Mutually authenticated secure channel
First Claim
Patent Images
1. One or more device-readable storage media, the one or more device-readable storage media storing device-executable instructions for performing a method comprising:
- receiving, at a remote access gateway server, a request from a remote device to establish a first secure connection;
forwarding an acknowledgment to the remote device to establish the first secure connection;
establishing the first secure connection from the remote device to the remote access gateway server such that the remote device can accept remote access requests only through the remote access gateway server;
after establishing the first secure connection, receiving, at the remote access gateway server, a request from a client to establish a second secure connection with the remote device;
forwarding the request to establish the second secure connection to the remote device;
receiving a response to the request to establish the second secure connection from the remote device;
forwarding the response to the request to establish the second secure connection to the client;
establishing the second secure connection from the client to the remote device;
receiving, in response to the establishing the second secure connection, encrypted data traffic from the client, wherein the remote access gateway server does not possess a key required to decrypt the encrypted data; and
forwarding the encrypted data traffic from the client to the remote device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and methods for establishing a mutually authenticated secure channel between a client device and remote device through a remote access gateway server. The remote access gateway server forwards secure connection requests and acknowledgements between the client and the remote device such that the remote access gateway does not possess any or all session keys necessary to decrypt communication between the client device and remote device.
45 Citations
20 Claims
-
1. One or more device-readable storage media, the one or more device-readable storage media storing device-executable instructions for performing a method comprising:
-
receiving, at a remote access gateway server, a request from a remote device to establish a first secure connection; forwarding an acknowledgment to the remote device to establish the first secure connection; establishing the first secure connection from the remote device to the remote access gateway server such that the remote device can accept remote access requests only through the remote access gateway server; after establishing the first secure connection, receiving, at the remote access gateway server, a request from a client to establish a second secure connection with the remote device; forwarding the request to establish the second secure connection to the remote device; receiving a response to the request to establish the second secure connection from the remote device; forwarding the response to the request to establish the second secure connection to the client; establishing the second secure connection from the client to the remote device; receiving, in response to the establishing the second secure connection, encrypted data traffic from the client, wherein the remote access gateway server does not possess a key required to decrypt the encrypted data; and forwarding the encrypted data traffic from the client to the remote device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a client for sending and receiving a first stream of encrypted data, the first stream of encrypted data including remote desktop commands formed by the client based on user input from one or more input devices; a remote device for sending and receiving a second stream of encrypted data, the second stream of encrypted data including screen update data usable by the client to update a screen in response to the user input from one of more input devices; and a remote access gateway server, for establishing a cryptographically strong identity of the client, establishing a cryptographically strong identity of the remote device, receiving a request from the remote device to establish a first secure connection with the remote device, after establishing the first secure connection with the remote device, receiving a request from the client to establish a second secure connection with the remote device, establishing a second secure connection from the client to the remote device, and for forwarding the encrypted data sent from the client to the remote device and from the remote device to the client, wherein the remote access gateway server does not possess a key required to decrypt the encrypted data after the secure connection from the client to the remote device has been established, and wherein the remote device can accept remote access requests only through the remote access gateway server during the second secure connection. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method, comprising:
-
receiving, at a remote access gateway server, a request from a remote device to establish a secure sockets layer (SSL) connection; forwarding an acknowledgment to the remote device to establish the secure sockets layer (SSL) connection; establishing the secure sockets layer (SSL) connection with the remote device such that the remote device can accept remote access requests only through the remote access gateway server; after establishing the secure sockets layer (SSL) connection, receiving, at the remote access gateway server, a request from a client to establish a remote desktop session with the remote device; matching a cryptographically strong identity of the client with a cryptographically strong identity of the remote device; forwarding a secure sockets layer (SSL) session establishment command from the client to the remote device; forwarding a secure sockets layer (SSL) response from the remote device to the client; and forwarding, between the client and the remote device, remote desktop session data encrypted with a secure sockets layer (SSL) cryptographic session key, the remote desktop session data including remote desktop commands based on one or more of keyboard or mouse data input at the client, the remote desktop data further including screen update data from the remote device and usable by the client to update a screen at the client in response to the keyboard or mouse input data, wherein the remote access gateway server does not possess a key required to decrypt the encrypted data after a secure sockets layer (SSL) session has been established. - View Dependent Claims (20)
-
Specification