Method and system for providing persistence in a secure network access
First Claim
Patent Images
1. A blade device, comprising:
- one or more interface devices for communicating information to and from the blade device; and
one or more processors operable to execute executable instructions to perform actions, comprising;
receiving from a client device a first message;
in response, establishing a first secure communications session with the client device by performing a first security handshake with the client device, the first security handshake including a first client certificate received from the client device, the first security handshake employing a first secure communications protocol;
associating a communications with the client device to a target server;
receiving a second message from the client device, the second message including a second client certificate associated with the client device that is equivalent to the first client certificate, the second message being a second security handshake with the client device;
in response, establishing a second secure communications session with the client device by performing a second security handshake with the client device that employs a second secure communications protocol; and
identifying the target server for a second communications with the client device based on the second client certificate, the second client certificate including a public key security certificate.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing persistence in a secure network access by using a client certificate sent by a client device to maintain the identity of a target. A security handshake is performed with a client device to establish a secure session. A target is determined. A client certificate is associated with the target. During subsequent secure sessions, the client certificate is used to maintain persistent communications between the client and a target. A session ID can be used in combination with the client certificate, by identifying the target based on the session ID or the client certificate, depending on which one is available in a client message.
146 Citations
20 Claims
-
1. A blade device, comprising:
-
one or more interface devices for communicating information to and from the blade device; and one or more processors operable to execute executable instructions to perform actions, comprising; receiving from a client device a first message; in response, establishing a first secure communications session with the client device by performing a first security handshake with the client device, the first security handshake including a first client certificate received from the client device, the first security handshake employing a first secure communications protocol; associating a communications with the client device to a target server; receiving a second message from the client device, the second message including a second client certificate associated with the client device that is equivalent to the first client certificate, the second message being a second security handshake with the client device; in response, establishing a second secure communications session with the client device by performing a second security handshake with the client device that employs a second secure communications protocol; and identifying the target server for a second communications with the client device based on the second client certificate, the second client certificate including a public key security certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a plurality of server devices; and one or more processor devices interposed between a client device and the plurality of server devices, the processor devices perform actions, including; receiving from the client device a first message; in response, establishing a first secure communications session with the client device by performing a first security handshake with the client device, the first security handshake including a first client certificate received from the client device, the first security handshake employing a first secure communications protocol; associating a communications with the client device to a target server within the plurality of server devices; receiving a second message from the client device, the second message including a second client certificate associated with the client device that is equivalent to the first client certificate, the second message being a second security handshake with the client device; in response, establishing a second secure communications session with the client device by performing a second security handshake with the client device that employs a second secure communications protocol; and identifying the target server for a second communications with the client device based on the second client certificate, the second client certificate including a public key security certificate. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus having stored thereon computer-executable instructions that when installed on a computing device having one or more processors, performs actions, comprising:
-
receiving from a client device a first message; in response, establishing a first secure communications session with the client device by performing a first security handshake with the client device, the first security handshake including a first client certificate received from the client device, the first security handshake employing a first secure communications protocol; associating a communications with the client device to a target server; receiving a second message from the client device, the second message including a second client certificate associated with the client device that is equivalent to the first client certificate, the second message being a second security handshake with the client device; in response, establishing a second secure communications session with the client device by performing a second security handshake with the client device that employs a second secure communications protocol; and identifying the target server for a second communications with the client device based on the second client certificate, the second client certificate including a public key security certificate. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification