Transparent proxy of encrypted sessions
First Claim
1. A method, comprising:
- intercepting a client-server security session request sent from a client to a server at a proxy device;
initiating, with the server, a proxy-server security session from the proxy device;
obtaining, from the server, server security information at the proxy device;
initiating, with the client, a client-proxy security session from the proxy device using a trusted proxy certificate of the proxy device;
obtaining, from the client, client security information at the proxy device, the client security information having at least a subject name of the client;
creating a dynamic certificate using the obtained subject name of the client and the trusted proxy certificate;
establishing the initiated proxy-server security session with the dynamic certificate; and
establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a server and a client are configured to trust a certificate of an intermediate proxy device. The proxy device may then intercept a client-server security session request message sent from the client to the server. In response, the proxy device initiates a proxy-server security session with the server and obtains server security information from the server. Then, the proxy device initiates a client-proxy security session with the client using the trusted proxy certificate, and obtains client security information from the client. Upon obtaining the client security information, the proxy device creates a dynamic certificate using the obtained client security information and the trusted proxy certificate, and establishes the initiated proxy-server security session with the dynamic certificate. The proxy device then establishes the initiated client-proxy session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
-
Citations
31 Claims
-
1. A method, comprising:
-
intercepting a client-server security session request sent from a client to a server at a proxy device; initiating, with the server, a proxy-server security session from the proxy device; obtaining, from the server, server security information at the proxy device; initiating, with the client, a client-proxy security session from the proxy device using a trusted proxy certificate of the proxy device; obtaining, from the client, client security information at the proxy device, the client security information having at least a subject name of the client; creating a dynamic certificate using the obtained subject name of the client and the trusted proxy certificate; establishing the initiated proxy-server security session with the dynamic certificate; and establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A node, comprising:
-
one or more network interfaces adapted to communicate with at least one server and at least one client, wherein the server and the client are configured to trust a proxy certificate of the node; one or more processors coupled to the network interfaces and adapted to execute one or more processes; and a memory adapted to store a proxy security process executable by each processor, the proxy security process when executed operable to;
i) intercept a client-server security session request sent from the client to the server, ii) initiate, with the server, a proxy-server security session, iii) obtain, from the server, server security information, iv) initiate, with the client, a client-proxy security session using the trusted proxy certificate, v) obtain, from the client, client security information, the client security information having at least a subject name of the client, vi) create a dynamic certificate using the obtained subject name of the client and the trusted proxy certificate, vii) establish the initiated proxy-server security session with the dynamic certificate, and vii) establish the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (18, 19)
-
-
20. An apparatus, comprising:
-
means for intercepting a client-server security session request sent from a client to a server; means for initiating, with the server, a proxy-server security session; means for obtaining, from the server, server security information; means for initiating, with the client, a client-proxy security session using a trusted proxy certificate; means for obtaining, from the client, client security information, the client security information having at least a subject name of the client; means for creating a dynamic certificate using the obtained subject name of the client and the trusted proxy certificate; means for establishing the initiated proxy-server security session with the dynamic certificate; and means for establishing the initiated client-proxy security session, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session.
-
-
21. A method, comprising:
-
intercepting, at a proxy device, a client-server security session request from a client to a server; establishing a client-proxy security session between the client and the proxy device using a trusted proxy certificate of the proxy device and a client certificate having a client subject name of the client; extracting, by the proxy device, the client subject name of the client from the client certificate using a public key of the client; generating, by the proxy device, a dynamic client certificate using the client subject name and a private key of the proxy device; and establishing a proxy-server security session between the proxy device and the server using the dynamic client certificate, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. An apparatus, comprising:
-
one or more network interfaces adapted to communicate with at least one server and at least one client, wherein the server and the client are configured to trust a proxy certificate of the apparatus; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory adapted to store a proxy security process executable by the processor, the proxy security process when executed operable to; intercept a client-server security session request from a client to a server; establish a client-proxy security session between the client and the apparatus using the trusted proxy certificate and a client certificate having a client subject name of the client; extract the client subject name of the client from the client certificate using a public key of the client; generate a dynamic client certificate using the client subject name and a private key of the apparatus; and establish a proxy-server security session between the apparatus and the server using the dynamic client certificate, wherein the client-proxy security session and proxy-server security session transparently appear to the client and server as the requested client-server security session. - View Dependent Claims (28, 29, 30, 31)
-
Specification