Method and system for providing hardware cryptography functionality to a data processing system lacking cryptography hardware
First Claim
1. A method of secure communication, comprising:
- receiving a request for a data transaction from a client lacking hardware cryptography functionality, together with security parameters specific to the client, at a server through a secure connection between the client and the server;
performing any necessary security processing for the requested data transaction within the server on behalf of the client utilizing hardware cryptography functionality available within the server; and
after performing any necessary security processing on the requested data transaction, forwarding the processed data transaction to a target of the requested data transaction as if originating from the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A client lacking hardware-based cryptography functionality obtains its benefits by allowing an access server (or similar server through which the client consistently transmits data transactions) which has such hardware-based cryptography functionality to act as a virtual client. A connection having packet-level encryption is employed to transmit data transaction requests, and optionally also encryption keys, digital certificates and the like assigned to the client, from the client to the server, and to transmit processed responses from the server to the client. The server performs any required security processing required for data transaction requests and responses, such as encryption/decryption or attachment or validation of digital certificates, on behalf of the client utilizing the hardware-based cryptography functionality, then forwards processed requests to recipients and returns processed responses to the client via the secure connection.
-
Citations
21 Claims
-
1. A method of secure communication, comprising:
-
receiving a request for a data transaction from a client lacking hardware cryptography functionality, together with security parameters specific to the client, at a server through a secure connection between the client and the server;
performing any necessary security processing for the requested data transaction within the server on behalf of the client utilizing hardware cryptography functionality available within the server; and
after performing any necessary security processing on the requested data transaction, forwarding the processed data transaction to a target of the requested data transaction as if originating from the client. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for secure communication, comprising:
-
a client lacking hardware cryptography functionality;
a server including hardware cryptography functionality;
a secure Internet Protocol connection between the client and the server;
means for receiving a request for a data transaction from the client, together with security parameters specific to the client, at the server through the secure connection;
means for performing any necessary security processing for the requested data transaction within the server on behalf of the client utilizing the hardware cryptography functionality available within the server; and
means, responsive to completion of performing any necessary security processing on the requested data transaction, for forwarding the processed data transaction to a target of the requested data transaction as if originating from the client. - View Dependent Claims (9, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21)
-
-
15. A computer program product within a computer usable medium for secure communication, comprising:
-
instructions for receiving a request for a data transaction from a client lacking hardware cryptography functionality, together with security parameters specific to the client, at a server through a secure connection between the client and the server;
instructions for performing any necessary security processing for the requested data transaction within the server on behalf of the client utilizing hardware cryptography functionality available within the server; and
instructions, responsive to completion of performing any necessary security processing on the requested data transaction, for forwarding the processed data transaction to a target of the requested data transaction as if originating from the client.
-
Specification