Apparatus and method for using certificate data to route data
First Claim
1. A method of routing data across a network, the method comprising:
- receiving, at an edge router, a session request from a client node to access, during a session, a server node in a local network, the local network comprising a plurality of nodes other than the client node, the edge router being coupled between the client node and the local network;
receiving, by the edge router, a client certificate from the client node, the client certificate having client information comprising a public key of the client node and specifying the server node;
receiving, by the edge router, from the client node, a signature encrypted according to a private key of the client node;
executing an authentication process using the client certificate, wherein the authentication process includes using the public key to verify the signature;
retrieving the client information from the client certificate;
maintaining a static connection between the edge router and the server node; and
receiving, by the edge router, data packets from the client node and, when the authentication process authenticates the client node, routing, by the edge router, the data packets to the server node specified by the client information in the client certificate, such that all data packets of the session received by the server node flow through the edge router, wherein routing the data packets to the server node comprises routing the data packets along the static connection.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of routing data across a network receives a session request from a client node to access at least one node in a local network having a plurality of nodes. The method also receives a client certificate (e.g., a digital certificate at least partially specified by known standards, such as the “X509 Standard”) from the client node. The client certificate has client information specifying at least one node to receive packets from the client node. Next, the method uses the client certificate to execute an authentication process. If the authentication process authenticates the client node, then the method routes data packets from the client node to at least one node in the local network as specified by the client information in the client certificate.
91 Citations
47 Claims
-
1. A method of routing data across a network, the method comprising:
-
receiving, at an edge router, a session request from a client node to access, during a session, a server node in a local network, the local network comprising a plurality of nodes other than the client node, the edge router being coupled between the client node and the local network; receiving, by the edge router, a client certificate from the client node, the client certificate having client information comprising a public key of the client node and specifying the server node; receiving, by the edge router, from the client node, a signature encrypted according to a private key of the client node; executing an authentication process using the client certificate, wherein the authentication process includes using the public key to verify the signature; retrieving the client information from the client certificate; maintaining a static connection between the edge router and the server node; and receiving, by the edge router, data packets from the client node and, when the authentication process authenticates the client node, routing, by the edge router, the data packets to the server node specified by the client information in the client certificate, such that all data packets of the session received by the server node flow through the edge router, wherein routing the data packets to the server node comprises routing the data packets along the static connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A network routing device for routing data received across a network, the network device comprising:
-
an interface for receiving;
a) a session request from a client node to access a server node in a local network, the local network comprising a plurality of nodes other than the client node, the interface being coupled between the client node and the local network, b) a client certificate from the client node, the client certificate having client information comprising a public key of the client node and specifying the server node and c) a signature from the client node, the signature being encrypted according to a private key of the client node;an authenticator operatively coupled with the interface, the authenticator being configured to retrieve the client certificate and execute an authentication process using the client certificate, wherein the authentication process includes using the public key to verify the signature; and a router operatively coupled with the authenticator, the router being configured to determine, from the authenticator, when the authentication process authenticated the client node, the router further being configured to maintain a static connection between the router and the server node, receive data packets from the client node and route the data packets along the static connection to the server node specified by the client information in the client certificate when the client node is authenticated, such that all data packets of the session received by the server node flow through the router. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
24. A computer program product for use on a computer system for routing data across a network, the computer program product comprising a tangible, non-transient computer usable medium having computer readable program code thereon, the computer readable program code comprising:
-
program code for receiving, at an edge node, a session request from a client node to access, during a session, a server node in a local network, the local network comprising a plurality of nodes other than the client node, the edge router being coupled between the client node and the local network; program code for receiving, by the edge router, a client certificate from the client node, the client certificate having client information comprising a public key of the client node and specifying the server node; program code for receiving, by the edge router, from the client node, a signature encrypted according to a private key of the client node; program code for executing an authentication process using the client certificate, wherein the authentication process includes using the public key to verify the signature; program code for retrieving the client information from the client certificate; program code for maintaining a static connection between the edge router and the server node; and program code for receiving, by the edge router, data packets from the client node and, routing the data packets to the server node specified by the client information in the client certificate when the authentication process authenticates the client node, such that all data packets of the session received by the server node flow through the edge router, wherein routing the data packets to the server node comprises routing the data packets along the static connection. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A method of routing data across a network, the method comprising:
-
receiving, at an edge router, a session request from a client node to access, during a session, a server node in a local network, the local network comprising a plurality of nodes other than the client node, the edge router being coupled between the client node and the local network; receiving, by the edge router, a client certificate from the client node, the client certificate having client information comprising a public key of the client node and specifying the server node; receiving, by the edge router, from the client node, a signature encrypted according to a private key of the client node; executing an authentication process using the client certificate, wherein the authentication process includes using the public key to verify the signature; retrieving the client information from the client certificate; permitting initial handshake processes between the client node and the server node before receiving the client certificate; and receiving, by the edge router, data packets from the client node and, when the authentication process authenticates the client node, permitting completion of final handshake processes between the client node and server node and routing, by the edge router, the data packets to the server node specified by the client information in the client certificate, such that all data packets of the session received by the server node flow through the edge router. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
Specification