Transparent proxy of encrypted sessions
First Claim
1. A method, comprising:
- intercepting a client-server security session request sent from a client to a server at a proxy device;
initiating, with the server, a proxy-server security session from the proxy device;
obtaining, from the server, server security information at the proxy device;
initiating, with the client, a client-proxy security session from the proxy device using a trusted proxy certificate of the proxy device;
obtaining, from the client, client security information at the proxy device;
creating a dynamic certificate using the obtained client security information and the trusted proxy certificate;
establishing the initiated proxy-server security session with the dynamic certificate; and
establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a server and a client are configured to trust a certificate of an intermediate proxy device. The proxy device may then intercept a client-server security session request message sent from the client to the server. In response, the proxy device initiates a proxy-server security session with the server and obtains server security information from the server. Then, the proxy device initiates a client-proxy security session with the client using the trusted proxy certificate, and obtains client security information from the client. Upon obtaining the client security information, the proxy device creates a dynamic certificate using the obtained client security information and the trusted proxy certificate, and establishes the initiated proxy-server security session with the dynamic certificate. The proxy device then establishes the initiated client-proxy session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
198 Citations
20 Claims
-
1. A method, comprising:
-
intercepting a client-server security session request sent from a client to a server at a proxy device; initiating, with the server, a proxy-server security session from the proxy device; obtaining, from the server, server security information at the proxy device; initiating, with the client, a client-proxy security session from the proxy device using a trusted proxy certificate of the proxy device; obtaining, from the client, client security information at the proxy device; creating a dynamic certificate using the obtained client security information and the trusted proxy certificate; establishing the initiated proxy-server security session with the dynamic certificate; and establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A node, comprising:
-
one or more network interfaces adapted to communicate with at least one server and at least one client, wherein the server and the client are configured to trust a proxy certificate of the node; one or more processors coupled to the network interfaces and adapted to execute one or more processes; and a memory adapted to store a proxy security process executable by each processor, the proxy security process when executed operable to;
i) intercept a client-server security session request sent from the client to the server, ii) initiate, with the server, a proxy-server security session, iii) obtain, from the server, server security information, iv) initiate, with the client, a client-proxy security session using the trusted proxy certificate, v) obtain, from the client, client security information, vi) create a dynamic certificate using the obtained client security information and the trusted proxy certificate, vii) establish the initiated proxy-server security session with the dynamic certificate, and vii) establish the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (18, 19)
-
-
20. An apparatus, comprising:
-
means for intercepting a client-server security session request sent from a client to a server; means for initiating, with the server, a proxy-server security session; means for obtaining, from the server, server security information; means for initiating, with the client, a client-proxy security session using a trusted proxy certificate; means for obtaining, from the client, client security information; means for creating a dynamic certificate using the obtained client security information and the trusted proxy certificate; means for establishing the initiated proxy-server security session with the dynamic certificate; and means for establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
-
Specification