SUPPORTING SECURE SESSIONS IN A CLOUD-BASED PROXY SERVICE
First Claim
1. A method in a proxy server, comprising:
- receiving a first secure session request from a first client device for a secure session, wherein the first secure session request is received at the proxy server as a result of a DNS (Domain Name System) request for a first domain resolving to the proxy server;
participating in a secure session negotiation with the first client device including transmitting a digital certificate to the first client device, wherein the digital certificate is bound to the first domain and a set of one or more other domains;
receiving a first encrypted request from the first client device for an action to be performed on a resource that is hosted at a first origin server corresponding to the first domain;
decrypting the first encrypted request;
participating in a secure session negotiation with the first origin server including receiving a digital certificate from the first origin server;
encrypting the decrypted request using the received digital certificate from the first origin server; and
transmitting the encrypted request to the first origin server.
1 Assignment
0 Petitions
Accused Products
Abstract
A proxy server in a cloud-based proxy service receives a secure session request from a client device as a result of a Domain Name System (DNS) request for a domain resolving to the proxy server. The proxy server participates in a secure session negotiation with the client device including transmitting a digital certificate to the client device that is bound to domain and multiple other domains. The proxy server receives an encrypted request from the client device for an action to be performed on a resource that is hosted at an origin server corresponding to the domain. The proxy server decrypts the request and participates in a secure session negotiation with the origin server including receiving a digital certificate from the origin server. The proxy server encrypts the decrypted request using the digital certificate from the origin server and transmits the encrypted request to the origin server.
28 Citations
21 Claims
-
1. A method in a proxy server, comprising:
-
receiving a first secure session request from a first client device for a secure session, wherein the first secure session request is received at the proxy server as a result of a DNS (Domain Name System) request for a first domain resolving to the proxy server; participating in a secure session negotiation with the first client device including transmitting a digital certificate to the first client device, wherein the digital certificate is bound to the first domain and a set of one or more other domains; receiving a first encrypted request from the first client device for an action to be performed on a resource that is hosted at a first origin server corresponding to the first domain; decrypting the first encrypted request; participating in a secure session negotiation with the first origin server including receiving a digital certificate from the first origin server; encrypting the decrypted request using the received digital certificate from the first origin server; and transmitting the encrypted request to the first origin server. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium that provides instructions that, when executed by a processor, causes said processor to perform operations comprising:
-
receiving a first secure session request from a first client device for a secure session, wherein the first secure session request is received at the proxy server as a result of a DNS (Domain Name System) request for a first domain resolving to the proxy server; participating in a secure session negotiation with the first client device including transmitting a digital certificate to the first client device, wherein the digital certificate is bound to the first domain and a set of one or more other domains; receiving a first encrypted request from the first client device for an action to be performed on a resource that is hosted at a first origin server corresponding to the first domain; decrypting the first encrypted request; participating in a secure session negotiation with the first origin server including receiving a digital certificate from the first origin server; encrypting the decrypted request using the received digital certificate from the first origin server; and transmitting the encrypted request to the first origin server. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a set of one or more processors; a set of one or more non-transitory computer-readable storage mediums storing instructions, that when executed by the set of processors, cause the set of processors to perform the following operations; receiving a first secure session request from a first client device for a secure session, wherein the first secure session request is received at the proxy server as a result of a DNS (Domain Name System) request for a first domain resolving to the proxy server; participating in a secure session negotiation with the first client device including transmitting a digital certificate to the first client device, wherein the digital certificate is bound to the first domain and a set of one or more other domains; receiving a first encrypted request from the first client device for an action to be performed on a resource that is hosted at a first origin server corresponding to the first domain; decrypting the first encrypted request; participating in a secure session negotiation with the first origin server including receiving a digital certificate from the first origin server; encrypting the decrypted request using the received digital certificate from the first origin server; and transmitting the encrypted request to the first origin server. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification