CREATING SECURE INTERACTIVE CONNECTIONS WITH REMOTE RESOURCES
First Claim
1. A server computer system comprising:
- at least one processor; and
a storage medium storing computer executable instructions which, when executed by the at least one processor, implement a method of creating a secure connection with a client computer system early in a connection process by negotiating secure connection protocols, the method comprising;
the server receiving a connection request from a client computer system to communicate with one or more server resources using a secure connection, the connection request comprising data proposing a plurality of secure communication protocols which are installed at the client computer system and with which the client computer system is presently enabled for establishing the secure connection;
the server processing the connection request to identify the plurality of secure communication protocols proposed by the client computer system for establishing the secure connection and to select an appropriate choice of a preferred secure communication protocol to use when establishing the secure connection, including;
the server reviewing a server-side security options component that identifies one or more secure communication protocols with which the server is enabled for establishing secure connections;
the server determining one or more common secure communication protocols that are common to both the server and to the client computer system; and
the server choosing the preferred secure communication protocol from among the one or more common secure communication protocols that are common to both the server and to the client computer system;
the server sending a connection response to the client computer system, the connection response indicating the determined preferred secure communication protocol;
the server establishing a secure communication channel with the client computer system using the preferred secure communication protocol;
the server confirming use of the preferred secure communication protocol through a data exchange in the secured channel established with the client computer system; and
the server communicating data with a client application program of the client computer system through the secure communication channel using the preferred secure communication protocol.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
20 Citations
20 Claims
-
1. A server computer system comprising:
-
at least one processor; and a storage medium storing computer executable instructions which, when executed by the at least one processor, implement a method of creating a secure connection with a client computer system early in a connection process by negotiating secure connection protocols, the method comprising; the server receiving a connection request from a client computer system to communicate with one or more server resources using a secure connection, the connection request comprising data proposing a plurality of secure communication protocols which are installed at the client computer system and with which the client computer system is presently enabled for establishing the secure connection; the server processing the connection request to identify the plurality of secure communication protocols proposed by the client computer system for establishing the secure connection and to select an appropriate choice of a preferred secure communication protocol to use when establishing the secure connection, including; the server reviewing a server-side security options component that identifies one or more secure communication protocols with which the server is enabled for establishing secure connections; the server determining one or more common secure communication protocols that are common to both the server and to the client computer system; and the server choosing the preferred secure communication protocol from among the one or more common secure communication protocols that are common to both the server and to the client computer system; the server sending a connection response to the client computer system, the connection response indicating the determined preferred secure communication protocol; the server establishing a secure communication channel with the client computer system using the preferred secure communication protocol; the server confirming use of the preferred secure communication protocol through a data exchange in the secured channel established with the client computer system; and the server communicating data with a client application program of the client computer system through the secure communication channel using the preferred secure communication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A client computer system comprising:
-
at least one processor; and a storage medium storing computer executable instructions which, when executed by the at least one processor, implement a method of creating a secure connection with a server by negotiating secure communication protocols, the method comprising; the client computer system identifying a plurality of secure communication protocols, each of the plurality of secure communication protocols being presently installed and enabled at the client computer system and usable by the client computer system to establish a secure connection with the server; the client computer system sending to the server a connection request comprising data proposing the plurality of secure communication protocols with which the client computer system is presently enabled for establishing the secure connection; subsequent to the client computer system sending the connection request, the client computer system receiving a connection response from the server, the connection response specifying a preferred one of the plurality of secure communication protocols that is preferred by the server, such that a mutually acceptable secure communication protocol identified by the server is received by the client computer system, the preferred one of the plurality of secure communication protocols identified by the server being common to both the server and to the client computer system based at least in part on the data sent by the client computer system in the connection request; the client computer system establishing a secure communication channel with the server by at least exchanging authentication information with the server using the preferred secure communication protocol, wherein authentication information from the server comprises any one of a self-signed certificate, a manually installed certificate, or a certificate received from a remote certificate authority; and the client computer system confirming the use of the secure communication protocol negotiated with the server with one or more initial data packets communicated during negotiation with the server. - View Dependent Claims (16, 17, 18, 19)
-
-
20. One or more computer storage devices having computer-executable instructions encoded thereon that, when executed at a client computer system in a computerized system in which a server communicates data with a client computer system through a secure connection, cause one or more processors at the client computer system to perform a method of creating the secure connection by negotiating secure communication protocols with the server early in a connection process, the method comprising:
-
the client computer system identifying a plurality of secure communication protocols, each of the plurality of secure communication protocols being presently installed and enabled at the client computer system and usable by the client computer system to establish a secure connection with the server; the client computer system sending to the server a connection request comprising data proposing the plurality of secure communication protocols with which the client computer system is presently enabled for establishing the secure connection; subsequent to the client computer system sending the connection request, the client computer system receiving a connection response from the server, the connection response specifying a preferred one of the plurality of secure communication protocols that is preferred by the server, such that a mutually acceptable secure communication protocol identified by the server is received by the client computer system, the preferred one of the plurality of secure communication protocols identified by the server being common to both the server and to the client computer system based at least in part on the data sent by the client computer system in the connection request; the client computer system establishing a secure communication channel with the server by at least exchanging authentication information with the server using the preferred secure communication protocol, wherein authentication information from the server comprises any one of a self-signed certificate, a manually installed certificate, or a certificate received from a remote certificate authority; and the client computer system confirming the use of the secure communication protocol negotiated with the server with one or more initial data packets communicated during negotiation with the server.
-
Specification