US2013097656A1PendingUtilityA1
Methods and systems for providing trusted signaling of domain-specific security policies
Est. expiryOct 17, 2031(~5.3 yrs left)· nominal 20-yr term from priority
Inventors:John T. Kennedy
G06F 21/57H04L 63/0209H04L 63/0823H04L 63/20
47
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Methods and systems for providing trusted signaling of domain-specific security policies. One method includes intercepting a connection request to a remote server from a client device on a domain and returning a security certificate with policy information for regulating the communications with the target server.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for providing trusted signaling of domain-specific policies comprising:
storing a replacement certificate at a proxy server on a local domain; intercepting by the proxy server a first outbound connection request received from a local application executing on a client computer on the local domain, wherein the request is to connect to a network-based application server outside the local domain; initiating a second outbound connection request to the network-based application server; facilitating the establishment of a first connection between the proxy server and the network-based application server in response to the second outbound connection request and using a target certificate for verifying the identity of the network-based application server; facilitating the establishment of a second connection between the proxy server and the client; and transmitting the replacement certificate to the client by the proxy server in response to the first outbound connection request; wherein the replacement certificate stores a policy for regulating the use of one or more applications being accessed at the network-based application server.
2 . The method of claim 1 , wherein the proxy server is an SSL-inspecting proxy server and the first and second connections are SSL connections.
3 . The method of claim 1 wherein the replacement certificate is an X.509v3 digital certificate.
4 . The method of claim 3 , wherein the policy is stored as an extension in the X.509v3 digital certificate.
5 . The method of claim 1 wherein the local application is an on-line presentation participant software.
6 . The method of claim 5 , wherein the network-based application server is an on-line presentation server.
7 . The method of claim 6 , wherein the policy prohibits transmitting a desktop or screen image, files, or other information from the client computer outside of the local domain.
8 . The method of claim 6 , wherein the policy prohibits giving remote control of the client computer to an entity outside the local domain.
9 . A proxy server on a local domain for providing trusted signaling of domain-specific policies comprising
a computer storage medium for storing a replacement certificate, which stores a policy for regulating the use of one or more applications being accessed at a network-based application server; and a network interface for
intercepting by the proxy server a first outbound connection request received from a local application executing on a client computer on the local domain, wherein the request is to connect to a network-based application server outside the local domain,
initiating a second outbound connection request to the network-based application server,
facilitating the establishment of a first connection between the proxy server and the network-based application server in response to the second outbound connection request and using a target certificate for verifying the identity of the network-based application server,
facilitating the establishment of a second connection between the proxy server and the client, and
transmitting the replacement certificate to the client by the proxy server in response to the first outbound connection request.
10 . The proxy server of claim 9 , wherein the proxy server is an SSL-inspecting proxy server and the first and second connections are SSL connections.
11 . The method of claim 9 wherein the replacement certificate is an X.509v3 digital certificate.
12 . The method of claim 11 , wherein the policy is stored as an extension in the X.509v3 digital certificate.
13 . The method of claim 9 wherein the local application is an on-line presentation participant software.
14 . The method of claim 13 , wherein the network-based application server is an on-line presentation server.
15 . The method of claim 14 , wherein the policy prohibits transmitting a desktop or screen image, files, or other information from the client computer outside of the local domain.
16 . The method of claim 14 , wherein the policy prohibits giving remote control of the client computer to an entity outside the local domain.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.