Dynamic connection to multiple origin servers in a transcoding proxy
First Claim
1. A method of enabling a proxy to participate in a secure communication between a client and a first origin server, comprising the step of:
- (a) establishing a first secure session between the client and the proxy;
(b) upon verifying the first secure session, establishing a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to the first origin server;
(c) having the client and the first origin server negotiate a session master secret;
(d) having the client deliver the session master secret to the proxy using the first secure session to enable the proxy to participate in the secure communication;
(e) responsive to a client request to the first origin server, repeating steps (a)-(b) to enable the proxy to act as a conduit to a second origin server;
(f) having the client and the second origin server negotiate a new session master secret; and
(g) having the client deliver the new session master secret to the proxy using the first secure session generated in step (e).
1 Assignment
0 Petitions
Accused Products
Abstract
A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client'"'"'s behalf and without the first server'"'"'s knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.
237 Citations
28 Claims
-
1. A method of enabling a proxy to participate in a secure communication between a client and a first origin server, comprising the step of:
-
(a) establishing a first secure session between the client and the proxy;
(b) upon verifying the first secure session, establishing a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to the first origin server;
(c) having the client and the first origin server negotiate a session master secret;
(d) having the client deliver the session master secret to the proxy using the first secure session to enable the proxy to participate in the secure communication;
(e) responsive to a client request to the first origin server, repeating steps (a)-(b) to enable the proxy to act as a conduit to a second origin server;
(f) having the client and the second origin server negotiate a new session master secret; and
(g) having the client deliver the new session master secret to the proxy using the first secure session generated in step (e). - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method of enabling a proxy to participate in a secure communication between a client and a server, comprising the step of:
-
(a) for each of a set of 1 to ā
nā
servers;
(1) having the client request a first secure connection to the proxy;
(2) upon authenticating validity of a certificate received from the proxy, having the client request a second secure connection to the proxy, the second secure connection requesting the proxy to act as a conduit to the server;
(3) having the client and the server negotiate a respective session master secret through the conduit;
(4) upon completion of the negotiation, having the client deliver the respective session master secrets to the proxy using the first secure connection; and
(b) having the proxy use the respective session master secrets to generate given cryptographic information that is useful for participating in the secure communication. - View Dependent Claims (11, 12)
-
-
13. A method of enabling a proxy to participate in a secure communication, comprising the step of:
-
(a) transmitting a request from a client to the proxy to establish a first secure session;
(b) transmitting a request from the client to the proxy to establish a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to an origin server;
(c) transmitting a session master secret from the client to the proxy using the first secure session to enable the proxy to participate in the secure communication;
(d) responsive to receipt at the client of a request from the proxy, repeating steps (a)-(b) to enable the proxy to act as a conduit to another origin server; and
(e) transmitting a new session master secret from the client to the proxy. - View Dependent Claims (14)
-
-
15. A method of enabling a proxy to participate in a secure communication, comprising the step of:
-
(a) receiving at the proxy a request from a client to establish a first secure session between the client and the proxy;
(b) receiving at the proxy a request from the client to establish a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to an origin server;
(c) receiving at the proxy a session master secret transmitted from the client using the first secure session;
(d) upon transmitting a given request from the proxy to the client, repeating steps (a)-(c) to enable the proxy to act as a conduit to another origin server; and
(e) receiving at the proxy a new session master secret transmitted from the client. - View Dependent Claims (16)
-
-
17. A method for enabling a proxy to participate in a session between a client and a first origin server, comprising the steps of:
-
through the proxy, conducting a security handshake procedure between the client and the first origin server to produce a first session key;
having the client transmit the first session key to the proxy so that the proxy can participate in communications between the client and the first origin server during the session; and
as the session proceeds, conducting a security handshake procedure between the client and a second origin server to produce a second session key; and
having the client transmit the second session key to the proxy so that the proxy can obtain data from the second origin server for use in servicing a request by the client to the first origin server. - View Dependent Claims (18, 19)
-
-
20. A cryptographic system, comprising:
-
a client;
a set of servers;
a proxy;
a network protocol service for enabling the client and each server to communicate over a secure connection;
a computer program (i) for controlling the client to request a first secure connection to the proxy, (ii) responsive to authenticating validity of a certificate from the proxy, for controlling the client to request a second secure connection to the proxy, the second secure connection requesting the proxy to act as a conduit to a given server, (iii) for controlling the client to negotiate with the given server through the conduit to obtain a session master secret; and
(iv) upon successful completion of the negotiation, for controlling the client to deliver the session master secret to the proxy using the first secure connection; and
a computer program (i) for controlling the proxy to use the session master secret to generate given cryptographic information, (ii) for controlling the proxy to request that the client selectively establish a separate secure connection with another server, and (iii) for switching the proxy into an active operating state during which it can participate in communications between the client and the given server. - View Dependent Claims (21, 22, 23, 24)
-
-
25. A computer program product in a computer readable medium for use in a cryptographic system including a client, a set of servers, and a proxy, comprising:
-
a first routine (i) for controlling the client to request a first secure connection to the proxy, (ii) responsive to authenticating validity of a certificate from the proxy, for controlling the client to request a second secure connection to proxy, the second secure connection requesting the proxy to act as a conduit to a given server, (iii) for controlling the client to negotiate with the given server through the conduit to obtain a session master; and
(iv) upon successful completion of the negotiation, for controlling the client to deliver the session master secret to the proxy using the first secure connection; and
a second routine (i) for controlling the proxy to use the session master secret to generate given cryptographic information, (ii) for controlling the proxy to request that the client selectively establish a separate secure connection with another server, and (iii) for switching the proxy into an active operating state during which it can participate in communications between the client and the given server.
-
-
26. A computer program product having computer readable program code on a usable medium for use in a client for enabling a proxy to participate in a secure communication, comprising:
-
means for transmitting a request from the client to the proxy to establish a first secure session;
means for transmitting a request from the client to the proxy to establish a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to an origin server;
means for transmitting a session master secret from the client to the proxy using the first secure session to enable the proxy to participate in the secure communication;
means responsive to receipt at the client of a given request from the proxy during the secure communication for controlling the client to obtain a new session master secret; and
means for transmitting the new session master secret from the client to the proxy.
-
-
27. A computer program product having computer readable program code on a usable medium for use in a proxy for enabling the proxy to participate in a secure communication, comprising:
-
means for receiving at the proxy a request from a client to establish a first secure session between the client and the proxy;
means for receiving at the proxy a request from the client to establish a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to an origin server;
means for receiving at the proxy a session master secret transmitted from the client using the first secure session;
means responsive to a given occurrence during the secure communication for transmitting from the proxy to the client a given request; and
means for receiving at the proxy a new session master secret transmitted from the client. - View Dependent Claims (28)
-
Specification