Reverse network authentication for nonstandard threat profiles
First Claim
Patent Images
1. A method comprising:
- deploying a proxy to serve as a representative of a management server, wherein the serve as the representative comprises collecting information to monitor and administer a private network, wherein the private network is a private domain;
managing certificate production and distribution costs of the management server by establishing a half-authenticated data connection between the proxy and the management server using a client certificate, wherein the establishing comprises;
receiving, by the management server, the client certificate from the proxy for authenticating the proxy, without the proxy authenticating the management server;
validating, by the management server, the client certificate to authenticate the proxy, the validation of the client certificate comprising validating a cryptographic challenge of a certificate authority by obtaining a public key of the certificate authority and checking a signature associated with the public key;
creating, by the management server, the half-authenticated data connection with the proxy in response to a successful validation of the client certificate; and
communicating data between the proxy and the management server over the half-authenticated data connection in response to a successful validation of the client certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.
-
Citations
21 Claims
-
1. A method comprising:
-
deploying a proxy to serve as a representative of a management server, wherein the serve as the representative comprises collecting information to monitor and administer a private network, wherein the private network is a private domain; managing certificate production and distribution costs of the management server by establishing a half-authenticated data connection between the proxy and the management server using a client certificate, wherein the establishing comprises; receiving, by the management server, the client certificate from the proxy for authenticating the proxy, without the proxy authenticating the management server; validating, by the management server, the client certificate to authenticate the proxy, the validation of the client certificate comprising validating a cryptographic challenge of a certificate authority by obtaining a public key of the certificate authority and checking a signature associated with the public key; creating, by the management server, the half-authenticated data connection with the proxy in response to a successful validation of the client certificate; and communicating data between the proxy and the management server over the half-authenticated data connection in response to a successful validation of the client certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable storage medium containing data and instructions to cause a hardware processor to execute operations comprising:
-
deploying, by the hardware processor, a proxy to serve as a representative of a management server, wherein the serve as the representative comprises collecting information to monitor and administer a private network, wherein the private network is a private domain; managing certificate production and distribution costs of the management server by establishing a half-authenticated data connection between the proxy and the management server using a client certificate, wherein the establishing comprises; receiving, by the management server, the client certificate from the proxy for authenticating the proxy, without the proxy authenticating the management server; validating, by the management server, the client certificate to authenticate the proxy, the validation of the client certificate comprising validating a cryptographic challenge of a certificate authority by obtaining a public key of the certificate authority and checking a signature associated with the public key; creating, by the management server, the half-authenticated data connection with the proxy in response to a successful validation of the client certificate; and communicating data between the proxy and the management server over the half-authenticated data connection in response to a successful validation of the client certificate. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system comprising:
-
a memory to store instructions for half-authentication, and a hardware processor to execute the instructions, wherein the instructions cause the hardware processor to; deploy a proxy to serve as a representative of a management server, wherein the serve as the representative comprises collect information to monitor and administer a private network, wherein the private network is a private domain; manage certificate production and distribution costs of the management server by establish a half-authenticated data connection between the proxy and the management server using a client certificate, wherein the establish comprises; receive the client certificate from the proxy for authenticating the proxy, without the proxy authenticating the management server; validate the client certificate to authenticate the proxy, the validation of the client certificate comprising validate a cryptographic challenge of a certificate authority by obtaining a public key of the certificate authority and check a signature associated with the public key; create the half-authenticated data connection with the proxy in response to a successful validation of the client certificate; and communicate data between the proxy and the management server over the half-authenticated data connection in response to a successful validation of the client certificate. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification