| 发明名称 | Server initiated secure network connection | ||
| 摘要 | In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices. | ||
| 申请公布号 | US8769129(B2) | 申请公布日期 | 2014.07.01 |
| 申请号 | US200711939839 | 申请日期 | 2007.11.14 |
| 申请人 | Juniper Networks, Inc. | 发明人 | Watsen Kent A.;Gerraty Simon J.;Fraley Paul;Shafer Philip A.;Tom Darren |
| 分类号 | G06F15/16 | 主分类号 | G06F15/16 |
| 代理机构 | Shumaker & Sieffert, P.A. | 代理人 | Shumaker & Sieffert, P.A. |
| 主权项 | 1. A method comprising: receiving, with a management device, an initial transmission control protocol (TCP) synchronize (SYN) packet output by a managed device as a TCP client to request that a TCP session be initiated between the management device and the managed device; outputting a TCP synchronize-acknowledged (SYN-ACK) packet from the management device to accept the TCP session as a TCP server; after establishing the TCP session, receiving with the management device a role reversal message output by the managed device specifying an identity of the managed device; authenticating, with the management device, the managed device based on the identity of the managed device specified in the role reversal message; and based on the authentication of the managed device, initiating, with the management device, a single secure shell (SSH) connection over the TCP session in accordance with a secure shell (SSH) protocol such that the management device acts as a client for the SSH protocol and the managed device acts as the server for the SSH protocol without initiating any other SSH connections over the TCP session prior to initiating the single SSH connection over the TCP session. | ||
| 地址 | Sunnyvale CA US | ||