Method and system for providing persistence in a secure network access
First Claim
Patent Images
1. An apparatus, comprising:
- one or more memory devices for storing executable instructions; and
one or more processors operable to execute the executable instructions to perform actions, comprising;
receiving client messages from a plurality of clients and distributing the client messages among a plurality of servers;
performing a first security handshake with one of the plurality of client, the first security handshake including a first identifying data comprising a first client certificate, wherein the first security handshake is a Secure Socket Layer (SSL) handshake;
associating the one of the plurality of clients with a target server;
performing a second security handshake with an other one of the plurality of clients, wherein the second security handshake includes a second identifying data comprising a second client certificate, wherein the second security handshake is a SSL handshake, and the first security handshake establishes a first secure communication session, and the second security handshake establishes a second secure communications session; and
identifying the target server based on the second client certificate, wherein the second client certificate includes a public key security certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.
142 Citations
20 Claims
-
1. An apparatus, comprising:
-
one or more memory devices for storing executable instructions; and one or more processors operable to execute the executable instructions to perform actions, comprising; receiving client messages from a plurality of clients and distributing the client messages among a plurality of servers; performing a first security handshake with one of the plurality of client, the first security handshake including a first identifying data comprising a first client certificate, wherein the first security handshake is a Secure Socket Layer (SSL) handshake; associating the one of the plurality of clients with a target server; performing a second security handshake with an other one of the plurality of clients, wherein the second security handshake includes a second identifying data comprising a second client certificate, wherein the second security handshake is a SSL handshake, and the first security handshake establishes a first secure communication session, and the second security handshake establishes a second secure communications session; and identifying the target server based on the second client certificate, wherein the second client certificate includes a public key security certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of maintaining a communication with a client device on a network having a plurality of targets, comprising:
-
receiving client messages from a plurality of clients and distributing the client messages among a plurality of servers; performing a first security handshake with one of the plurality of client, the first security handshake including a first identifying data that includes one of a first client certificate or a session Identifier (ID), wherein the first security handshake is a Secure Socket Layer (SSL) handshake; associating the one of the plurality of clients with a target server; performing a second security handshake with an other one of the plurality of clients, wherein the second security handshake includes a second identifying data, wherein the second security handshake is a SSL handshake, and the first security handshake establishes a first secure communication session, and the second security handshake establishes a second secure communications session; and identifying the target server based on the second identifying data, wherein the second identifying data includes one of a second client certificate or the session ID. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage device having stored thereon computer-executable instructions that when installed on a computing device having one or more processors, performs actions, comprising:
-
receiving client messages from a plurality of clients and distributing the client messages among a plurality of servers; performing a first security handshake with one of the plurality of client, the first security handshake including a first identifying data comprising a first client certificate, wherein the first security handshake is a Secure Socket Layer (SSL) handshake; associating the one of the plurality of clients with a target server; performing a second security handshake with an other one of the plurality of clients, wherein the second security handshake includes a second identifying data comprising a second client certificate, wherein the second security handshake is a SSL handshake, and the first security handshake establishes a first secure communication session, and the second security handshake establishes a second secure communications session; and identifying the target server based on the second client certificate, wherein the second client certificate includes a public key security certificate. - View Dependent Claims (17, 18, 19, 20)
-
Specification