Verification of server certificates using hash codes
First Claim
1. A system for verifying a server security certificate using a hash code, the system comprising:
- a client secure socket layer (SSL) node operable to;
receive, from a client, a session request to establish an SSL communication session with a server, the session request including at least a server address of the server;
forward the session request to a service gateway node; and
based on determining that the server security certificate is a valid server security certificate of the server, establish the SSL communication session between the client and the server;
the service gateway node in communication with the client SSL node, the service gateway node being operable to;
send the session request to the server using the server address;
receive the server security certificate from the server, responsive to the session request;
query a server domain name system (DNS) module associated with the server to receive the hash code associated with the server, wherein the querying includes sending at least the server address to the server DNS module;
in response to the querying, receive the hash code associated with the server from the server DNS module, the hash code including at least a first hash value associated with the server and a hash function to be applied to the first hash value to obtain the valid server security certificate;
calculate a second hash value associated with the server by applying the hash function to the server security certificate;
match the first hash value associated with the server and the second hash value associated with the server; and
based on the matching, determine whether the server security certificate is the valid server security certificate; and
a storage node operable to store at least the server security certificate and the hash code associated with the server.
1 Assignment
0 Petitions
Accused Products
Abstract
Described are systems and methods for verifying server security certificates using hash codes. The system may include a client secure socket layer (SSL) node, a service gateway node, and a storage node. The client SSL node may receive a session request from a client. The service gateway node may forward the session request to a server to receive a server security certificate. The service gateway node may query a server domain name system module to receive a hash code. The hash code may include a first hash value and a hash function to obtain the server security certificate based on the first hash value. The service gateway node may calculate a second hash value by applying the hash function to the server security certificate and match the second hash value and the first hash value to determine whether the server security certificate is valid.
-
Citations
20 Claims
-
1. A system for verifying a server security certificate using a hash code, the system comprising:
-
a client secure socket layer (SSL) node operable to; receive, from a client, a session request to establish an SSL communication session with a server, the session request including at least a server address of the server; forward the session request to a service gateway node; and based on determining that the server security certificate is a valid server security certificate of the server, establish the SSL communication session between the client and the server; the service gateway node in communication with the client SSL node, the service gateway node being operable to; send the session request to the server using the server address; receive the server security certificate from the server, responsive to the session request; query a server domain name system (DNS) module associated with the server to receive the hash code associated with the server, wherein the querying includes sending at least the server address to the server DNS module; in response to the querying, receive the hash code associated with the server from the server DNS module, the hash code including at least a first hash value associated with the server and a hash function to be applied to the first hash value to obtain the valid server security certificate; calculate a second hash value associated with the server by applying the hash function to the server security certificate; match the first hash value associated with the server and the second hash value associated with the server; and based on the matching, determine whether the server security certificate is the valid server security certificate; and a storage node operable to store at least the server security certificate and the hash code associated with the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for verifying a server security certificate using a hash code, the method comprising:
-
receiving, by a client secure sockets layer (SSL) node, from a client, a session request to establish an SSL communication session with a server, the session request including at least a server address of the server; forwarding, by the client SSL node, the session request to a service gateway node; sending, by the service gateway node, the session request to the server based on the server address; receiving, by the service gateway node, the server security certificate from the server responsive to the session request; querying, by the service gateway node, a server domain name system (DNS) module associated with the server to receive the hash code associated with the server, wherein the querying includes sending at least the server address to the server DNS module; in response to the querying, receiving, by the service gateway node, the hash code associated with the server from the server DNS module, the hash code including at least a first hash value associated with the server and a hash function to be applied to the first hash value to obtain a valid server security certificate of the server; calculating, by the service gateway node, a second hash value associated with the server by applying the hash function to the server security certificate; matching, by the service gateway node, the first hash value associated with the server and the second hash value associated with the server; based on the matching, determining, by the service gateway node, whether the server security certificate is the valid server security certificate; and based on the determination that the server security certificate is the valid server security certificate, establishing, by the client SSL node, the SSL communication session between the client and the server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A system for verifying a server security certificate using a hash code, the system comprising:
-
a client secure socket layer (SSL) node operable to; receive, from a client, a session request to establish an SSL communication session with a server, the session request including at least a server address of the server; forward the session request to a service gateway node; based on determining that the server security certificate is a valid server security certificate of the server, establish the SSL communication session between the client and the server; based on determining that the server security certificate is not the valid server security certificate, terminate the SSL communication session between the client and the server; query a storage node to obtain a forged server security certificate for the server security certificate, the forged server security certificate being stored in the storage node during at least one previous SSL communication session between the client and the server; and provide the forged server security certificate to the client to establish a secure connection between the client and the client SSL node based on the forged server security certificate and to establish a secure connection between the client SSL node and the server based on the server security certificate; the service gateway node in communication with the client SSL node, the service gateway node being operable to; send the session request to the server based on the server address; receive the server security certificate from the server responsive to the session request; query a server domain name system (DNS) module associated with the server to receive the hash code associated with the server, wherein the querying includes sending at least the server address to the server DNS module; in response to the querying, receive the hash code associated with the server from the server DNS module, the hash code including at least a first hash value associated with the server and a hash function to be applied to the first hash value to obtain the valid server security certificate; calculate a second hash value associated with the server by applying the hash function to the server security certificate, wherein the hash function is selected from a group comprising;
a Message Digest 5 (MD5) algorithm, a 16-bit cyclic redundancy check (CRC), a 32-bit CRC, a 64-bit CRC, a Secure Hash Algorithm (SHA) Version 1, a SHA Version , and SHA-512;match the first hash value associated with the server and the second hash value associated with the server; and based on the matching, determine whether the server security certificate is the valid server security certificate; and the storage node operable to store at least the server security certificate and the hash code associated with the server.
-
Specification