Transparent secure socket layer
First Claim
Patent Images
1. An apparatus, comprising:
- a first network interface operable to connect to at least one non-configured client;
a second network interface operable to connect to at least one network resource; and
a transparent proxy module executing on one or more hardware processors, the one or more hardware processors comprising a part of a computerized system and operable to intercept a request for a secured connection from a first non-configured client of the at least one non-configured clients to a first network resource of the at least one network resources, and to provide a proxy connection between the first non-configured client and the first network resource by establishing a secure encrypted connection to the first non-configured client and establishing a secure encrypted connection to the first network resource such that data may be securely passed between the first non-configured client and the first network resource;
the transparent proxy module further operable to provide a proper secure connection certificate to the first non-configured client by determining a common name of the first network resource and providing the common name of the first network resource in a certificate used to establish a secure encrypted connection to the first non-configured client such that the first non-configured client recognizes the common name in the certificate as associated with the first network resource;
a policy module operable to determine whether a connection from the first non-configured client to the first network resource violates a security and usage policy;
the transparent proxy module further operable to provide a proper certificate even when the intercepted request violates the security and usage policy; and
the transparent proxy module further operable to selectively provide a proxy connection between only those non-configured clients and network resources that do not violate a security and usage policy.
12 Assignments
0 Petitions
Accused Products
Abstract
Various systems, apparatus, and methods include an apparatus comprising a transparent proxy coupled to a plurality of non-configured clients and coupled to one or more servers, the transparent proxy operable to intercept a request for a secured connection to a first server of the one or more servers, the request from a first non-configured client of the plurality of non-configured clients and including a server name indication extension, and to supply a proper certificate to the first non-configured client including the server name indication extension as a common name in the proper certificate.
-
Citations
14 Claims
-
1. An apparatus, comprising:
-
a first network interface operable to connect to at least one non-configured client; a second network interface operable to connect to at least one network resource; and a transparent proxy module executing on one or more hardware processors, the one or more hardware processors comprising a part of a computerized system and operable to intercept a request for a secured connection from a first non-configured client of the at least one non-configured clients to a first network resource of the at least one network resources, and to provide a proxy connection between the first non-configured client and the first network resource by establishing a secure encrypted connection to the first non-configured client and establishing a secure encrypted connection to the first network resource such that data may be securely passed between the first non-configured client and the first network resource; the transparent proxy module further operable to provide a proper secure connection certificate to the first non-configured client by determining a common name of the first network resource and providing the common name of the first network resource in a certificate used to establish a secure encrypted connection to the first non-configured client such that the first non-configured client recognizes the common name in the certificate as associated with the first network resource; a policy module operable to determine whether a connection from the first non-configured client to the first network resource violates a security and usage policy; the transparent proxy module further operable to provide a proper certificate even when the intercepted request violates the security and usage policy; and the transparent proxy module further operable to selectively provide a proxy connection between only those non-configured clients and network resources that do not violate a security and usage policy. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method, comprising:
-
intercepting a request for a secured connection from a first non-configured client of at least one non-configured clients to a first network resource of at least one network resources; determining whether a connection from the first non-configured client to the first network resource violates a security and usage policy; providing a proper secure connection certificate to the first client by determining a common name of the first network resource and providing the common name of the first network resource in a certificate used to establish a secure encrypted connection to the first non-configured client such that the first non-configured client recognizes the common name in the certificate as associated with the first network resource; and providing a proxy connection between the first non-configured client and the first network resource by establishing a secure encrypted connection to the first non-configured client and establishing a secure encrypted connection to the first network resource such that data may be securely passed between the first non-configured client and the first network resource;
wherein a proper certificate is provided even when the intercepted request violates the security and usage policy and the proxy connection is established only for requests that do not violate;wherein at least one of the intercepting a request, providing a proper secure connection certificate, and providing a proxy connection is performed via one or more processes executing on one or more hardware processors, the one or more hardware processors comprising part of one or more computerized systems communicatively coupled via a communication network, and extracting the common name of the first network resource from a security certificate obtained from the first network resource. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory machine-readable medium with instructions stored thereon, the instructions when executed operable to cause one or more processors of a computerized system to:
-
intercept a request for a secured connection from a first non-configured client of at least one non-configured clients to a first network resource of at least one network resources; determine whether a connection from the first non-configured client to the first network resource violates a security and usage policy; provide a proper secure connection certificate to the first non-configured client by determining a common name of the first network resource and providing the common name of the first network resource in a certificate used to establish a secure encrypted connection to the first non-configured client such that the first non-configured client recognizes the common name in the certificate as associated with the first network resource; and provide a proxy connection between the first non-configured client and the first network resource by establishing a secure encrypted connection to the first non-configured client and establishing a secure encrypted connection to the first network resource such that data may be securely passed between the first non-configured client and the first network resource;
wherein a proper certificate is provided even when the intercepted request violates the security and usage policy and the proxy connection is established only for requests that do not violate, and to extract the common name of the first network resource from a security certificate obtained from the first network resource. - View Dependent Claims (12, 13, 14)
-
Specification