ESTABLISHING A SECURE CONNECTION ACROSS SECURED ENVIRONMENTS
First Claim
1. A method for establishing a verifiable secure communication connection between a server and a client using a trusted secure gateway, wherein the server and the trusted secure gateway reside within a first network realm, wherein the server'"'"'s public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm different to the first network realm, the method comprising:
- verifying, by the trusted secure gateway, a certificate of the server signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client, wherein the trusted secure gateway is trusted by the server;
verifying, by the trusted secure gateway, a certificate of the client signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client;
verifying, by the client, a certificate of the trusted secure gateway signed by a public key certificate authority certifiable from the client'"'"'s network before establishing the communication between the server and the client; and
establishing, via the trusted secure gateway, the communication connection between the client and the server if authorized by an access control list residing on the trusted of the trusted secure gateway, the access control list being indicative of allowed communication connections out of systems of the first network realm and into systems of the first network realm.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed aspects relate to establishing a secure communication connection between a server and a client. The server and a gateway reside within a first network realm. The server'"'"'s public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm. Aspects relate to verifying a server'"'"'s certificate signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client. Aspects relate to verifying a client'"'"'s certificate signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client. Aspects relate to verifying, a trusted secure gateway'"'"'s certificate signed by a public key certificate authority certifiable from the client'"'"'s network before establishing the communication between the server and the client.
22 Citations
20 Claims
-
1. A method for establishing a verifiable secure communication connection between a server and a client using a trusted secure gateway, wherein the server and the trusted secure gateway reside within a first network realm, wherein the server'"'"'s public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm different to the first network realm, the method comprising:
-
verifying, by the trusted secure gateway, a certificate of the server signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client, wherein the trusted secure gateway is trusted by the server; verifying, by the trusted secure gateway, a certificate of the client signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client; verifying, by the client, a certificate of the trusted secure gateway signed by a public key certificate authority certifiable from the client'"'"'s network before establishing the communication between the server and the client; and establishing, via the trusted secure gateway, the communication connection between the client and the server if authorized by an access control list residing on the trusted of the trusted secure gateway, the access control list being indicative of allowed communication connections out of systems of the first network realm and into systems of the first network realm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for establishing a verifiable secure communication connection between a server and a client using a trusted secure gateway, wherein the server and the trusted secure gateway reside within a first network realm, wherein the server'"'"'s public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm different to the first network realm, the system comprising:
-
a memory having a set of computer readable computer instructions, and a processor for executing the set of computer readable instructions, the set of computer readable instructions including; verifying, by the trusted secure gateway, a certificate of the server signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client, wherein the trusted secure gateway is trusted by the server; verifying, by the trusted secure gateway, a certificate of the client signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client; verifying, by the client, a certificate of the trusted secure gateway signed by a public key certificate authority certifiable from the client'"'"'s network before establishing the communication between the server and the client; and establishing, via the trusted secure gateway, the communication connection between the client and the server if authorized by an access control list residing on the trusted of the trusted secure gateway, the access control list being indicative of allowed communication connections out of systems of the first network realm and into systems of the first network realm.
-
-
20. A computer program product for establishing a verifiable secure communication connection between a server and a client using a trusted secure gateway, wherein the server and the trusted secure gateway reside within a first network realm, wherein the server'"'"'s public key certificates are signed by a certifying authority not certifiable from a the client residing within a second network realm different to the first network realm, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a processor to cause the processor to perform a method comprising:
-
verifying, by the trusted secure gateway, a certificate of the server signed by a certificate authority of the first network realm before establishing the communication connection between the server and the client, wherein the trusted secure gateway is trusted by the server; verifying, by the trusted secure gateway, a certificate of the client signed by a certificate authority of the second network realm before establishing the communication connection between the server and the client; verifying, by the client, a certificate of the trusted secure gateway signed by a public key certificate authority certifiable from the client'"'"'s network before establishing the communication between the server and the client; and establishing, via the trusted secure gateway, the communication connection between the client and the server if authorized by an access control list residing on the trusted of the trusted secure gateway, the access control list being indicative of allowed communication connections out of systems of the first network realm and into systems of the first network realm.
-
Specification