Tunneling apparatus and method for client-server communication

摘要

An HTTP tunneling service is described for creating a tunneled path between a client and a server (e.g., over a firewall or other data/protocol filtering device). According to one embodiment of the invention the client sends the server an initial request to open a preliminary socket connection which includes a secure client ID previously assigned to the client. The server opens the preliminary socket connection, generates a random client ID and transmits the random client ID to the client. The preliminary socket connection is then closed. The client then sends a second request to open a second socket connection using both the unique ID and the secure client ID for authentication purposes.

主权项

1. A method comprising:
receiving over a first socket connection from a client a first request formatted according to a first protocol to open a new socket connection to tunnel communication according to a second protocol, the first request also including a secure client ID associated with the client, the secure client ID comprising an identifier identifying the client and assigned to the client prior to receiving the first request; dynamically generating a unique client ID in response to the first request; sending a response including the unique client ID to the client through the first socket connection; closing the first socket connection in response to the response being sent to the client; opening a second socket connection between the client and the server node; receiving, over the second socket connection from the client, the secure client ID and the unique client ID; receiving a second request from the client, the second request indicating that a second socket connection is to be left open; combining the secure client ID and the unique client ID to form a single secure ID code; identifying the client based on the single secure ID code; leaving the second socket connection open responsive to the second request to allow unsolicited communication to the client over the second socket connection; encapsulating one or more unsolicited items anew information within the second protocol; and transmitting the encapsulated one or more unsolicited items of new information to the client over the second socket connection via the first protocol.