公开(公告)号：DE60026838D1

公开(公告)日：2006-05-11

申请号：DE60026838

申请日：2000-06-28

Applicant: IBM

Inventor： BELLWOOD ALEXANDER ,  LITA CHRISTIAN ,  RUTKOWSKI FRANCIS

IPC: G06F13/00 ,  H04L29/00 ,  G06F15/00 ,  H04L9/08 ,  H04L12/22 ,  H04L12/66 ,  H04L29/06 ,  H04L29/08

Abstract: A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.

公开(公告)号：DE60026838T2

公开(公告)日：2006-09-07

申请号：DE60026838

申请日：2000-06-28

Applicant: IBM

Inventor： BELLWOOD ALEXANDER ,  LITA CHRISTIAN ,  RUTKOWSKI FRANCIS

IPC: G06F13/00 ,  H04L29/00 ,  G06F15/00 ,  H04L9/08 ,  H04L12/22 ,  H04L12/66 ,  H04L29/06 ,  H04L29/08

Abstract: A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.