273513A1 (en) | 2005-12-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8874791B2 (en) | Automatically reconnecting a client across reliable and persistent communication sessions | |
EP1678918B1 (en) | A persistent and reliable session securely traversing network components using an encapsulating protocol | |
EP1678885B1 (en) | Encapsulating protocol for session persistence and reliability | |
US7100200B2 (en) | Method and apparatus for transmitting authentication credentials of a user across communication sessions | |
AU2002315013A1 (en) | Authentication of a user across communication sessions |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CITRIX SYSTEMS, INC., FLORIDA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:PANASYUK, ANATOLIY;KRAMER, ANDRE;PEDERSEN, BRADLEY JAY;AND OTHERS;REEL/FRAME:016640/0741;SIGNING DATES FROM 20041203 TO 20050311 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |