System and methods for transparent encryption
First Claim
1. A method for secure transport comprising:
- intercepting an outgoing connection attempt;
identifying a destination from the outgoing connection attempt;
establishing a secure connection using the identified destination from the connection attempt;
establishing the attempted outgoing connection by terminating the outgoing connection attempt; and
associating the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the detected outgoing connection to the identified destination.
1 Assignment
0 Petitions
Accused Products
Abstract
Conventional SSL termination devices support secure connections only to a predetermined destination address. An SSL termination device accepts a plaintext connection and associate it to a secure connection to an arbitrary destination endpoint by intercepting a connection request from the local subnetwork, identifying the intended destination of the connection, and establishing a secure connection to the destination, bridges the local connection and the secure connection to provide a connection through the gateway device. The SSL termination device identifies an outgoing secure connection request from a client, and intercepts the connection request to identify the recipient destination. The SSL termination device establishes a secure connection using the identified destination, and associates the connections by mapping the intercepted connection to the recipient. The identified recipient allows the secure connection to the destination, and the mapping allows message traffic received from the client over the local connection to be mapped to the destination.
-
Citations
26 Claims
-
1. A method for secure transport comprising:
-
intercepting an outgoing connection attempt;
identifying a destination from the outgoing connection attempt;
establishing a secure connection using the identified destination from the connection attempt;
establishing the attempted outgoing connection by terminating the outgoing connection attempt; and
associating the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the detected outgoing connection to the identified destination. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing a secure connection comprising:
-
identifying an outgoing connection attempt intended as a secure connection to a destination;
intercepting the outgoing connection attempt;
analyzing the outgoing connection attempt to determine an identifier indicative of the destination;
determining, using the identifier, if the destination is operable to accept a secure connection, and if so;
retrieving a ciphersuite indicative of the secure connection attributes operable with the destination;
completing a first connection by accepting the outgoing connection attempt as an end to end connection from the originator of the outgoing connection attempt;
establishing a second connection by issuing a secure connection attempt to the destination employing the destination identifier and the retrieved secure connection attributes;
storing an association of the first and second connections;
receiving data via the first connection destined for the recipient;
indexing, via the stored association, the second connection corresponding to the first connection; and
forwarding the received data to the destination via the second connection. - View Dependent Claims (13)
-
-
14. A data communication device for secure transport comprising:
-
an SSL terminator operable to intercept an outgoing connection attempt;
a connection scanner operable to identify a destination from the intercepted outgoing connection attempt;
a secure endpoint responsive to the SSL terminator to establish a secure connection using the identified destination from the connection attempt, the SSL terminator further operable to establish the attempted outgoing connection by terminating the outgoing connection attempt; and
a mapper operable to associate the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the intercepted outgoing connection to the identified destination. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A computer program product having a computer readable medium operable to store computer program logic embodied in computer program code encoded thereon for secure transport comprising:
-
computer program code for intercepting an outgoing connection attempt;
computer program code for identifying a destination from the outgoing connection attempt;
computer program code for establishing a secure connection using the identified destination from the connection attempt;
computer program code for establishing the attempted outgoing connection by terminating the outgoing connection attempt; and
computer program code for associating the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the detected outgoing connection to the identified destination.
-
-
25. A computer data signal having program code for secure transport comprising:
-
program code for intercepting an outgoing connection attempt;
program code for identifying a destination from the outgoing connection attempt;
program code for establishing a secure connection using the identified destination from the connection attempt;
program code for establishing the attempted outgoing connection by terminating the outgoing connection attempt; and
program code for associating the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the detected outgoing connection to the identified destination.
-
-
26. A data communication device for secure transport comprising:
-
means for program code for intercepting an outgoing connection attempt;
means for identifying a destination from the outgoing connection attempt;
means for establishing a secure connection using the identified destination from the connection attempt;
means for establishing the attempted outgoing connection by terminating the outgoing connection attempt; and
means for associating the terminated outgoing connection with the established secure connection, the association operable to transfer message traffic intended for the destination over the secure connection in a continuous manner from the detected outgoing connection to the identified destination.
-
Specification