Pre-fetching secure content using proxy architecture

US 20050108517A1
Filed: 10/13/2004
Published: 05/19/2005
Est. Priority Date: 11/19/2003
Status: Active Grant

First Claim

Patent Images

1. A method for retrieving content for a client comprising:

receiving a reference to secure content accessed via a first resource;

editing the reference to the secure content to redirect requests for the secure content to a trusted agent, the edited reference to the secure content including information that identifies the first resource and the secure content of the received reference;

forwarding the edited reference to the client; and

requesting the secure content from the first resource, by the trusted agent on behalf of the client, when the client requests the edited reference.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Requests for secure content are rewritten before delivering the secure content to a client. In one implementation, the rewritten requests include the information content from the original request with the addition of a predetermined domain. The domain may correspond to a trusted agent that acts as a proxy for all secure requests from the client. Because of the rewritten request, the trusted agent is contacted by the client for the secure content. The trusted agent may then transparently (from the point of view of the client) retrieve and forward the secure content to the client.

288 Citations

36 Claims

1. A method for retrieving content for a client comprising:
- receiving a reference to secure content accessed via a first resource;
  
  editing the reference to the secure content to redirect requests for the secure content to a trusted agent, the edited reference to the secure content including information that identifies the first resource and the secure content of the received reference;
  
  forwarding the edited reference to the client; and
  
  requesting the secure content from the first resource, by the trusted agent on behalf of the client, when the client requests the edited reference.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the secure content is web content.
  - 3. The method of claim 2, wherein editing the reference to the secure content includes inserting a first predetermined domain in the reference to the secure content.
  - 4. The method of claim 1, further comprising:
    - returning, in response to domain name lookup requests received from the client for the first predetermined domain, an address of the trusted agent.
  - 5. The method of claim 1, wherein the reference to the secure content is a HyperText Transfer Protocol (HTTPS) link.
  - 6. The method of claim 1, wherein the secure content is accessed via a Secure Socket Layer (SSL) connection.
  - 7. The method of claim 1, wherein the edited reference to the secure content includes all fields of the received reference.
  - 8. The method of claim 1, wherein the trusted agent is implemented as first and second proxy servers in a satellite network.
  - 9. The method of claim 1, further including:
    - receiving a request from the first resource to store cookies at the client; and
      
      editing domain and path attributes of the request to reference the first resource accessed via the trusted agent.

10. A device for retrieving content for a client comprising:
- means for receiving a reference to secure content accessed via a first resource;
  
  means for editing the reference to the secure content to redirect requests for the secure content to a trusted agent, the edited reference to the secure content including information that identifies the first resource;
  
  means for forwarding the edited reference to the client; and
  
  means for requesting the secure content from the first resource, by the trusted agent on behalf of the client, when the client requests the edited reference.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The device of claim 10, wherein the secure content is web content.
  - 12. The device of claim 11, wherein the means for editing the reference to the secure content inserts a first predetermined domain in the reference to the secure content.
  - 13. The device of claim 10, wherein the reference to the secure content is a secure HyperText Transfer Protocol (HTTPS) link.
  - 14. The device of claim 10, wherein the secure content is accessed via a Secure Socket Layer (SSL) connection.

15. A network proxy apparatus for providing a proxy service to retrieve content over a data network from a content server, the apparatus comprising:
- an interface for receiving requests from a user for a secure connection with the content server and, in response to the received request, establishing a first connection between the interface and the user and establishing a second connection between the interface and the content server, the second connection being a secure connection; and
  
  a cache for storing content pre-fetched from the content server over the second connection.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The network proxy apparatus of claim 15, wherein the interface is further configured to:
    - receive a data request from a user;
      
      determine whether the cache stores content corresponding to the request; and
      
      forwarding the content from the cache, when the cache stores the content corresponding to the request.
  - 17. The network proxy apparatus of claim 15, wherein the first connection is a secure connection.
  - 18. The network proxy apparatus of claim 17, wherein the first and second connections are Secure Socket Layer (SSL) connections.
  - 19. The network proxy apparatus of claim 15, wherein secure links intended for the user are modified such that domains in the secure links are changed to reference a first predetermined domain.
  - 20. The network proxy apparatus of claim 19, wherein the secure links include secure HyperText Transfer Protocol (HTTPS) links.
  - 21. The network proxy apparatus of claim 19, wherein, in response to domain name lookup requests received from the user for the first predetermined domain, a network address of the network proxy apparatus is returned.

22. A system comprising:
- a first proxy configured to receive a request from a user for a secure connection with a content server;
  
  a second proxy configured to accept a first secure connection with the first proxy and to establish a second secure connection with the content server; and
  
  a wide area network configured to connect the first proxy and the second proxy.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The system of claim 22, wherein the wide area network includes a satellite connection.
  - 24. The system of claim 23, wherein the second proxy is further configured to relay content from the content server over the first secure connection to the first proxy.
  - 25. The system of claim 23, wherein the second proxy is further configured to pre-fetch content from the content server for the user and forward the content over the first secure connection to the first proxy.
  - 26. The system of claim 23, further comprising:
    - a satellite terminal located proximately to the user.
  - 27. The system of claim 22, wherein a third secure connection is established between the user and the first proxy.
  - 28. The system of claim 22, wherein the second proxy is further configured to rewrite secure links intended for the user to modify a domain referenced in the secure links to reference a first predetermined domain.
  - 29. The system of claim 28, wherein the secure links include secure HyperText Transfer Protocol (HTTPS) links.
  - 30. The system of claim 28, wherein, in response to domain name lookup requests received from the user for the first predetermined domain, an address of the first proxy is returned.

31. A method comprising:
- receiving a domain name system (DNS) lookup request from a user;
  
  determining whether the DNS lookup request refers to a first predetermined domain;
  
  returning an Internet Protocol address of a proxy to the requesting user when the DNS lookup request refers to the first predetermined domain; and
  
  forwarding the DNS lookup request to a DNS server when the DNS lookup request does not refer to the first predetermined domain.
- View Dependent Claims (32, 33)
- - 32. The method of claim 31, further comprising:
    - receiving a request from the user for a secure connection with the first predetermined domain, the request additionally including a link to a second domain;
      
      establishing a first secure connection with the user; and
      
      establishing a second secure connection with the second domain.
  - 33. The method of claim 32, further comprising:
    - receiving content from the second domain over the second secure connection;
      
      decrypting the content from the second domain;
      
      parsing the content from the second domain;
      
      encrypting the decrypted content from the second domain for transmission over the first secure connection; and
      
      transmitting the content over the first secure connection.

34. A method comprising:
- intercepting a HyperText Markup Language (HTML) document from a content server in response to a request from a user;
  
  editing the HTML document to insert a predetermined domain within secure HyperText Transfer Protocol (HTTPS) links before an original domain name included in the HTTPS links; and
  
  forwarding the edited HTML document to the user.
- View Dependent Claims (35, 36)
- - 35. The method of claim 34, further comprising:
    - receiving a request from the user for a secure connection with the predetermined domain;
      
      establishing a first secure connection with the user; and
      
      establishing a second secure connection with the original domain name referenced in the intercepted version of the HTML document.
  - 36. The method of claim 35, further comprising:
    - receiving content from the content server over the second secure connection;
      
      decrypting the content;
      
      parsing the content;
      
      encrypting the decrypted content from the second domain for transmission over the first secure connection; and
      
      transmitting the content over the first secure connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hughes Network Systems LLC (Echostar Corporation)
Original Assignee
Hughes Network Systems LLC (Echostar Corporation)
Inventors
Sebastine, Seejo, Dillon, Doug, Belmar, Ricardo

Granted Patent

US 7,584,500 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 16/9574   of access to content, e.g. ...

H04L 63/0464   using hop-by-hop encryption...

H04L 67/02   based on web technology, e....

H04L 69/329   in the application layer [O...

Pre-fetching secure content using proxy architecture

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

288 Citations

36 Claims

Specification

Use Cases

Quick Links

Others

Pre-fetching secure content using proxy architecture

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

288 Citations

36 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others