Adding client authentication to networked communications
First Claim
Patent Images
1. A computer-implemented method comprising:
- receiving a request from a client at a security agent node, the request to be passed through to a target server, the security agent node providing client authentication functionality for the target server that lacks the client authentication functionality;
constructing, by a processing device, a challenge for the client, the challenge comprising a nonce and an encrypted copy of the request;
transmitting the challenge to the client;
receiving a response to the challenge from the client, the response comprising a message authentication code (MAC) computed using the encrypted copy of the request and a shared key;
verifying the response; and
when the response is valid, forwarding, by the security agent node, the request received from the client to the target server.
1 Assignment
0 Petitions
Accused Products
Abstract
A pass-through agent receives a request from a client and authenticates the client before forwarding the request to a target server that lacks client authentication capability. The target server is configured to accept requests from the pass-through agent, and may be configured to reject requests that do not come from the pass-through agent.
49 Citations
22 Claims
-
1. A computer-implemented method comprising:
-
receiving a request from a client at a security agent node, the request to be passed through to a target server, the security agent node providing client authentication functionality for the target server that lacks the client authentication functionality; constructing, by a processing device, a challenge for the client, the challenge comprising a nonce and an encrypted copy of the request; transmitting the challenge to the client; receiving a response to the challenge from the client, the response comprising a message authentication code (MAC) computed using the encrypted copy of the request and a shared key; verifying the response; and when the response is valid, forwarding, by the security agent node, the request received from the client to the target server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer-implemented method comprising:
-
intercepting, at a security agent node, a request directed to a software agent, the security agent node providing authentication functionality for the software agent that lacks the authentication functionality; authenticating, by a processing device of the security agent node, a sender of the request by sending a challenge to the sender, the challenge comprising a nonce and an encrypted copy of the request, and verifying a response from the sender, the response comprising a message authentication code (MAC) computed using the encrypted copy of the request and a shared key; and when the authenticating is successful, forwarding the request intercepted at the security agent node to the software agent. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A system comprising:
-
a memory; a processing device, coupled to the memory; and a security agent, executed from the memory by the processing device, to receive a request from a client, validate the client and pass the request to a service provider via an unauthenticated channel by sending a challenge to the client, the challenge comprising a nonce and an encrypted copy of the request, and verifying a response from the client, the response comprising a message authentication code (MAC) computed using the encrypted copy of the request and a shared key, wherein the security agent provides client authentication functionality for the service provider that lacks the client authentication functionality. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A non-transitory machine-readable medium storing data and instructions to cause a programmable processing device to perform operations comprising:
-
accepting a Transmission Control Protocol/Internet Protocol (“
TCP/IP”
) connection from a client at a security agent;receiving, by the processing device of the security agent, a request from the client over the TCP/IP connection; sending a challenge to the client over the TCP/IP connection, the challenge comprising a nonce and an encrypted copy of the request; receiving a response to the challenge from the client over the TCP/IP connection, the response comprising a message authentication code (MAC) computed using the encrypted copy of the request and a shared key; validating the response; and when the response is successfully validated, sending, by the security agent the request to a target server, wherein the security agent provides client authentication functionality for the target server that lacks the client authentication functionality. - View Dependent Claims (20, 21, 22)
-
Specification