SYSTEMS AND METHODS FOR PROVIDING SECURE COMMUNICATION

US 20140281480A1
Filed: 03/15/2013
Published: 09/18/2014
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a client comprising a security agent that is configured to create a client certificate that corresponds to one or more client identifiers; and

a server comprising a server certificate, wherein said server is in communication with said security agent, and wherein said server is configured to;

facilitate establishing an initial mutually authenticated transport layer security (TLS) session with said client based on the client certificate and the server certificate;

extract the client certificate from said security agent when the initial mutually authenticated TLS session is established;

store the client certificate as being associated with only the corresponding one or more client identifiers;

categorize the association between the client certificate and the corresponding one or more client identifiers as being secure but not trusted for said client until the identity of said client has been verified; and

receive an indication that the identity of said client has been verified.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A client includes a security agent configured to create a client certificate that corresponds to one or more client identifiers. A server includes a server certificate and is in communication with the security agent. The server is configured to facilitate establishing an initial mutually authenticated transport layer security (TLS) session with the client based on the client certificate and the server certificate. The server is also configured to extract the client certificate from the security agent once the TLS session is established. The server is configured to store the certificate as being associated with only the corresponding client identifier(s) and to categorize the association between the client certificate and the corresponding client identifier(s) as being secure but not trusted for the client until the identity of the client has been verified. Moreover, the server is configured to receive an indication that the identity of the client has been verified.

55 Citations

View as Search Results

20 Claims

1. A system comprising:
- a client comprising a security agent that is configured to create a client certificate that corresponds to one or more client identifiers; and
  
  a server comprising a server certificate, wherein said server is in communication with said security agent, and wherein said server is configured to;
  
  facilitate establishing an initial mutually authenticated transport layer security (TLS) session with said client based on the client certificate and the server certificate;
  
  extract the client certificate from said security agent when the initial mutually authenticated TLS session is established;
  
  store the client certificate as being associated with only the corresponding one or more client identifiers;
  
  categorize the association between the client certificate and the corresponding one or more client identifiers as being secure but not trusted for said client until the identity of said client has been verified; and
  
  receive an indication that the identity of said client has been verified.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The system of claim 1, wherein said server is further configured to provide an output, via a user interface, of the categorization to a user.
  - 3. The system of claim 2, wherein said server is configured to receive the indication that the identity of said client has been verified by receiving an input from a user, via the user interface, to change the categorization for said client from not trusted to trusted.
  - 4. The system of claim 1, wherein said server is further configured to install said security agent on said client using one or more credentials.
  - 5. The system of claim 4, wherein the one or more credentials includes a username and a password.
  - 6. The system of claim 1, wherein the one or more client identifiers include a client name or an internet protocol address.
  - 7. The system of claim 1, wherein said security agent is configured to create the client certificate by creating a key pair and a self-signed certificate upon being connected to said server.

8. At least one computer-readable storage medium having computer-executable instructions embodied thereon, wherein, when executed by at least one processor, the computer-executable instructions cause the at least one processor to:
- facilitate establishing an initial mutually authenticated transport layer security (TLS) session between a server that includes a server certificate and a client that includes a security agent that is configured to create a client certificate, wherein the initial mutually authenticated TSL session is established based on the client certificate and the server certificate;
  
  extract the client certificate from the security agent when the initial mutually authenticated TLS session is established;
  
  store the client certificate as being associated with only the corresponding one or more client identifiers;
  
  categorize the association between the client certificate and the corresponding one or more client identifiers as being secure but not trusted for the client until the identity of the client has been verified; and
  
  receive an indication that the identity of the client has been verified.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The at least one computer-readable storage medium of claim 8, wherein the computer-executable instructions further cause the at least one processor to provide an output, via a user interface, of the categorization to a user.
  - 10. The at least one computer-readable storage medium of claim 9, wherein the computer-executable instructions cause the at least one processor to receive the indication that the identity of the client has been verified by receiving an input from a user, via the user interface, to change the categorization for the client from not trusted to trusted.
  - 11. The at least one computer-readable storage medium of claim 8, wherein the computer-executable instructions further cause the at least one processor to install the security agent on the client using one or more credentials.
  - 12. The at least one computer-readable storage medium of claim 11, wherein the one or more credentials includes a username and a password.
  - 13. The at least one computer-readable storage medium of claim 8, wherein the one or more client identifiers include a client name or an internet protocol address.
  - 14. The at least one computer-readable storage medium of claim 8, wherein the computer-executable instructions further cause the at least one processor to connect to the security agent such that the client certificate is created therein by creating a key pair and a self-signed certificate.

15. A method of providing secure communication between a server and a client, the method comprising:
- facilitating the establishment of an initial mutually authenticated transport layer security (TLS) session between a server that includes a server certificate and a client that includes a security agent that is configured to create a client certificate, wherein the initial mutually authenticated TSL session is established based on the client certificate and the server certificate;
  
  extracting the client certificate from the security agent when the initial mutually authenticated TLS session is established;
  
  storing the client certificate as being associated with only the corresponding one or more client identifiers;
  
  categorizing the association between the client certificate and the corresponding one or more client identifiers as being secure but not trusted for the client until the identity of the client has been verified; and
  
  receiving an indication that the identity of the client has been verified.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising providing an output, via a user interface, of the categorization of the association to a user.
  - 17. The method of claim 16, wherein receiving an indication further comprises receiving an input from a user, via the user interface, to change the categorization for the client from not trusted to trusted.
  - 18. The method of claim 15, further comprising installing the security agent on the client using one or more credentials.
  - 19. The method of claim 18, wherein installing the security agent on the client further comprises installing the security agent on the client using a username and a password.
  - 20. The method of claim 15, further comprising connecting to the security agent such that the client certificate is created therein by creating a key pair and a self-signed certificate.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
VMware, Inc. (Broadcom, Inc.)
Inventors
PETTY, Darin

Granted Patent

US 9,602,537 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/166 at the transport layer

SYSTEMS AND METHODS FOR PROVIDING SECURE COMMUNICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

55 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR PROVIDING SECURE COMMUNICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

55 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links