System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
First Claim
1. A method for establishing a secure communication channel between a client and an application server comprising the steps of:
- (a) receiving, at a web server, a request from a client to have an application program executed on an application server and to have output from said application program executing on said application server transmitted to said client;
(b) generating, by a ticket service, a ticket having an identifier and a session key;
(c) obtaining, by said web server, said ticket from said ticket service;
(d) transmitting, by said web server, said ticket to said client over a secure communication channel;
(e) transmitting, by said client, said identifier from said ticket to said application server;
(f) obtaining, by said application server, a copy of said session key from said ticket service using said identifier;
(g) establishing an application communication channel between said client and said application server;
(h) executing, by said application server, said application program identified in said request;
(i) transmitting, by said application server, output of said application program over said application communication channel via a remote display protocol; and
(j) encrypting said output communicated to said client over said application communication channel using said session key.
7 Assignments
0 Petitions
Accused Products
Abstract
The present invention features a system and method for establishing a secure communication channel between a client and an application server. In one embodiment, a ticket service generates a ticket having an identifier and a session key. A communications device obtains the ticket from the ticket service and transmits the ticket to a client over a secure communication channel. The client transmits the identifier of the ticket to an application server over an application communication channel. The application server then obtains a copy of the session key of the ticket from the ticket service. Communications exchanged between the client and the application server over the application communication channel are then encrypted using the session key to establish the application communication channel as a secure communication channel.
288 Citations
89 Claims
-
1. A method for establishing a secure communication channel between a client and an application server comprising the steps of:
-
(a) receiving, at a web server, a request from a client to have an application program executed on an application server and to have output from said application program executing on said application server transmitted to said client; (b) generating, by a ticket service, a ticket having an identifier and a session key; (c) obtaining, by said web server, said ticket from said ticket service; (d) transmitting, by said web server, said ticket to said client over a secure communication channel; (e) transmitting, by said client, said identifier from said ticket to said application server; (f) obtaining, by said application server, a copy of said session key from said ticket service using said identifier; (g) establishing an application communication channel between said client and said application server; (h) executing, by said application server, said application program identified in said request; (i) transmitting, by said application server, output of said application program over said application communication channel via a remote display protocol; and (j) encrypting said output communicated to said client over said application communication channel using said session key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for establishing a secure communication channel between a client and an application server comprising the steps of:
-
(a) transmitting to a web server a request to have an application server execute an application program and transmit output from said application program executing on said application server; (b) establishing a secure web communication channel between a web browser executing on said client and said web server; (c) receiving a ticket having an identifier and a session key from said web server over said secure web communication channel; (d) establishing an application communication channel with said application server over said application communication channel; (e) transmitting said identifier from said ticket to said application server over an application communication channel to provide said application server with information for obtaining a copy of said session key; (f) receiving output of said application program, identified in said request, from said application server over said application communication channel via a remote display protocol; and (g) decrypting said output using said session key. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. A method for establishing a secure communication channel between a client and an application server comprising the steps of:
-
(a) receiving a request from a web server to execute an application program on behalf of a client and transmit to said client output from said application program executing on said application server; (b) receiving an identifier from said client; (c) obtaining from said web server a copy of a session key associated with said identifier; (d) establishing an application communication channel with said client; (e) executing said application program identified in said request; (f) transmitting output of said executing application program over said application communication channel via a remote display protocol; and (g) encrypting said output using said session key. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
-
-
43. A communications system for establishing a secure communication channel between a client and an application server comprising:
-
a ticket service generating a ticket associated with a client, said ticket having an identifier and a session key; a web server in communication with said ticket service; said web server receiving a request from said client to have an application program executed on an application server, obtaining said ticket from said ticket service, and transmitting said ticket to said client over a secure communication channel; said client transmitting said identifier from said ticket to said application server; said application server obtaining a copy of said session key from said ticket service using said identifier; said client and said application server establishing an application communication channel, said application server executing said application program identified in said request and transmitting output from said executing application program over said application communication channel via a remote display protocol; and said client and said application server encrypting communications using said session key. - View Dependent Claims (44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56)
-
-
57. A communications system for establishing a secure communication channel between a client and an application server comprising:
-
a web browser on a client establishing a secure web communication channel with a web server, said web browser;
transmitting to said web server a request to have an application server execute an application program and transmit to said client output of said application program executing on said application server;
receiving a ticket associated with said client from said web server, said ticket having an identifier and a session key; and
transmitting said identifier from said ticket to said application server; andan application client on said client establishing an application communication channel with said application server, said application client receiving output of said application program, identified in said request, executing on said application server, over said application communication channel via a remote display protocol and decrypting said output using said session key. - View Dependent Claims (58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
-
-
69. A communications system for establishing a secure communication channel between a client and an application server comprising:
-
a ticket service generating a ticket associated with a client, said ticket having an identifier and a session key; a web server in communication with said ticket service, said web server receiving a request from said client to have an application program executed on said client'"'"'s behalf and to have output of said application program transmitted to said client, said web server transmitting said ticket to said client over a secure web communication channel; an application server receiving said identifier from said ticket from said client, obtaining a copy of said session key from said web server, establishing an application communication channel with said client, executing said application program, transmitting output from said application program identified in said request to said client over said application communication channel via a remote display protocol, and encrypting said output using said session key. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89)
-
Specification