Oblivious proxying using a secure coprocessor
First Claim
1. A method for providing secure communications on a network, the method comprising:
- providing a secure communication for between a client and a server employing an untrusted proxy by means of;
employing said proxy between said client and said server to provide connection links between said client and said server;
embedding a secure coprocessor for use as an agent of said client and/or said server which assures that said proxy cannot tamper with the functioning of said agent and view unencrypted communication between said client and said server, said agent being a software program or hardware logic operating within the confines of said secure coprocessor;
said proxy receiving a specific encrypted communication request from said client;
said coprocessor is located at the site of said proxy and;
(a) acts as a converter between at least one protocol said client supports, and at least one other protocol supported by said server, (b) guarantees that an application embedded in said coprocessor performs to a degree of security proscribed by said client and/or said server;
said proxy forming an n-tuple for a specific communication;
said proxy forwarding said n-tuple to said coprocessor;
said coprocessor generating a response, including a directive to said n-tuple;
said coprocessor sending said response to said proxy andsaid proxy implementing a directive; and
employing the respective security protocols of said at least one protocol and said at least one other protocol;
splicing a plurality of secure communication protocols of different protocol suites into the agent, wherein the step of splicing a plurality of secure communication protocols is a security protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol (IP) device, said WAP being used by a pervasive computing device, and said agent performs at least one content adaptation function.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, apparatus and system is provided for an entity to facilitate secure communication between a client and server even when they do not support the same set of protocols without violating the trust model which requires that only the client and server be privy to the contents of the communication. In an embodiment this is accomplished by embedding at the site of the proxy an application running inside a secure coprocessor which translates between the protocols that the client supports and those that the server understands. The invention is also useful for purposes such as adaptation of content at the site of the proxy without violating the trust model between the client and the proxy. In general, the scheme describes mechanisms to securely delegate to the infrastructure the ability to enforce an arbitrary trust model between a set of clients and servers participating in some computational task.
59 Citations
7 Claims
-
1. A method for providing secure communications on a network, the method comprising:
providing a secure communication for between a client and a server employing an untrusted proxy by means of; employing said proxy between said client and said server to provide connection links between said client and said server; embedding a secure coprocessor for use as an agent of said client and/or said server which assures that said proxy cannot tamper with the functioning of said agent and view unencrypted communication between said client and said server, said agent being a software program or hardware logic operating within the confines of said secure coprocessor; said proxy receiving a specific encrypted communication request from said client; said coprocessor is located at the site of said proxy and;
(a) acts as a converter between at least one protocol said client supports, and at least one other protocol supported by said server, (b) guarantees that an application embedded in said coprocessor performs to a degree of security proscribed by said client and/or said server;said proxy forming an n-tuple for a specific communication; said proxy forwarding said n-tuple to said coprocessor; said coprocessor generating a response, including a directive to said n-tuple; said coprocessor sending said response to said proxy and said proxy implementing a directive; and employing the respective security protocols of said at least one protocol and said at least one other protocol; splicing a plurality of secure communication protocols of different protocol suites into the agent, wherein the step of splicing a plurality of secure communication protocols is a security protocol of a Wireless Application Protocol Suite (WAP) to that of an Internet Protocol (IP) device, said WAP being used by a pervasive computing device, and said agent performs at least one content adaptation function. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for providing secure communication on a network, the computer readable program code means in said computer program product comprising computer readable program code means for causing a computer to effect:
-
securely embedding an agent at the site of a proxy in the network, and splicing a security protocol of a Wireless Applications Protocol suite (WAP) to that of the Internet Protocol (IP) suite.
-
Specification