Client-side inspection and processing of secure content
First Claim
Patent Images
1. A computer implemented method for client side transparent content processing, said computer implemented process comprising the acts of:
- establishing a secure transport session between a client and a server via a transparent controlled man-in-the-middle proxy;
receiving, at said controlled man-in-the-middle proxy, a client request intended for said server, at least a portion of said client request being encrypted;
decrypting said client request; and
processing said decrypted client request.
4 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method are provided for client-side content processing such as filtering and caching of secure content sent using Transport Layer Security (TLS) or Secure Socket Layer (SSL) protocols. An appliance functions as a controlled man-in-the-middle on the client side to terminate, cache, switch, and modify secure client side content.
563 Citations
68 Claims
-
1. A computer implemented method for client side transparent content processing, said computer implemented process comprising the acts of:
-
establishing a secure transport session between a client and a server via a transparent controlled man-in-the-middle proxy;
receiving, at said controlled man-in-the-middle proxy, a client request intended for said server, at least a portion of said client request being encrypted;
decrypting said client request; and
processing said decrypted client request. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 63, 64)
-
-
24. A computer implemented method for establishing a secure transport session between a client computer and a server computer via a transparent controlled man-in-the-middle proxy, said method comprising the acts of:
-
intercepting at said proxy a client request to establish a client-server secure session with said server computer;
establishing a client-proxy secure session between said proxy and said client computer such that said client interprets said client-proxy secure session as said requested client-server secure session; and
establishing a proxy-server secure session between said proxy and said server computer. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 65, 66)
-
-
38. A computer implemented method for client side transparent content processing, said computer implemented process comprising the acts of:
-
establishing a secure transport session between a client and a server via a transparent controlled man-in-the-middle proxy;
receiving, at said proxy, a server response intended for said client computer, at least a portion of said server response being encrypted;
decrypting said server response; and
processing said decrypted server response. - View Dependent Claims (39, 40, 41, 42, 43, 44, 45)
-
-
46. A computer implemented method as recited in 38, wherein the act of establishing a secure transport session includes the sub-acts of:
-
intercepting at said proxy a client request to establish a client-server secure session with said server computer;
establishing a client-proxy secure session between said proxy and said client computer such that said client interprets said client-proxy secure session as said requested client-server secure session; and
establishing a proxy-server secure session between said proxy and said server computer. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 67, 68)
-
-
60. A computer system comprising:
-
a data communications bus;
a central processing unit bi-directionally coupled to said data communications bus;
transient memory bi-directionally coupled to said data communications bus;
persistent memory bi-directionally coupled to said data communications bus;
a network i/o device bi-directionally coupled to said data communications bus; and
a caching process executing on said computer system;
a content transformation process executing on said computer system;
a encryption/decryption process executing on said computer system;
a proxy manager process executing on said computer system, wherein said manager process utilizes said caching, content transformation, and encryption/decryption processes to transparently process messages intercepted over a secure session link established between a client computer and a server computer via said computer system.
-
-
61. A data structure for use in the inspection and processing of secure content by a proxy coupled between a web browser and a web server, said data structure comprising:
-
the identification of said server;
a session public key held by said proxy;
a digital signature signed by a Certificate Authority private key held by said proxy.
-
-
62. A web browser for use in the client-side inspection and processing of secure content transmitted between said browser and a web server by a proxy, wherein:
said browser is adapted to accept a server certificate identifying said proxy as said server.
Specification