Creating secure interactive connections with remote resources
First Claim
1. A server computer system comprising:
- at least one hardware processor; and
a storage medium storing computer executable instructions which, when executed by the at least one hardware processor, implement a method of creating a secure connection with a client computer system early in a connection process by negotiating secure connection protocols, including the following;
prior to the server indicating to the client computer system one or more secure communication protocols enabled at the server, the server receiving a connection request from a client computer system to communicate with one or more server resources using a secure connection, the connection request including the identity of a plurality of secure communication protocols which are installed at the client computer system, and with which the client computer system is presently enabled for establishing the secure connection;
based on receiving the connection request from the client computer system, the server processing the connection request to select a preferred secure communication protocol to use when establishing the secure connection, including;
the server identifying the one or more secure communication protocols with which the server is presently enabled for establishing secure connections;
the server comparing the plurality of secure communication protocols enabled at the client computer system with the one or more secure communication protocols enabled at the server to determine one or more common secure communication protocols that are common to both the one or more secure communication protocols enabled at the server and the plurality of secure communication protocols enabled at the client computer system; and
the server selecting the preferred secure communication protocol from among the determined one or more common secure communication protocols;
the server sending a connection response to the client computer system, the connection response indicating the determined preferred secure communication protocol;
the server establishing a secure communication channel with the client computer system using the preferred secure communication protocol;
the server confirming use of the preferred secure communication protocol through a data exchange in the secure communication channel established with the client computer system; and
the server communicating data with a client application program of the client computer system through the secure communication channel using the preferred secure communication protocol.
2 Assignments
0 Petitions
Accused Products
Abstract
Implementations of the present invention efficiently establish secure connections between a client and server, at least in part by authenticating the client and server early on in the connection setup phases. A client initiating a connection with a server identifies the secure communication protocols enabled at the client, and identifies these protocols in a connection request it sends to the server. The server processes the message and responds with a communication protocol it deems appropriate for the connection. The client and server then exchange appropriate authentication information, and then establish a connection session that implements the chosen communication protocol, and encrypts messages using the negotiated communication protocol. Additional implementations relate to reestablishing dropped connections behind virtual Internet Protocol addresses, without necessarily having to recommit much connection resource overhead.
-
Citations
20 Claims
-
1. A server computer system comprising:
-
at least one hardware processor; and a storage medium storing computer executable instructions which, when executed by the at least one hardware processor, implement a method of creating a secure connection with a client computer system early in a connection process by negotiating secure connection protocols, including the following; prior to the server indicating to the client computer system one or more secure communication protocols enabled at the server, the server receiving a connection request from a client computer system to communicate with one or more server resources using a secure connection, the connection request including the identity of a plurality of secure communication protocols which are installed at the client computer system, and with which the client computer system is presently enabled for establishing the secure connection; based on receiving the connection request from the client computer system, the server processing the connection request to select a preferred secure communication protocol to use when establishing the secure connection, including; the server identifying the one or more secure communication protocols with which the server is presently enabled for establishing secure connections; the server comparing the plurality of secure communication protocols enabled at the client computer system with the one or more secure communication protocols enabled at the server to determine one or more common secure communication protocols that are common to both the one or more secure communication protocols enabled at the server and the plurality of secure communication protocols enabled at the client computer system; and the server selecting the preferred secure communication protocol from among the determined one or more common secure communication protocols; the server sending a connection response to the client computer system, the connection response indicating the determined preferred secure communication protocol; the server establishing a secure communication channel with the client computer system using the preferred secure communication protocol; the server confirming use of the preferred secure communication protocol through a data exchange in the secure communication channel established with the client computer system; and the server communicating data with a client application program of the client computer system through the secure communication channel using the preferred secure communication protocol. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A client computer system comprising:
-
at least one hardware processor; and a storage medium storing computer executable instructions which, when executed by the at least one hardware processor, implement a method of creating a secure connection with a server by negotiating secure communication protocols, including the following; prior to the client computer system receiving an indication of one or more secure communication protocols enabled at the server, the client computer system identifying a plurality of secure communication protocols, each of the plurality of secure communication protocols being presently installed and enabled at the client computer system and usable by the client computer system to establish a secure connection with the server; the client computer system sending to the server a connection request including the identity of the plurality of secure communication protocols with which the client computer system is presently enabled for establishing the secure connection; subsequent to the client computer system sending the connection request, the client computer system receiving a connection response from the server, the connection response specifying a preferred secure communication protocol from among the plurality of secure communication protocols, the preferred secure communication protocol being identified by the server based on the server; identifying the one or more secure communication protocols with which the server is presently enabled for establishing secure connections; comparing the plurality of secure communication protocols enabled at the client computer system with the one or more secure communication protocols enabled at the server to determine one or more common secure communication protocols that are common to both the one or more secure communication protocols enabled at the server and the plurality of secure communication protocols enabled at the client computer system; and selecting the preferred secure communication protocol from among the determined one or more common secure communication protocols; the client computer system establishing a secure communication channel with the server by at least exchanging authentication information with the server using the preferred secure communication protocol, wherein authentication information from the server comprises any one of a self-signed certificate, a manually installed certificate, or a certificate received from a remote certificate authority; and the client computer system confirming the use of the secure communication protocol negotiated with the server with one or more initial data packets communicated during negotiation with the server. - View Dependent Claims (16, 17, 18, 19)
-
-
20. One or more computer storage devices having computer-executable instructions encoded thereon that, when executed at a client computer system in a computerized system in which a server communicates data with a client computer system through a secure connection, cause one or more hardware processors at the client computer system to perform a method of creating the secure connection by negotiating secure communication protocols with the server early in a connection process, the method comprising:
-
prior to the client computer system receiving an indication of one or more secure communication protocols enabled at the server, the client computer system identifying a plurality of secure communication protocols, each of the plurality of secure communication protocols being presently installed and enabled at the client computer system and usable by the client computer system to establish a secure connection with the server; the client computer system sending to the server a connection request including the identity of the plurality of secure communication protocols with which the client computer system is presently enabled for establishing the secure connection; subsequent to the client computer system sending the connection request, the client computer system receiving a connection response from the server, the connection response specifying a preferred secure communication protocol from among the plurality of secure communication protocols, the preferred secure communication protocol being identified by the server based on the server; identifying the one or more secure communication protocols with which the server is presently enabled for establishing secure connections; comparing the plurality of secure communication protocols enabled at the client computer system with the one or more secure communication protocols enabled at the server to determine one or more common secure communication protocols that are common to both the one or more secure communication protocols enabled at the server and the plurality of secure communication protocols enabled at the client computer system; and selecting the preferred secure communication protocol from among the determined one or more common secure communication protocols; the client computer system establishing a secure communication channel with the server by at least exchanging authentication information with the server using the preferred secure communication protocol, wherein authentication information from the server comprises any one of a self-signed certificate, a manually installed certificate, or a certificate received from a remote certificate authority; and the client computer system confirming the use of the secure communication protocol negotiated with the server with one or more initial data packets communicated during negotiation with the server.
-
Specification