Techniques for managing secure communications
First Claim
1. A method to manage secure communications executes in a proxy server, the method, comprising:
- establishing, by the proxy server, a secure session on a secure site with an external client that communicates from an insecure site;
detecting, by the proxy server, access attempts during the secure session directed to insecure transactions, the insecure transactions identified as links to a site that is external (external site) to, not controlled by, and not recognized by the secure site, and the access attempts are directed to the insecure transactions having references to resources of the external site; and
transparently managing, by the proxy server, the access attempts by pre-acquiring content from the external site by accessing the links on behalf of the external client to pre-acquire the content and by scanning and inspecting the content within the secure site before determining whether the content should be made available to the external client during the secure session, and at least one access attempt associated with at least one piece of the content that is scanned identifies a true insecure reference by determining that the true insecure reference is a particular reference that has been determined by the method to have had the piece of the content or metadata of the true insecure reference tampered with, and the true insecure reference is entirely removed from the content before the content is supplied to the external client and an event is reported as a custom warning inserted into the content supplied to the external client, the event identifies for the external client within the content that the true insecure reference was removed before being provided to the external client, and a number of other access attempts are associated with different content for other references that are secure but appear insecure, these other references are provided as secure references to the external client to suppress warning messages from being generated within the external client with these other access attempts made during the secure session.
16 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for managing secure communications are provided. An external client establishes secure communications with a secure site. During the secure session, the external client attempts to access potentially insecure references. These potentially insecure references are inspected before being made available to the external client. In some instances, the potentially insecure references are translated into secure references, which suppress normally occurring security warning messages that are issued to the external client. In other instances, the potentially insecure references are processed by a proxy on behalf of the external client and appear to the external client to occur within the secure session.
-
Citations
9 Claims
-
1. A method to manage secure communications executes in a proxy server, the method, comprising:
-
establishing, by the proxy server, a secure session on a secure site with an external client that communicates from an insecure site; detecting, by the proxy server, access attempts during the secure session directed to insecure transactions, the insecure transactions identified as links to a site that is external (external site) to, not controlled by, and not recognized by the secure site, and the access attempts are directed to the insecure transactions having references to resources of the external site; and transparently managing, by the proxy server, the access attempts by pre-acquiring content from the external site by accessing the links on behalf of the external client to pre-acquire the content and by scanning and inspecting the content within the secure site before determining whether the content should be made available to the external client during the secure session, and at least one access attempt associated with at least one piece of the content that is scanned identifies a true insecure reference by determining that the true insecure reference is a particular reference that has been determined by the method to have had the piece of the content or metadata of the true insecure reference tampered with, and the true insecure reference is entirely removed from the content before the content is supplied to the external client and an event is reported as a custom warning inserted into the content supplied to the external client, the event identifies for the external client within the content that the true insecure reference was removed before being provided to the external client, and a number of other access attempts are associated with different content for other references that are secure but appear insecure, these other references are provided as secure references to the external client to suppress warning messages from being generated within the external client with these other access attempts made during the secure session. - View Dependent Claims (2, 3)
-
-
4. A method to manage secure communications executes in a proxy server, the method, comprising:
-
detecting, by the proxy server, insecure transactions occurring during a secure session, the insecure transactions result from actions requested by an external client participating in the secure session; inspecting, by the proxy server, the insecure transactions in advance of satisfying the actions requested by pre-acquiring content associated with the insecure transactions before making available to the external client, and the insecure transactions are associated with links to an external site located outside a secure site associated with the secure session, and content are pre-acquired from the external site via the links and inspected and scanned on behalf of the external client within the proxy server, and a number of references associated with some of the insecure references are determined to be secure, these references are translated to appear secure to the external client and when accessed by the external client suppress warning messages from occurring within the external client; and making, by the proxy server, a determination based on the inspection for taking processing actions including one or more of the following;
permitting some of the insecure transactions to proceed unmodified by performing the actions requested for the external client;permitting, by the proxy server, some of the insecure transactions to proceed in a modified fashion; and
denying some of the insecure transactions by denying the actions requested, and some of the insecure transactions that are denied are identified as references that have a World-Wide Web (WWW) cookie associated with their headers, and these references are entirely removed from the content before the content is supplied to the external client and the references entirely removed are reported as custom warning messages to the external client as an event within the content, the event identifies for the external client within the content that the true insecure reference was removed before being provided to the external client. - View Dependent Claims (5, 6, 7, 8, 9)
-
Specification