System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy

US 9,197,673 B1
Filed: 05/18/2015
Issued: 11/24/2015
Est. Priority Date: 05/18/2015
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;

employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;

responding, by the proxy server, with an acknowledgement to the user endpoint;

intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;

initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;

intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;

generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;

transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;

intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint;

decrypting, by the proxy server, the encrypted payload using a private key of the second certificate;

creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate;

forwarding, by the proxy server, the encrypted payload to the second server;

receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;

decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload;

passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;

encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and

forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A proxy server may receive from a user endpoint, a secure connection request to a second server. The secure connection request may comprise a globally unique identifier registered for the endpoint. The proxy server may intercept, from the user endpoint, a first secure handshake with the second server. The proxy server may initiate a second secure handshake with the second server based on the intercepted first secure handshake. The proxy server may intercept from the second server a second secure handshake response comprising a server certificate with metadata. The proxy server may generate a second certificate using the metadata and signed with a first certificate authority associated with the globally unique identifier registered for the endpoint. The proxy server may transmit to the user endpoint a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.

47 Citations

View as Search Results

15 Claims

1. A method, comprising:
- receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  responding, by the proxy server, with an acknowledgement to the user endpoint;
  
  intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint;
  
  decrypting, by the proxy server, the encrypted payload using a private key of the second certificate;
  
  creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate;
  
  forwarding, by the proxy server, the encrypted payload to the second server;
  
  receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;
  
  decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload;
  
  passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;
  
  encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and
  
  forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising determining whether to forward or not forward the secure connection request to the second server based on a rule or policy.
  - 3. The method of claim 2, wherein the rule or policy is at least predicated on presence of a corresponding certificate authority of a plurality of certificate authorities on the user endpoint.
  - 4. The method of claim 1, wherein passing the media receive payload through the media pre-filtering processor comprises performing at least one of resolution reduction, dynamic range reduction, frame rate reduction, spatial high frequency reduction, spatio-temporal high frequency reduction, entropy coding of protocol headers, or discrete cosine transform (DCT) or wavelet coefficient re-quantization of the media, audio, images or video payloads.
  - 5. The method of claim 1, further comprising, prior to receiving a first secure connection, receiving a configuration, by the proxy server, to incorporate or communicate with a media pre-filtering processor to generate pre-filtered media, audio, images or video payloads.
  - 6. The method of claim 1, wherein the proxy server communicates a media receive payload to a transcoding or a transrating service using the internet content adaptation protocol (ICAP).
  - 7. The method of claim 1, wherein the proxy server communicates a media receive payload to a transcoding or a transrating service using asynchronous application programming interface (API) calls.

8. A system, comprising:
- a memory;
  
  a processing device, operatively coupled to the memory, the processing device to;
  
  receive, from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employ the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  respond with an acknowledgement to the user endpoint;
  
  intercept, from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiate a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercept, from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generate a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmit, to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercept, from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint;
  
  decrypt the encrypted payload using a private key of the second certificate;
  
  create a media request to the second server by encrypting the payload with the public key of the server certificate;
  
  forward the encrypted payload to the second server;
  
  receive an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;
  
  decrypt the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload;
  
  pass the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;
  
  encrypt the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and
  
  forward the encrypted pre-filtered media receive response to the user endpoint.

9. A method, comprising:
- receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  responding, by the proxy server, with an acknowledgement to the user endpoint;
  
  intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercepting, by the proxy server from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection;
  
  decrypting, by the proxy server, the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload;
  
  passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;
  
  encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and
  
  forwarding, by the proxy server, the encrypted second media post request to the second server.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein passing the pre-filtered media payload through the post-filtering processor comprises performing one or more of super-resolution or non-linear interpolation methods in any of the audio frequency, discrete cosine transform (DCT), image spatial, color gamut, or video statio-temporal domains.
  - 11. The method of claim 9, further comprising, communicating, by the proxy server, the pre-filtered media payload to the post-filtering processor using the internet content adaptation protocol (ICAP) protocol.
  - 12. The method of claim 9, further comprising, communicating, by the proxy server, the pre-filtered media payload to the post-filtering processor using asynchronous application programming interface (API) calls.

13. A system, comprising:
- a memory;
  
  a processing device, operatively coupled to the memory, the processing device to;
  
  receive, from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employ the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  respond with an acknowledgement to the user endpoint;
  
  intercept, from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiate a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercept, from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generate a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmit, to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercept, from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection;
  
  decrypt the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload;
  
  pass the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;
  
  encrypt the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and
  
  forward the encrypted second media post request to the second server.

14. A non-transitory computer-readable storage medium including instructions that, when accessed by a proxy server, cause the proxy server to perform operations comprising:
- receiving, by the proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  responding, by the proxy server, with an acknowledgement to the user endpoint;
  
  intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint;
  
  decrypting, by the proxy server, the encrypted payload using a private key of the second certificate;
  
  creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate;
  
  forwarding, by the proxy server, the encrypted payload to the second server;
  
  receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;
  
  decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload;
  
  passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;
  
  encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and
  
  forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint.

15. A non-transitory computer-readable storage medium including instructions that, when accessed by a proxy server, cause the proxy server to perform operations comprising:
- receiving, by the proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
  
  employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
  
  responding, by the proxy server, with an acknowledgement to the user endpoint;
  
  intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;
  
  initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
  
  intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;
  
  generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
  
  transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
  
  intercepting, by the proxy server from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection;
  
  decrypting, by the proxy server, the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload;
  
  passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;
  
  encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and
  
  forwarding, by the proxy server, the encrypted second media post request to the second server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cheytec Technologies, LLC
Original Assignee
A2Zlogix, Inc.
Inventors
Gaddy, William L., Seran, Vidhya, Galluzzo, John, Spinella, Vincent James, Norwalk, Stephen Andrew
Primary Examiner(s)
Brown, Christopher
Assistant Examiner(s)
Baum, Ronald

Application Number

US14/714,960
Time in Patent Office

190 Days
Field of Search

726/12
US Class Current

1/1
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0823   using certificates cryptogr...

H04L 63/20   for managing network securi...

System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links