Method for client delegation of security to a proxy
First Claim
1. A method of enabling a proxy to participate in a secure communication between a client and a server, comprising the steps of:
- establishing via a connectivity service a first secure session between the client and the proxy;
upon verifying via the connectivity service the first secure session, establishing a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to the server;
having the client and the server negotiate a session master secret;
delivering the session master secret to the proxy using the first secure session to enable the proxy to participate in the secure communication; and
having the proxy use the master secret and a session identifier to generate given cryptographic information.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of enabling a proxy to participate in a secure communication between a client and a server. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to the server. Thereafter, the client and the server negotiate a session master secret. Using the first secure session, this session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the server. After receiving the session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding, monitoring, encryption/decryption, caching, or the like) on the client'"'"'s behalf and without the server'"'"'s knowledge or participation. The first secure session is maintained between the client and the proxy during such communications.
118 Citations
24 Claims
-
1. A method of enabling a proxy to participate in a secure communication between a client and a server, comprising the steps of:
-
establishing via a connectivity service a first secure session between the client and the proxy; upon verifying via the connectivity service the first secure session, establishing a second secure session between the client and the proxy, the second secure session requesting the proxy to act as a conduit to the server; having the client and the server negotiate a session master secret; delivering the session master secret to the proxy using the first secure session to enable the proxy to participate in the secure communication; and having the proxy use the master secret and a session identifier to generate given cryptographic information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of enabling a proxy to participate in a secure communication between a client and a server, comprising the steps of:
-
having the client request a first secure connection to the proxy; upon authenticating validity of a certificate received from the proxy, having the client request a second secure connection to proxy, the second secure connection requesting the proxy to act as a conduit to the server; having the proxy generate a session identifier; having the client and the server negotiate a session master secret through the conduit; upon completion of the negotiation, having the client deliver the session master secret to the proxy using the first secure connection; having the proxy use the session master secret and the session identifier to generate given cryptographic information that is useful for participating in the secure communication. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method for establishing the security of a session between a client and a server, comprising the steps of:
-
through a proxy, conducing a security handshake procedure between the client and the server to produce a session key; and transmitting the session key to the proxy so that the proxy can participate in communications between the client and the server during the session. - View Dependent Claims (17, 18)
-
-
19. A cryptographic system, comprising:
-
a client; a server; a proxy; a network protocol service for enabling the client and server to communicate over a secure connection; a computer program product in a computer readable medium (i) for controlling the client to request a first secure connection to the proxy, (ii) responsive to authenticating validity of a certificate from the proxy, for controlling the client to request a second secure connection to proxy, the second secure connection requesting the proxy to act as a conduit to the server, (iii) for controlling the client to negotiate with the server through the conduit to obtain a session master secret; and
(iv) upon successful completion of the negotiation, for controlling the client to deliver the session master secret to the proxy using the first secure connection; anda computer program product in a computer readable medium (i) for controlling the proxy to use the session master secret and a session identifier to generate given cryptographic information, and (ii) for having the proxy modify content in communications between the client and the server. - View Dependent Claims (20, 21, 22, 23)
-
-
24. A computer program product in a computer readable medium for use in a cryptographic system including a client, a server, and a proxy, comprising:
-
a first routine (i) for controlling the client to request a first secure connection to the proxy, (ii) responsive to authenticating validity of a certificate from the proxy, for controlling the client to request a second secure connection to proxy, the second secure connection requesting the proxy to act as a conduit to the server, (iii) for controlling the client to negotiate with the server through the conduit to obtain a session master; and
(iv) upon successful completion of the negotiation, for controlling the client to deliver the session master secret to the proxy using the first secure connection; anda second routine (i) for controlling the proxy to use the session master secret and a session identifier to generate given cryptographic information, and (ii) for having the proxy modify content in communications between the client and the server.
-
Specification