Systems and methods for providing secure communication
First Claim
1. A system comprising:
- a processor;
a client configured to comprise a security agent that is configured to create a client certificate that corresponds to one or more client identifiers by creating a key pair and a self-signed certificate upon being connected to a server; and
a single server comprising a server certificate, wherein said server is in communication with said security agent, and wherein said single server is configured to, via the processor;
facilitate establishing an initial mutually authenticated transport layer security (TLS) session with said client based on the client certificate and the server certificate comprising;
install said security agent on said client using one or more credentials;
transmit said server certificate to said client, wherein said one or more credentials are sufficient to establish that said server certificate is trusted and valid for future TLS sessions between said single server and the said client; and
establish the initial mutually authenticated TLS session with said client by connecting to said security agent;
transmit a request comprising said server certificate, said request corresponding to a request for said client certificate;
extract the client certificate from said security agent when the initial mutually authenticated TLS session is established;
store the client certificate as being associated with only the one or more client identifiers;
categorize the association between the client certificate and the one or more client identifiers as being secure but not trusted for said client until an identity of said client has been verified;
receive an indication that the identity of said client has been verified; and
change a categorization of said client to secure in response to receiving said indication.
2 Assignments
0 Petitions
Accused Products
Abstract
A client includes a security agent configured to create a client certificate that corresponds to one or more client identifiers. A server includes a server certificate and is in communication with the security agent. The server is configured to facilitate establishing an initial mutually authenticated transport layer security (TLS) session with the client based on the client certificate and the server certificate. The server is also configured to extract the client certificate from the security agent once the TLS session is established. The server is configured to store the certificate as being associated with only the corresponding client identifier(s) and to categorize the association between the client certificate and the corresponding client identifier(s) as being secure but not trusted for the client until the identity of the client has been verified. Moreover, the server is configured to receive an indication that the identity of the client has been verified.
49 Citations
14 Claims
-
1. A system comprising:
-
a processor; a client configured to comprise a security agent that is configured to create a client certificate that corresponds to one or more client identifiers by creating a key pair and a self-signed certificate upon being connected to a server; and a single server comprising a server certificate, wherein said server is in communication with said security agent, and wherein said single server is configured to, via the processor; facilitate establishing an initial mutually authenticated transport layer security (TLS) session with said client based on the client certificate and the server certificate comprising; install said security agent on said client using one or more credentials; transmit said server certificate to said client, wherein said one or more credentials are sufficient to establish that said server certificate is trusted and valid for future TLS sessions between said single server and the said client; and establish the initial mutually authenticated TLS session with said client by connecting to said security agent; transmit a request comprising said server certificate, said request corresponding to a request for said client certificate; extract the client certificate from said security agent when the initial mutually authenticated TLS session is established; store the client certificate as being associated with only the one or more client identifiers; categorize the association between the client certificate and the one or more client identifiers as being secure but not trusted for said client until an identity of said client has been verified; receive an indication that the identity of said client has been verified; and change a categorization of said client to secure in response to receiving said indication. - View Dependent Claims (2, 3, 4, 5)
-
-
6. At least one non-transitory computer-readable storage medium having computer-executable instructions embodied thereon, wherein, when executed by at least one processor of a server, the computer-executable instructions cause the at least one processor to:
-
facilitate establishing an initial mutually authenticated transport layer security (TLS) session between a single server that includes a server certificate and a client that is configured to comprise a security agent that is configured to create a client certificate that corresponds to one or more client identifiers by creating a key pair and a self-signed certificate upon being connected to said single server, wherein the initial mutually authenticated TLS session is established based on the client certificate and the server certificate and comprises; install the security agent on the client using one or more credentials; transmit said server certificate to said client, wherein said one or more credentials are sufficient to establish that said server certificate is trusted and valid for future TLS sessions between said single server and the said client; and establish the initial mutually authenticated TLS session with said client by connecting to said security agent; transmit a request comprising said server certificate, said request corresponding to a request for said client certificate; extract the client certificate from the security agent when the initial mutually authenticated TLS session is established; store the client certificate as being associated with only the one or more client identifiers; categorize the association between the client certificate and the one or more client identifiers as being secure but not trusted for the client until an identity of the client has been verified; receive an indication that the identity of the client has been verified; and change a categorization of said client to secure in response to receiving said indication; wherein said establishing, said install, said extract, said store, said categorize and said receive are performed by said single server. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method of providing secure communication between a server and a client, the method comprising:
-
facilitating establishment of an initial mutually authenticated transport layer security (TLS) session between a single server that includes a server certificate and a client that is configured to comprise a security agent that is configured to create a client certificate that corresponds to one or more client identifiers, wherein the initial mutually authenticated TLS session is established based on the client certificate and the server certificate, said facilitating comprising; installing the security agent on the client, by the server, using one or more credentials; transmitting said server certificate to said client, wherein said one or more credentials are sufficient to establish that said server certificate is trusted and valid for future TLS sessions between said single server and the said client; and establishing the initial mutually authenticated TLS session with said client by connecting to said security agent enabling creation of the client certificate by creating a key pair and a self-signed certificate; transmitting a request comprising said server certificate, said request corresponding to a request for said client certificate; extracting the client certificate from the security agent when the initial mutually authenticated TLS session is established; storing the client certificate as being associated with only the one or more client identifiers; categorizing the association between the client certificate and the one or more client identifiers as being secure but not trusted for the client until an identity of the client has been verified; receiving an indication that the identity of the client has been verified; and changing a categorization of said client to secure in response to receiving said indication; wherein said facilitating of said establishment, said installing, said extracting, said storing, said categorizing and said receiving are performed by said single server. - View Dependent Claims (12, 13, 14)
-
Specification