MUTUALLY AUTHENTICATED SECURE CHANNEL

US 20080282081A1
Filed: 05/07/2007
Published: 11/13/2008
Est. Priority Date: 05/07/2007
Status: Active Grant

First Claim

Patent Images

1. One or more device-readable media having device-executable instructions for performing steps comprising:

receiving a request from a client to establish a secure connection with a remote device;

forwarding the request to establish a secure connection to the remote device;

receiving a response to the request to establish a secure connection from the remote device;

forwarding the response to the request to establish a secure connection to the client;

receiving encrypted data traffic from the client; and

forwarding the encrypted data traffic from the client to the remote device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and methods for establishing a mutually authenticated secure channel between a client device and remote device through a remote access gateway server. The remote access gateway server forwards secure connection requests and acknowledgements between the client and the remote device such that the remote access gateway does not possess any or all session keys necessary to decrypt communication between the client device and remote device.

72 Citations

View as Search Results

20 Claims

1. One or more device-readable media having device-executable instructions for performing steps comprising:
- receiving a request from a client to establish a secure connection with a remote device;
  
  forwarding the request to establish a secure connection to the remote device;
  
  receiving a response to the request to establish a secure connection from the remote device;
  
  forwarding the response to the request to establish a secure connection to the client;
  
  receiving encrypted data traffic from the client; and
  
  forwarding the encrypted data traffic from the client to the remote device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The one or more device-readable media having device-executable instructions of claim 1, further comprising:
    - receiving encrypted data traffic from the remote device; and
      
      forwarding encrypted data traffic from the remote device to the client.
  - 3. The one or more device-readable media having device-executable instructions of claim 1, further comprising:
    - receiving a request from the client to create an encrypted tunnel with the remote device;
      
      matching the cryptographically strong identity of the client and the cryptographically strong identity of the remote device; and
      
      forwarding the request to create an encrypted tunnel to the remote device in response to positively matching the cryptographically strong identify of the client and the cryptographically strong identity of the remote device.
  - 4. The one or more device-readable media having device-executable instructions of claim 1, further comprising:
    - receiving a request from the client to establish a network connection; and
      
      establishing a network connection with the client in response to verifying the cryptographically strong identity of the client.
  - 5. The one or more device-readable media having device-executable instructions of claim 1, further comprising:
    - receiving a request from the remote device to establish a network connection;
      
      establishing the network connection with the remote device in response to verifying the cryptographically strong identity of the remote device.
  - 6. The one or more device-readable media having device-executable instructions of claim 1, further comprising:
    - receiving a keep alive command from the remote device; and
      
      sending an acknowledgement of the keep alive command to the remote device.
  - 7. The one or more device-readable media having device-executable instructions of claim 1 wherein the client is connected from behind a firewall.
  - 8. The one or more device-readable media having device-executable instructions of claim 1 wherein the remote device is connected from behind a firewall.
  - 9. The one or more device-readable media having device-executable instructions of claim 1 wherein the encrypted data traffic is comprised of remote desktop commands.
  - 10. The one or more device-readable media having device-executable instructions of claim 1 wherein the client has been redirected from a remote access gateway index server.

11. A system, comprising:
- a client for sending and receiving a first stream of encrypted data;
  
  a remote device for sending and receiving a second stream encrypted data; and
  
  a remote access gateway server, for establishing the cryptographically strong identity of the client, establishing the cryptographically strong identity of the remote device, and for forwarding the encrypted data sent from the client to the remote device and from the remote device to the client.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
- - 12. The system of claim 11, further comprising a remote access gateway index server, for storing an identifier of the remote access gateway server and for receiving a query from the client to locate the remote access gateway server to which the remote device is connected.
  - 13. The system of claim 11, wherein the remote access gateway server is further for establishing a secure sockets layer (SSL) connection to the client.
  - 14. The system of claim 11, wherein the remote access gateway server is further for establishing a secure sockets layer (SSL) connection to the remote device.
  - 15. The system of claim 11, wherein the client includes a digital certificate signed by a digital security authority.
  - 16. The system of claim 11, wherein the remote device includes a digital certificate signed by a digital security authority.
  - 17. The system of claim 11, wherein the first stream of encrypted data is encrypted with a secure sockets layer (SSL) session key.
  - 18. The system of claim 11, wherein the second stream of encrypted data is encrypted with a secure sockets layer (SSL) session key.

19. A method, comprising:
- establishing a secure sockets layer (SSL) connection with a remote device;
  
  receiving a request from a client to establish a remote desktop session with the remote device;
  
  matching a cryptographically strong identity of the client with a cryptographically strong identity of the remote device;
  
  forwarding a secure sockets layer (SSL) session establishment command from the client to the remote device;
  
  forwarding a secure sockets layer (SSL) response from the remote device to the client; and
  
  forwarding remote desktop session data encrypted with a secure sockets layer (SSL) session key between the client and the remote device.
- View Dependent Claims (20)
- - 20. The method of claim 19, wherein the encrypted data is forwarded asynchronously between the client and the remote device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Patiejunas, Kestutis

Granted Patent

US 8,782,414 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/153
CPC Class Codes

H04L 12/4633   Interconnection of networks...

H04L 2209/80   Wireless network architectu...

H04L 43/0811   by checking connectivity

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/04   for providing a confidentia...

H04L 63/08   for authentication of entit...

H04L 63/0869   for achieving mutual authen...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

MUTUALLY AUTHENTICATED SECURE CHANNEL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

MUTUALLY AUTHENTICATED SECURE CHANNEL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links