System and method for automatic negotiation of a security protocol
First Claim
1. A method for automatically negotiating a security protocol, comprising:
- receiving a security authorization request to establish a secure connection between an internal node, the internal node being internal to a security-enabled domain, and an external node, the external node being external to the security-enabled domain;
comparing a first protocol set associated with the internal node to a second protocol set associated with the external node; and
establishing a secure connection between the external node and the internal node when a matching protocol between the first protocol set and the second protocol set is found.
2 Assignments
0 Petitions
Accused Products
Abstract
A protocol negotiation platform permits a computer or other node lying outside of a security-enabled domain to negotiate a supported security protocol with a server or other node within that domain. Active Directory™, Kerberos and other secure network technologies permit agents or nodes within a domain to communicate securely with each other, using default, protocols and key, certificate or other authentication techniques. In the past external agents however had no transparent way to enter the domain, requiring the manual selection of protocols for use across the domain boundary. According to the invention either of an external agent or an internal agent may initiate an attempt to establish a secure session across the domain boundary, transmitting a request including a set of supported protocols to the recipient machine. A negotiation engine may then compare the available protocols on both of the agents, nodes or machines at either end of the session, and select a compatible protocol when found. The internal and external agents may likewise authenticate each other using a key, certificate or other mechanism.
-
Citations
62 Claims
-
1. A method for automatically negotiating a security protocol, comprising:
-
receiving a security authorization request to establish a secure connection between an internal node, the internal node being internal to a security-enabled domain, and an external node, the external node being external to the security-enabled domain;
comparing a first protocol set associated with the internal node to a second protocol set associated with the external node; and
establishing a secure connection between the external node and the internal node when a matching protocol between the first protocol set and the second protocol set is found. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for automatically negotiating a security protocol, comprising:
-
a first interface to an internal node, the internal node being internal to a security-enabled domain, the internal node having an associated first protocol set;
a second interface to an external node, the external node being external to the security-enabled domain, the external node having an associated second protocol set; and
a negotiation engine, the negotiation engine receiving a security authorization request to establish a secure connection between the internal node and the external node, comparing the first protocol set associated with the internal node to the second protocol set associated with the external node, and establishing a secure connection between the external node and the internal node when a matching protocol between the first protocol set and the second protocol set is found. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for automatically negotiating a security protocol, comprising:
-
first interface means for interfacing to an internal node, the internal node being internal to a security-enabled domain, the internal node having an associated first protocol set;
second interface means for interfacing to an external node, the external node being external to the security-enabled domain, the external node having an associated second protocol set; and
negotiation means, the negotiation means for receiving a security authorization request to establish a secure connection between the internal node and the external node, comparing the first protocol set associated with the internal node to the second protocol set associated with the external node, and establishing a secure connection between the external node and the internal node when a matching protocol between the first protocol set and the second protocol set is found. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 61, 62)
-
-
49. A computer readable medium, the computer readable medium being readable to execute a method for automatically negotiating a security protocol, the method comprising:
-
receiving a security authorization request to establish a secure connection between an internal node, the internal node being internal to a security-enabled domain, and an external node, the external node being external to the security-enabled domain;
comparing a first protocol set associated with the internal node to a second protocol set associated with the external node; and
establishing a secure connection between the external node and the internal node when a matching protocol between the first protocol set and the second protocol set is found. - View Dependent Claims (50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
Specification