Caching network generated security certificates
First Claim
1. A system for caching network generated security certificates, the system comprising:
- a security gateway node operable to;
receive, from a client, a session request to establish a secure connection with a server;
based on the session request, establish a first secure session and a second secure session, the first secure session including a secure session between the client and the security gateway node and the second secure session including a secure session between the security gateway node and the server;
upon establishing the second secure session, receive a server certificate from the server;
match the server certificate against a gateway certificate table based on one or more predetermined criteria to find a gateway certificate entry matching the server certificate, the gateway certificate table operable to cache a plurality of gateway certificates associated with one or more previous secure sessions between the client and the server;
based on the matching, receive a gateway certificate, the gateway certificate being associated with the gateway certificate entry matching the server certificate and being used for performing the first secure session; and
upon receiving the gateway certificate, forge the gateway certificate to obtain a forged gateway certificate, wherein the first secure session is performed using the forged gateway certificate; and
a storage module operable to store at least the gateway certificate table.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided are methods and systems for caching network generated security certificates. An example system may include a security gateway node and a storage module. The security gateway node may be operable to receive, from a client, a session request to establish a secure connection with a server. Based on the session request, the security gateway node may establish a first secure session between the client and the security gateway node and a second secure session between the security gateway node and the server. The security gateway node may receive a server certificate from the server. The security gateway node may match the server certificate against a gateway certificate table. Based on the matching, the security gateway node may receive a gateway certificate associated with the gateway certificate entry that matches the server certificate. The gateway certificate may be used for performing the first secure session.
-
Citations
18 Claims
-
1. A system for caching network generated security certificates, the system comprising:
-
a security gateway node operable to; receive, from a client, a session request to establish a secure connection with a server; based on the session request, establish a first secure session and a second secure session, the first secure session including a secure session between the client and the security gateway node and the second secure session including a secure session between the security gateway node and the server; upon establishing the second secure session, receive a server certificate from the server; match the server certificate against a gateway certificate table based on one or more predetermined criteria to find a gateway certificate entry matching the server certificate, the gateway certificate table operable to cache a plurality of gateway certificates associated with one or more previous secure sessions between the client and the server; based on the matching, receive a gateway certificate, the gateway certificate being associated with the gateway certificate entry matching the server certificate and being used for performing the first secure session; and upon receiving the gateway certificate, forge the gateway certificate to obtain a forged gateway certificate, wherein the first secure session is performed using the forged gateway certificate; and a storage module operable to store at least the gateway certificate table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for caching network generated security certificates, the method comprising:
-
receiving, by a security gateway node, from a client, a session request to establish a secure connection with a server; based on the session request, establishing, by the security gateway node, a first secure session and a second secure session, the first secure session including a secure session between the client and the security gateway node and the second secure session including a secure session between the security gateway node and the server; upon establishing the second secure session, receiving, by the security gateway node, a server certificate from the server; matching, by the security gateway node, the server certificate against a gateway certificate table based on one or more predetermined criteria to find a gateway certificate entry matching the server certificate, the gateway certificate table operable to cache a plurality of gateway certificates associated with one or more previous secure sessions between the client and the server; based on the matching, receiving, by the security gateway node, a gateway certificate, the gateway certificate being associated with the gateway certificate entry matching the server certificate and being used for performing the first secure session; and upon receiving the gateway certificate, forging the gateway certificate to obtain a forged gateway certificate, wherein the first secure session is performed using the forged gateway certificate. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for caching network generated security certificates, the system comprising:
-
a security gateway node operable to; receive, from a client, a session request to establish a secure connection with a server; based on the session request, establish a first secure session and a second secure session, the first secure session including a secure session between the client and the security gateway node and the second secure session including a secure session between the security gateway node and the server; upon establishing the second secure session, receive a server certificate from the server; match the server certificate against a gateway certificate table based on one or more predetermined criteria to find a gateway certificate entry matching the server certificate, the gateway certificate table operable to cache a plurality of gateway certificates associated with one or more previous secure sessions between the client and the server; based on the matching, receive a gateway certificate, the gateway certificate being associated with the gateway certificate entry matching the server certificate and being used for performing the first secure session; upon the receiving of the gateway certificate, validate the gateway certificate, wherein the validating is based at least on time information associated with the gateway certificate and forge the gateway certificate to obtain a forged gateway certificate, wherein the first secure session is performed using the forged gateway certificate; based on the matching, determine that no gateway certificate entry matching the server certificate exists; upon the determining, generate a further gateway certificate based on the server certificate; and store the further gateway certificate to the gateway certificate table; and a storage module operable to store at least the gateway certificate table.
-
Specification