WO2007134082A3 - Security-preserving proxy tunnel - Google Patents
Security-preserving proxy tunnel Download PDFInfo
- Publication number
- WO2007134082A3 WO2007134082A3 PCT/US2007/068508 US2007068508W WO2007134082A3 WO 2007134082 A3 WO2007134082 A3 WO 2007134082A3 US 2007068508 W US2007068508 W US 2007068508W WO 2007134082 A3 WO2007134082 A3 WO 2007134082A3
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- secure
- servers
- proxy
- preserving
- security
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0272—Virtual private networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
Abstract
A security-preserving proxy tunnel (500) is disposed between a client computer (100) and a trusted secure server (90). The proxy tunnel (500) operates over an insecure network, in which the connection is as secure as if it were direct, but in which techniques for improving the efficiency of network communication can be applied. Particular embodiments of the invention do not need to transmit PKI private keys over any network link or expose them in any location that is not trusted; do not require modification or special configuration of the client process; do not require any modification of secure servers; and transparently bypass communications to secure servers not explicitly chosen for proxy ing, without being able to inspect their content. The client processes (12) can be web browsers and the secure servers (90) can be secure web servers.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US74670506P | 2006-05-08 | 2006-05-08 | |
US60/746,705 | 2006-05-08 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2007134082A2 WO2007134082A2 (en) | 2007-11-22 |
WO2007134082A3 true WO2007134082A3 (en) | 2008-10-23 |
Family
ID=38694662
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US2007/068508 WO2007134082A2 (en) | 2006-05-08 | 2007-05-08 | Security-preserving proxy tunnel |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2007134082A2 (en) |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8566580B2 (en) | 2008-07-23 | 2013-10-22 | Finjan, Inc. | Splitting an SSL connection between gateways |
US9647835B2 (en) | 2011-12-16 | 2017-05-09 | Akamai Technologies, Inc. | Terminating SSL connections without locally-accessible private keys |
US9961103B2 (en) | 2014-10-28 | 2018-05-01 | International Business Machines Corporation | Intercepting, decrypting and inspecting traffic over an encrypted channel |
CN107483593B (en) | 2017-08-22 | 2019-12-31 | 网宿科技股份有限公司 | Bidirectional transparent proxy method and system |
US10812468B2 (en) * | 2017-12-07 | 2020-10-20 | Sonicwall Inc. | Dynamic bypass |
CN115001757B (en) * | 2022-05-12 | 2023-08-08 | 中国人民解放军国防科技大学 | DNS analysis-based host abnormal behavior analysis method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6104716A (en) * | 1997-03-28 | 2000-08-15 | International Business Machines Corporation | Method and apparatus for lightweight secure communication tunneling over the internet |
US20020157019A1 (en) * | 2001-04-19 | 2002-10-24 | Kadyk Donald J. | Negotiating secure connections through a proxy server |
-
2007
- 2007-05-08 WO PCT/US2007/068508 patent/WO2007134082A2/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6104716A (en) * | 1997-03-28 | 2000-08-15 | International Business Machines Corporation | Method and apparatus for lightweight secure communication tunneling over the internet |
US20020157019A1 (en) * | 2001-04-19 | 2002-10-24 | Kadyk Donald J. | Negotiating secure connections through a proxy server |
Also Published As
Publication number | Publication date |
---|---|
WO2007134082A2 (en) | 2007-11-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2008147475A3 (en) | Providing a generic gateway for accessing protected resources | |
WO2008030523A3 (en) | Real privacy management authentication system | |
WO2007134082A3 (en) | Security-preserving proxy tunnel | |
SG142251A1 (en) | A private network system and method | |
WO2007008856A3 (en) | Unified architecture for remote network access | |
NO20082831L (en) | Transport of IP datagrams over FLO networks | |
WO2007109671A3 (en) | Systems and methods for providing secure communications for transactions | |
WO2011068629A3 (en) | Communication channel between web application and process outside browser | |
WO2006103098A3 (en) | Computer network system for the establishment synchronisation and/or operation of a second databank from/with a first databank and procedure for the above | |
WO2005059717A3 (en) | Certificate based digital rights management | |
WO2006096657A3 (en) | System and method for a fast, programmable packet processing system | |
WO2008030287A3 (en) | Integrated instant messaging and web browsing client and related methods | |
TW200704100A (en) | Encryption communication method and system | |
WO2007031981A3 (en) | Incorporating a mobile device into a peer-to-peer network | |
ATE324736T1 (en) | METHOD AND DEVICE FOR ALLOWING DATA TRANSMISSION VIA FIREWALLS | |
GB0519466D0 (en) | Network communications | |
ATE539542T1 (en) | DYNAMIC DNS SYSTEM FOR PRIVATE NETWORKS | |
WO2008017064A3 (en) | Systems and methods for using an http-aware client agent | |
WO2007121262A3 (en) | Highly adaptable proxy traversal and authentication | |
NO20015151D0 (en) | Performance increasing proxy service and performance enhancement method | |
CA2607568A1 (en) | A browser-plugin based method for advanced https data processing | |
ATE429768T1 (en) | SECURE DATA COMMUNICATION IN WEB SERVICES | |
US9742797B2 (en) | Method for incorporating network port hopping with minimal or no impact to underlying systems | |
WO2008005901A3 (en) | Methods and arrangements to negotiate communication speed | |
US20190068556A1 (en) | Method to avoid inspection bypass due to dns poisoning or http host header spoofing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 07762027 Country of ref document: EP Kind code of ref document: A2 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC OF 050309 |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07762027 Country of ref document: EP Kind code of ref document: A2 |