Three component secure tunnel

US 7,565,526 B1
Filed: 02/03/2005
Issued: 07/21/2009
Est. Priority Date: 02/03/2005
Status: Active Grant

First Claim

Patent Images

1. A secure tunnel communications method in a computer system, comprising:

establishing a first connection from an inner agent to an outer agent including establishing a first TCP connection from the inner agent to the outer agent, creating a first SSL/TLS session between the inner agent and the outer agent over the first TCP connection, andapplying the first SSL/TLS session between the inner agent and the outer agent over the first TCP connection;

establishing a second connection from a client to the outer agent including;

establishing a second TCP connection from the client to the outer agent,creating a second SSL/TLS session between the client and the outer agent over the second TCP connection andapplying the second SSL/TLS session between the client and the outer agent over the second TCP Connection;

creating a third SSL/TLS session between the client and the inner agent andapplying the third SSL/TLS session between the client and the inner agent layered over both the first SSL/TLS session and the second SSL/TLS session wherein the outer agent is restricted from accessing the third SSL/TLS session.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described for a secure tunnel. A method includes establishing a first connection (C_IO) from an inner agent to an outer agent including making a first TCP connection from the inner agent to the outer agent, negotiating a first SSL/TLS session (SSLSession_IO) between the inner agent and the outer agent over the first TCP connection and applying the first SSL/TLS session (SSLSession_IO) between the inner agent and the outer agent over the first TCP connection; establishing a second connection (C_CO) from a client to the outer agent including making a second TCP connection from the client to the outer agent, negotiating a second SSL/TLS session (SSLSession_CO) between the client and the outer agent over the second TCP connection and applying the second SSL/TLS session (SSLSession_CO) between the client and the outer agent over the second TCP connection; and then negotiating a third SSL/TLS session (SSLSession_CI) between the client and the inner agent via both the first SSL/TLS session (SSLSession_IO) and the second SSL/TLS session (SSLSession_CO) and applying the third SSL/TLS session (SSLSession_CI) between the client and the inner agent layered over both the first SSL/TLS session (SSLSession_IO) and the second SSL/TLS session (SSLSession_CO).

64 Citations

View as Search Results

20 Claims

1. A secure tunnel communications method in a computer system, comprising:
- establishing a first connection from an inner agent to an outer agent including establishing a first TCP connection from the inner agent to the outer agent, creating a first SSL/TLS session between the inner agent and the outer agent over the first TCP connection, andapplying the first SSL/TLS session between the inner agent and the outer agent over the first TCP connection;
  
  establishing a second connection from a client to the outer agent including;
  
  establishing a second TCP connection from the client to the outer agent,creating a second SSL/TLS session between the client and the outer agent over the second TCP connection andapplying the second SSL/TLS session between the client and the outer agent over the second TCP Connection;
  
  creating a third SSL/TLS session between the client and the inner agent andapplying the third SSL/TLS session between the client and the inner agent layered over both the first SSL/TLS session and the second SSL/TLS session wherein the outer agent is restricted from accessing the third SSL/TLS session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The secure tunnel communications method of claim 1, further comprising caching the first SSL/TLS session as a set of state information on both the inner agent and the outer agent.
  - 3. The secure tunnel communications method of claim 1, further comprising:
    - sending a request from the outer agent to the inner agent via the first connection to establish a third connection from the inner agent to the outer agent;
      
      establishing the third connection from the inner agent to the outer agent; and
      
      resuming the first SSL/TLS session using a set of state information on the third connection.
  - 4. The secure tunnel communications method of claim 1, further comprising:
    - after applying the third SSL/TLS session ceasing to apply the first SSL/TLS session between the inner agent and the outer agent; and
      
      ceasing to apply the second SSL/TLS session between the client and the outer agent.
  - 5. The secure tunnel communications method of claim 1, wherein creating the second SSL/TLS session includes:
    - verifying, at the outer agents that the client possesses a certificate associated with the inner agent; and
      
      wherein creating the third SSL/TLS session includes;
      
      authenticating the third SSL/TLS session by the inner agent.
  - 6. The secure tunnel communications method of claim 5, wherein the certificate associated with the inner agent has been created by the inner agent and the inner agent is the certificate authority for the certificate associated with the inner agent.
  - 7. The secure tunnel communications method of claim 5, wherein authenticating the third SSL/TLS session by the inner agent, comprises utilizing a list of authorized users that is i) available to the inner agent and ii) is not a) stored by the outer agent or b) available to the outer agent.
  - 8. The secure tunnel communications method of claim 1, wherein the client closes the second connection when the outer agent does not present an outer agent certificate as part of negotiating creating the second SSL/TLS session.
  - 9. The secure tunnel communications method of claim 1, wherein the second connection from the client to the outer agent is through TCP port 443.
  - 10. The secure tunnel communications method of claim 1, wherein the inner agent closes the first connection when the outer agent does not present an outer agent certificate as part of creating the first SSL/TLS session.
  - 11. The secure tunnel communications method of claim 1, wherein the first connection from the inner agent to the outer agent is through TCP port 443.
  - 12. The secure tunnel communications method of claim 1, wherein the client closes the second connection if the inner agent does not present an inner agent certificate (IAC) as part of negotiating the third SSL/TLS session.

13. A computer readable medium, comprising computer readable code, wherein the computer readable code is configured to be executed to implement a secure tunnel communications method;
- the method comprising;
  
  establishing a first connection from an inner agent to an outer agent including;
  
  establishing a first TCP connection from the inner agent to the outer agent,creating a first SSL/TLS session between the inner agent and the outer agent over the first TCP connection, andapplying the first SSL/TLS session between the inner agent and the outer agent over the first TCP connection;
  
  establishing a second connection from a client to the outer agent including;
  
  establishing a second TCP connection from the client to the outer agent,creating a second SSL/TLS session between the client and the outer agent over the second TCP connection, andapplying the second SSL/TLS session between the client and the outer agent over the second TCP connection;
  
  creating a third SSL/TLS session between the client and the inner agent; and
  
  applying the third SSL/TLS session between the client and the inner agent layered over both the first SSL/TLS session and the second SSL/TLS session wherein the outer agent is restricted from accessing the third SSL/TLS session.
- View Dependent Claims (15, 16, 17)
- - 15. The computer readable medium of claim 13, the method further comprising:
    - caching the first SSL/TLS session as a set of state information on the inner agent and the outer agent.
  - 16. The computer readable medium of claim 13, the method further comprising:
    - sending a request from the outer agent to the inner agent via the first connection to establish a third connection from the inner agent to the outer agent;
      
      establishing the third connection from the inner agent to the outer agent; and
      
      resuming the first SSL/TLS session using a set of state information on the third connection.
  - 17. The computer readable medium of claim 13, the method further comprising:
    - after applying the third SSL/TLS session, ceasing to apply the first SSL/TLS session between the inner agent and the outer agent; and
      
      ceasing to apply the second SSL/TLS session between the client and the outer agent.

14. A secure tunnel communications system, comprising:
- an inner agent;
  
  an outer agent coupled to the inner agent; and
  
  a client coupled to the outer agent, wherein the secured tunnel communications system is established by;
  
  establishing a first connection from an inner agent to an outer agent including;
  
  establishing a first TCP connection from the inner agent to the outer agent,creating a first SSL/TLS session between the inner agent and the outer agent over the first TCP connection, andapplying the first SSL/TLS session between the inner agent and the outer agent over the first TCP connection;
  
  establishing a second connection (C_CO) from a client to the outer agent including;
  
  establishing a second TCP connection from the client to the outer agent,creating a second SSL/TLS session between the client and the outer agent over the second TCP connection, andapplying the second SSL/TLS session between the client and the outer agent over the second TCP Connection;
  
  creating a third SSL/TLS session between the client and the inner agent; and
  
  applying the third SSL/TLS session between the client and the inner agent layered over both the first SSL/TLS session and the second SSL/TLS session wherein the outer agent is restricted from accessing the third SSL/TLS session.
- View Dependent Claims (18, 19, 20)
- - 18. The secure tunnel communication system of claim 14, wherein the secured tunnel communications system is established by caching the first SSL/TLS session as a set of state information on both the inner agent and the outer agent.
  - 19. The secure tunnel communication system of claim 14, wherein the secured tunnel communications system is established by:
    - sending a request from the outer agent to the inner agent via the first connection to establish a third connection from the inner agent to the outer agent;
      
      establishing the third connection from the inner agent to the outer agent; and
      
      resuming the first SSL/TLS session using a set of state information on the third connection.
  - 20. The secure tunnel communication system of claim 14, wherein the secured tunnel communications system is established by:
    - after applying the third SSL/TLS session, ceasing to apply the first SSL/TLS session between the inner agent and the outer agent; and
      
      ceasing to apply the second SSL/TLS session between the client and the outer agent.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Shaw, Andrew, Burgess, Karl Richard, McEwen, Michael Thomas
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
RAHIM, MONJUR

Application Number

US11/050,097
Time in Patent Office

1,629 Days
Field of Search

370/351, 713/171, 713/178, 713/201, 713/150, 713/189, 726/3, 726/12, 726/15
US Class Current

713/150
CPC Class Codes

H04L 63/029   Firewall traversal, e.g. tu...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

Three component secure tunnel

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Three component secure tunnel

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links