Secure sockets layer proxy architecture
First Claim
Patent Images
1. A method for secure communications between a client and one of a plurality of servers performed on an intermediate device coupled to the client and the plurality of servers, comprising:
- receiving encrypted application data from the client via a secure communications session, wherein the encrypted application data was encrypted by the client device by encrypting application data at a session layer above a packet level of a network stack of the client; and
decrypting the encrypted application data and forwarding the decrypted application data to the server without processing the application data with an application layer of the network stack of the intermediate device.
0 Assignments
0 Petitions
Accused Products
Abstract
A method for secure communications between a client and one of a plurality of servers performed on an intermediate device coupled to the client and the plurality of servers.
54 Citations
20 Claims
-
1. A method for secure communications between a client and one of a plurality of servers performed on an intermediate device coupled to the client and the plurality of servers, comprising:
-
receiving encrypted application data from the client via a secure communications session, wherein the encrypted application data was encrypted by the client device by encrypting application data at a session layer above a packet level of a network stack of the client; and decrypting the encrypted application data and forwarding the decrypted application data to the server without processing the application data with an application layer of the network stack of the intermediate device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a communications engine to decrypt encrypted application data from a client at a packet level within a network stack of the apparatus, wherein the encrypted application data was encrypted by the client at a layer above a packet level within a network stack of the client, wherein the communications engine forwards the decrypted application data to a server without processing the application data with an application layer of the network stack of the apparatus. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An intermediate network device to be positioned within a network between a client and a server, the intermediate network device comprising:
-
a communications engine that is configurable to operate in a direct mode or a proxy mode; wherein, when operating in the direct mode, the communications engine (i) intercepts encrypted data packets sent by the client on a communication session between the client and the server, (ii) decrypts the data packets, and (iii) forwards decrypted data packets from the intermediate network device to the server using the communication session between the client and the server, and wherein, when operating in the proxy mode, the communications engine (i) receives encrypted data packets sent by the client on a communication session between the client and the intermediate network device, (ii) decrypts the data packets, and (iii) forwards decrypted data packets from the intermediate network device to the server using the communication session between the intermediate network device and the server.
-
Specification