Secure sockets layer proxy architecture
First Claim
1. A method for secure communications between a client and one of a plurality of servers performed on an intermediary device coupled to the client and said plurality of servers, comprising:
- (a) establishing an open communications session between the intermediary device and the client via an open network;
(b) negotiating a secure communications session with the client;
(c) establishing an open communications session with said one of said plurality of servers via a secure network;
(d) receiving encrypted data from the client via the secure communications session;
(e) decrypting encrypted application data;
(f) forwarding decrypted application data to the server via the secure network;
(g) receiving application data from the server via the secure network;
(h) encrypting the application data; and
(i) sending encrypted application data to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for secure communications between a client and one of a plurality of servers performed on an intermediary device coupled to the client and said plurality of servers. In one aspect, the method comprises: establishing an open communications session between the intermediary device and the client via an open network; negotiating a secure communications session with the client; establishing an open communications session with said one of said plurality of servers via a secure network; receiving encrypted data from the client via the secure communications session; decrypting encrypted application data; forwarding decrypted application data to the server via the secure network; receiving application data from the server via the secure network; encrypting the application data; and sending encrypted application data to the client. In a further aspect, an apparatus including a network interface communicating with the public network and the secure network at least one processor, programmable dynamic memory addressable by the processor, and a communications channel coupling the processor, memory and the network communications interface is provided. The apparatus further includes a proxy TCP communications engine, a proxy SSL communications engine, a server TCP communications engine; and a packet data encryption and decryption engine.
273 Citations
30 Claims
-
1. A method for secure communications between a client and one of a plurality of servers performed on an intermediary device coupled to the client and said plurality of servers, comprising:
-
(a) establishing an open communications session between the intermediary device and the client via an open network;
(b) negotiating a secure communications session with the client;
(c) establishing an open communications session with said one of said plurality of servers via a secure network;
(d) receiving encrypted data from the client via the secure communications session;
(e) decrypting encrypted application data;
(f) forwarding decrypted application data to the server via the secure network;
(g) receiving application data from the server via the secure network;
(h) encrypting the application data; and
(i) sending encrypted application data to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 25, 26, 27, 28, 29)
-
-
12. An apparatus coupled to a public network and a secure network, communicating with at least one client via the public network and communicating with one of a plurality of servers via the secure network, comprising:
-
a network interface communicating with the public network and the secure network;
at least one processor;
programmable dynamic memory addressable by the processor;
a communications channel coupling the processor, memory and network communications interface;
a proxy TCP communications engine;
a proxy SSL communications engine;
a server TCP communications engine; and
a packet data encryption and decryption engine.
-
-
23. A method of providing secure communications between a plurality of customer devices and an enterprise, comprising:
-
providing a device enabled for secure communication with customer devices and having an IP address of the enterprise;
receiving communications directed to the enterprise in secure protocol;
decrypting data packets of the secure protocol to provide decrypted packet data;
forwarding the decrypted packet data to at least one server of the enterprise;
receiving application data from a secure server of the enterprise;
encrypting the application data received from the enterprise; and
forwarding encrypted application data to the customer.
-
-
30. A method for secure communications between a client and one of a plurality of servers performed on an intermediary device coupled to the client and said plurality of servers, comprising:
-
(a) establishing an open communications session between the intermediary device and the client device via an open network;
(b) negotiating a secure communications session between the intermediary device and the client;
(c) establishing an open communications session between the intermediary device and said one of said plurality of servers via a secure network;
(d) receiving encrypted data from the client via the secure communications session;
(e) decrypting encrypted application data;
(f) forwarding decrypted application data to the server via the secure network;
(g) receiving application data from the server via the secure network;
(h) encrypting the application data;
(i) sending encrypted application data to the client;
(j) detecting a communications anomaly in a communications session between the client and the intermediary device; and
(k) passing TCP data from through the intermediary device.
-
Specification