Negotiating secure connections through a proxy server
First Claim
1. In computer network interconnecting a client system, a proxy system, and a server system, wherein data exchanged over the computer network is subject to being compromised, a method of negotiating, through the proxy system, a secure end-to-end connection between the client system and the server system, wherein the client system securely authenticates to the proxy system, the method comprising the acts of:
- receiving a request from the client system for a secure connection between the client system and the proxy system;
establishing a secure connection between the client and proxy systems, in which at least the client is authenticated to the proxy system;
receiving a request from the client system for a secure end-to-end connection with the server system;
upon authenticating the client, downgrading the secure connection between the client and the proxy systems to an insecure client-proxy connection;
forwarding the client system request for a secure end-to-end connection to the server system only after authenticating the client and upon downgrading the secure connection between the client and the proxy systems to an insecure client-proxy connection, such that the secure connection between the client and the proxy systems is downgraded to an insecure client-proxy connection prior to establishing the secure end-to-end connection between the client and server systems, and such that the secure end-to-end connection is encapsulated within the insecure client-proxy connection, and such that the proxy server does not encrypt or decrypt any data sent between the client and the server within the insecure client-proxy connection.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.
155 Citations
60 Claims
-
1. In computer network interconnecting a client system, a proxy system, and a server system, wherein data exchanged over the computer network is subject to being compromised, a method of negotiating, through the proxy system, a secure end-to-end connection between the client system and the server system, wherein the client system securely authenticates to the proxy system, the method comprising the acts of:
-
receiving a request from the client system for a secure connection between the client system and the proxy system; establishing a secure connection between the client and proxy systems, in which at least the client is authenticated to the proxy system;
receiving a request from the client system for a secure end-to-end connection with the server system;upon authenticating the client, downgrading the secure connection between the client and the proxy systems to an insecure client-proxy connection; forwarding the client system request for a secure end-to-end connection to the server system only after authenticating the client and upon downgrading the secure connection between the client and the proxy systems to an insecure client-proxy connection, such that the secure connection between the client and the proxy systems is downgraded to an insecure client-proxy connection prior to establishing the secure end-to-end connection between the client and server systems, and such that the secure end-to-end connection is encapsulated within the insecure client-proxy connection, and such that the proxy server does not encrypt or decrypt any data sent between the client and the server within the insecure client-proxy connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47)
-
-
14. In computer network interconnecting a client system, a proxy system, and a server system, wherein data exchanged over the computer network is subject to being compromised, a method of negotiating, through the proxy system, a secure end-to-end connection between the client system and the server system, wherein the client system securely authenticates to the proxy system, the method comprising the acts of:
-
sending a request to the proxy system for a secure connection between the client system and the proxy system; establishing a secure client-proxy connection between the client and proxy systems, in which at least the client is authenticated to the proxy system; sending a request to the proxy system for a secure end-to-end connection with the server system, wherein the proxy system forwards the request to the server system for the secure end-to-end connection only after first authenticating the client and only after first downgrading the secure client-proxy connection to an insecure client-proxy connection, such that the secure connection between the client and the proxy systems is downgraded to an insecure client-proxy connection prior to establishing the secure end-to-end connection between the client and server systems, and such that the secure end-to-end connection is encapsulated within the insecure client-proxy connection, and such that the proxy server does not encrypt or decrypt any data sent between the client and the server. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
-
-
27. In computer network interconnecting a client system, a proxy system, and a server system, wherein data exchanged over the computer network is subject to being compromised, a method of negotiating, through the proxy system, a secure end-to-end connection between the client system and the server system, wherein the client system securely authenticates to the proxy system, the method comprising steps for:
-
negotiating a secure client-proxy connection between the client and proxy systems, in which least client is authenticated to the proxy system; downgrading the secure client-proxy connection to an insecure client-proxy connection alter authenticating the client; only after authenticating the client and after downgrading the secure client-proxy connection, negotiating a secure end-to-end connection between the client and the server system using the secure client-proxy connection, such that the secure connection between the client and the proxy systems is downgraded to an insecure client-proxy connection prior to establishing the secure end-to-end connection between the client and server systems, and such that the secure end-to-end connection is encapsulated within the insecure client-proxy connection, and such that the proxy server does not encrypt or decrypt any data sent between the client and the server. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
Specification