32 results about "HTTP tunnel" patented technology

Methods, apparatuses and systems allowing for bandwidth management schemes responsive to utilization characteristics associated with individual users. In one embodiment, the present invention allows network administrators to penalize users who carry out specific questionable or suspicious activities, such as the use of proxy tunnels to disguise the true nature of the data flows in order to evade classification and control by bandwidth management devices. In one embodiment, each individual user may be accorded an initial suspicion score. Each time the user is associated with a questionable or suspicious activity (for example, detecting the set up of a connection to an outside HTTP tunnel, or peer-to-peer application flow), his or her suspicion score is downgraded. Data flows corresponding to users with sufficiently low suspicion scores, in one embodiment, can be treated in a different manner from data flows associated with other users. For example, different or more rigorous classification rules and policies can be applied to the data flows associated with suspicious users.

A method, system and computer program product detect attempts to send significant amounts of information out via HTTP tunnels to rogue Web servers from within an otherwise firewalled network. A related goal is to help detect spyware programs. Filters, based on the analysis of HTTP traffic over a training period, help detect anomalies in outbound HTTP traffic using metrics such as request regularity, bandwidth usage, inter-request delay time, and transaction size.

Systems, methods, and media for a schema-based portal for assessment and integration of silicon IPs are disclosed. Embodiments may generally include an IP portal system having a portal interface to receive inputs from users and to provide output to users and a database interface to transmit and receive information to and from a silicon IP database and an IP file system. Embodiments of the system may also include a secure access layer (HTTP tunnel, firewall, or proprietary secure access protocol) to securely communicate information and an internal interface protocol and an external interface protocol and the secure access layer. The internal interface protocol may authorize and encrypt communications to an internal user or design system and the external interface protocol may authorize and encrypt communications to an external user or design system. The portal interface may be a Web-based interface and schema-based in some embodiments.

There is provided an information processing unit including an application execution section to execute an application to request establishment of an HTTP tunneling connection with a connection target unit, a connection establishment section to set a maximum content length settable with the connection target unit, establish an HTTP tunneling connection with the specified content length with the connection target unit via a connected proxy server and update the HTTP tunneling connection with the specified content length a plurality of times upon closure of the established connection, and a connection management section to manage connection status of each of a plurality of HTTP tunneling connections and make the application execution section recognize the plurality of HTTP tunneling connections as one virtual HTTP tunneling connection.

The invention belongs to the technical field of computer networks, and provides a method for detecting HTTP tunnel data based on a conversation and the HTTP protocol standard. A system captures a data packet of an HTTP port and establishes a conversation linked list according to the IP address and the port. When the data packet arrives at a detection system, firstly, the system examines and maintains the conversation linked list, a record is added if not record exists, and the record is deleted from the conversation linked list if the RST data packet or the FIN data packet exists; secondly, the system examines the content of the data packet and judges whether the conversation connection meets the standard HTTP protocol, such as a client-side command GET, a client-side command POST, a server-side response HTTP / 1.0 and a server-side response HTTP / 1.1, or not, if the conversation connection meets the standard HTTP protocol, the conversation is marked as HTTP protocol data, and if the conversation connection does not meet the standard HTTP protocol, the conversation is marked as HTTP tunnel data. By means of the method, the HTTP tunnel data can be recognized, differential service can be conducted on the HTTP tunnel data, or data which are not the HTTP protocol data can be prevented from penetrating through the HTTP port.

Disclosed is a system for accessing data of a cloud database via transparent technology, and the system includes at least one channel server and at least one cloud database end. When a connection notice is outputted from an application end, the user channel unit detects a first server address and a first database address in a HTTP data format, and connects to a corresponding channel server via the HTTP tunnel to send a database request, so that the channel server can convert the first database address in the HTTP data format into a TCP / IP data format and then connect to a corresponding database end. Therefore, the application end can access data from the database behind the firewall via the Internet without modifying any program code.

An HTTP tunneling service is described for creating a tunneled path between a client and a server (e.g., over a firewall or other data / protocol filtering device). According to one embodiment of the invention the client sends the server an initial request to open a preliminary socket connection which includes a secure client ID previously assigned to the client. The server opens the preliminary socket connection, generates a random client ID and transmits the random client ID to the client. The preliminary socket connection is then closed. The client then sends a second request to open a second socket connection using both the unique ID and the secure client ID for authentication purposes.

A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

A method, system and apparatus for tunneling non-hypertext transfer protocol (HTTP) data streams through a reverse proxy. The method can include soliciting a connection with a reverse proxy protecting a back-end server computing device. A connection can be established with the back-end server computing device via the reverse proxy through the solicitation. Responsive to establishing the connection, the connection can be maintained in order to exchange non-HTTP data over the secured connection. Significantly, and unlike prior art HTTP tunneling implementations, in the present invention, the non-HTTP data can be exchanged over the connection without encapsulating the non-HTTP data within HTTP messages.

The invention discloses a cloud management method for a gas station system, and the method comprises the steps: building a private cloud platform, deploying a background management server (BOS) virtual machine and an oil product server (FUEL) virtual machine in the cloud platform, building an HTTP tunnel between a gas station and the cloud platform, and achieving the data transmission. According to the method disclosed by the invention, mutual communication and data transmission between station-level equipment are realized on the premise of ensuring that the existing IP address is not changedand the existing application software architecture, program and network architecture are not changed; meanwhile, after the gas station system is managed through the method, operation and maintenance personnel can be reduced, the management cost is reduced, BOS and FUEL are managed in a centralized mode at the cloud end, the station-level maintenance difficulty is reduced, meanwhile, no BOS or FUELexists at the station level, and station-level machine room management is reduced.

A communication system includes a cloud server, a management server, a gateway-enabled device, and a printing apparatus, and these are connected to each other. The gateway-enabled device includes a mode switch that wakes up the device from power saving mode when a HTTP tunneling request is received from the cloud server via a second requesting portion of the management server, a tunneling portion that accesses the cloud server by HTTP tunneling if the request is received via a first requesting portion of the management server during normal operation mode or that does the same after back to normal operation mode if the request is received via the second requesting portion by a method allowing waking up from power saving mode, a receiver that receives a print job from the cloud server having being accessed by HTTP tunneling, and a transfer portion that transfers the print job to the printing apparatus.

The invention discloses a HTTP (Hyper Text Transport Protocol) tunnel detection method based on decision tree classification algorithm, used for solving the technical problem of poor stability of a conventional tunnel detection method based on the transport layer packet statistic characteristic analysis. In the technical scheme of the invention, an HTTP data stream and a tunnel data stream are used to train a decision tree classification model, with lower requirement on quantity of training sets than a statistic fingerprint method; secondly, compared with the statistic fingerprint method in which only two flow characteristics can be utilized, the decision tree classification method can use more characteristics to train the model, therefore, obtained classification rules are more precise and stable; the process to train the model is relatively simple, does not involve image fingerprint consumes less internal storage; finally, the judgment of the decision tree classification method is made according to attributes on a plurality of branch nodes without depending on one specific critical value, which achieving better stability.

The present application discloses an SDP terminal traffic proxy method, device, equipment and storage medium. The method includes: sending a knock request to the SDP controller through the SDP terminal agent, and receiving the knock result obtained after the SDP controller accesses the target gateway according to the knock request, and then configuring the terminal according to the knock result Routing table: Obtain the user's application access request for the target application through the physical network card, and send the application access request to the HTTP tunnel client according to the routing table, so as to modify the corresponding application access request through the HTTP tunnel client data packet, so that the modified data packet contains the device identification information corresponding to the local terminal; the modified data packet is sent to the HTTP tunnel server end of the target gateway through the HTTP tunnel client, so that the target gateway Perform permission control on the user according to the device identification information in the modified data packet. It can realize the authentication and control of the four-layer traffic.

The invention discloses a data transmission method among client terminals in a restricted network and the client terminals in order to achieve data transmission among different client terminals in the restricted network in which only HTTP transmission is permitted. The data transmission method among the client terminals in the restricted network includes the steps that first connection between a first client terminal and an HTTP tunnel server is established; an acquiring request packet is sent to the HTTP tunnel server through the first connection, and a session key is further acquired; second connection between the first client terminal and the HTTP tunnel server is established; a mailing request packet is sent to the HTTP tunnel server through the second connection, and a session key is carried in a packet header; TCP data from an opposite end client terminal are received through the HTTP tunnel server and a TCP transit server by the aid of the first connection, and TCP data are sent to the opposite end client terminal through the HTTP tunnel server and the TCP transit server by the aid of the second connection.