System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy
First Claim
1. A method, comprising:
- receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint;
employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server;
responding, by the proxy server, with an acknowledgement to the user endpoint;
intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server;
initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake;
intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata;
generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint;
transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection;
intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint;
decrypting, by the proxy server, the encrypted payload using a private key of the second certificate;
creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate;
forwarding, by the proxy server, the encrypted payload to the second server;
receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;
decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload;
passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;
encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and
forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint.
2 Assignments
0 Petitions
Accused Products
Abstract
A proxy server may receive from a user endpoint, a secure connection request to a second server. The secure connection request may comprise a globally unique identifier registered for the endpoint. The proxy server may intercept, from the user endpoint, a first secure handshake with the second server. The proxy server may initiate a second secure handshake with the second server based on the intercepted first secure handshake. The proxy server may intercept from the second server a second secure handshake response comprising a server certificate with metadata. The proxy server may generate a second certificate using the metadata and signed with a first certificate authority associated with the globally unique identifier registered for the endpoint. The proxy server may transmit to the user endpoint a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.
47 Citations
15 Claims
-
1. A method, comprising:
-
receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; responding, by the proxy server, with an acknowledgement to the user endpoint; intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server; initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata; generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint; decrypting, by the proxy server, the encrypted payload using a private key of the second certificate; creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate; forwarding, by the proxy server, the encrypted payload to the second server; receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate; decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload; passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload; encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a memory; a processing device, operatively coupled to the memory, the processing device to; receive, from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employ the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; respond with an acknowledgement to the user endpoint; intercept, from the user endpoint, a first secure handshake from the user endpoint to the second server; initiate a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercept, from the second server, a second secure handshake response comprising a server certificate and metadata; generate a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmit, to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercept, from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint; decrypt the encrypted payload using a private key of the second certificate; create a media request to the second server by encrypting the payload with the public key of the server certificate; forward the encrypted payload to the second server; receive an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate; decrypt the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload; pass the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload; encrypt the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and forward the encrypted pre-filtered media receive response to the user endpoint.
-
-
9. A method, comprising:
-
receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; responding, by the proxy server, with an acknowledgement to the user endpoint; intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server; initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata; generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercepting, by the proxy server from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection; decrypting, by the proxy server, the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload; passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload; encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and forwarding, by the proxy server, the encrypted second media post request to the second server. - View Dependent Claims (10, 11, 12)
-
-
13. A system, comprising:
-
a memory; a processing device, operatively coupled to the memory, the processing device to; receive, from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employ the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; respond with an acknowledgement to the user endpoint; intercept, from the user endpoint, a first secure handshake from the user endpoint to the second server; initiate a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercept, from the second server, a second secure handshake response comprising a server certificate and metadata; generate a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmit, to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercept, from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection; decrypt the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload; pass the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload; encrypt the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and forward the encrypted second media post request to the second server.
-
-
14. A non-transitory computer-readable storage medium including instructions that, when accessed by a proxy server, cause the proxy server to perform operations comprising:
-
receiving, by the proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; responding, by the proxy server, with an acknowledgement to the user endpoint; intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server; initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata; generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint; decrypting, by the proxy server, the encrypted payload using a private key of the second certificate; creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate; forwarding, by the proxy server, the encrypted payload to the second server; receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate; decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload; passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload; encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint.
-
-
15. A non-transitory computer-readable storage medium including instructions that, when accessed by a proxy server, cause the proxy server to perform operations comprising:
-
receiving, by the proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; responding, by the proxy server, with an acknowledgement to the user endpoint; intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server; initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata; generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercepting, by the proxy server from the user endpoint, a media send request comprising an encrypted pre-filtered media payload to the second server via the proxied secure connection; decrypting, by the proxy server, the encrypted pre-filtered media payload using a private key of the second certificate to obtain a pre-filtered media payload; passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload; encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create an encrypted second media post request; and forwarding, by the proxy server, the encrypted second media post request to the second server.
-
Specification