Methods, systems and computer program products for enhanced security identity utilizing an SSL proxy
First Claim
1. A method of communicating between client applications and a transaction server, comprising:
- establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server;
establishing a first session specific SSL connection, different from the persistent secure connection, between a first client application and the SSL proxy server;
forwarding communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection to the transaction server over the persistent secure connection; and
forwarding client identification information received by the SSL proxy server to the transaction server so as to maintain an association of the client identification information with the forwarded communications between the first client application and the SSL proxy server.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provided which communicate between client applications and a transaction server by establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server. A first session specific SSL connection, different from the persistent secure connection, is also established between a first client application and the SSL proxy server.
Communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection are then forwarded with the client'"'"'s identity preserved to the transaction server over the persistent secure connection. Furthermore, a second session specific SSL connection between a second client application and the SSL proxy server may also be established and the communications between the second client application and the SSL proxy server transmitted over the second session specific SSL connection are forwarded to the transaction server over the persistent secure connection. Preferably, the persistent secure connection is an SSL connection.
192 Citations
29 Claims
-
1. A method of communicating between client applications and a transaction server, comprising:
-
establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server;
establishing a first session specific SSL connection, different from the persistent secure connection, between a first client application and the SSL proxy server;
forwarding communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection to the transaction server over the persistent secure connection; and
forwarding client identification information received by the SSL proxy server to the transaction server so as to maintain an association of the client identification information with the forwarded communications between the first client application and the SSL proxy server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
establishing a second session specific SSL connection between a second client application and the SSL proxy server; and
forwarding communications between the second client application and the SSL proxy server transmitted over the second session specific SSL connection to the transaction server over the persistent secure connection.
-
-
3. A method according to claim 1, wherein the step of forwarding client identification information comprises the step of providing first client identification information extracted from the communications in a message transmitted to the transaction server over the persistent secure connection.
-
4. A method according to claim 3, wherein the step of providing first client identification information comprises the steps of:
-
incorporating the first client identification information as a message header of the message; and
transmitting the message with the message header to the transaction server over the persistent secure connection.
-
-
5. A method according to claim 4, further comprising the steps of:
-
receiving the message transmitted over the persistent secure connection;
extracting from the message the first client identification information and content information from the communications; and
providing the first client identification information and the extracted content information to a transaction server.
-
-
6. A method according to claim 1, wherein the step of forwarding client identification information comprises the step of:
-
establishing a second connection between the SSL proxy server and the transaction server;
extracting first client identification information and content information from the communications;
transmitting the first client identification information to the transaction server over the second connection; and
transmitting the content information to the transaction server over the persistent secure connection.
-
-
7. A method according to claim 6, further comprising the steps of:
-
receiving the content information transmitted over the persistent secure connection;
receiving the first client identification information transmitted over the second connection; and
providing the first client identification and the content information to a transaction server.
-
-
8. A method according to claim 1, wherein the persistent secure connection is an SSL connection.
-
9. A system for communicating with client applications, comprising:
-
a transaction server;
an SSL proxy server operable for establishing Secure Socket Layer (SSL) connections with the client applications and for providing client identification information to the transaction server;
a persistent secure connection between the SSL proxy server and the transaction server over which communications received over the SSL connections with the client applications are multiplexed. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for communicating between client applications and a transaction server, comprising:
-
means for establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server;
means for establishing a first session specific SSL connection, different from the persistent secure connection, between a first client application and the SSL proxy server;
means for forwarding communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection to the transaction server over the persistent secure connection; and
means for forwarding client identification information received by the SSL proxy server to the transaction server so as to maintain an association of the client identification information with the forwarded communications between the first client application and the SSL proxy server. - View Dependent Claims (16, 17, 18, 19, 21)
means for establishing a second session specific SSL connection between a second client application and the SSL proxy server; and
means for forwarding communications between the second client application and the SSL proxy server transmitted over the second session specific SSL connection to the transaction server over the persistent secure connection.
-
-
17. A system according to claim 15, wherein the means for forwarding client identification information comprises means for providing first client identification information extracted from the communications in a message transmitted to the transaction server over the persistent secure connection.
-
18. A system according to claim 17, wherein the means for providing first client identification information comprises:
-
means for incorporating the first client identification information as a message header of the message; and
means for transmitting the message with the message header to the transaction server over the persistent secure connection.
-
-
19. A system according to claim 18, further comprising:
-
means for receiving the message transmitted over the persistent secure connection;
means for extracting from the message the first client identification information and content information from the communications; and
means for providing the first client identification information and the extracted content information to a transaction server. 20.A system according to claim 15, wherein the means for forwarding client identification information comprises; means for establishing a second connection between the SSL proxy server and the transaction server;
means for extracting first client identification information and content information from the communications;
means for transmitting the first client identification information to the transaction server over the second connection; and
means for transmitting the content information to the transaction server over the persistent secure connection.
-
-
21. A system according to claim 15, wherein the persistent secure connection is an SSL connection.
-
20. A system according to claim 20, further comprising:
-
means for receiving the content information transmitted over the persistent secure connection;
means for receiving the first client identification information transmitted over the second connection; and
means for providing the first client identification and the content information to a transaction server.
-
-
22. A computer program product for communicating between client applications and a transaction server, comprising:
-
a computer readable storage medium having computer readable program code embodied in said medium, said computer readable program code comprising;
computer readable program code for establishing a persistent secure connection between the transaction server and a Secure Socket Layer (SSL) proxy server;
computer readable program code for establishing a first session specific SSL connection, different from the persistent secure connection, between a first client application and the SSL proxy server;
computer readable program code for forwarding communications between the first client application and the SSL proxy server transmitted over the first session specific SSL connection to the transaction server over the persistent secure connection; and
computer readable program code for forwarding client identification information received by the SSL proxy server to the transaction server so as to maintain an association of the client identification information with the forwarded communications between the first client application and the SSL proxy server.
-
-
23. A computer program product according to claim 23, further comprising:
-
computer readable program code for establishing a second session specific SSL connection between a second client application and the SSL proxy server; and
computer readable program code for forwarding communications between the second client application and the SSL proxy server transmitted over the second session specific SSL connection to the transaction server over the persistent secure connection. - View Dependent Claims (24, 27, 28, 29)
computer readable program code for establishing a second connection between the SSL proxy server and the transaction server;
computer readable program code for extracting first client identification information and content information from the communications;
computer readable program code for transmitting the first client identification information to the transaction server over the second connection; and
computer readable program code for transmitting the content information to the transaction server over the persistent secure connection.
-
-
28. A computer program product according to claim 23, further comprising:
-
computer readable program code for receiving the content information transmitted over the persistent secure connection;
computer readable program code for receiving the first client identification information transmitted over the second connection; and
computer readable program code for providing the first client identification and the content information to a transaction server.
-
-
29. A computer program product according to claim 23, wherein the persistent secure connection is an SSL connection.
-
25. A computer program product according to claim 25, wherein the computer readable program code for providing first client identification information comprises:
-
computer readable program code for incorporating the first client identification information as a message header of the message; and
computer readable program code for transmitting the message with the message header to the transaction server over the persistent secure connection.
-
-
26. A computer program product according to claim 26, further comprising:
-
computer readable program code for receiving the message transmitted over the persistent secure connection;
computer readable program code for extracting from the message the first client identification information and content information from the communications; and
computer readable program code for providing the first client identification information and the extracted content information to a transaction server.
-
Specification