US2016344700A1PendingUtilityA1

System and method for reception and transmission optimization of secured video, image, audio, and other media traffic via proxy

41
Assignee: A2ZLOGIX INCPriority: May 18, 2015Filed: Oct 14, 2015Published: Nov 24, 2016
Est. expiryMay 18, 2035(~8.9 yrs left)· nominal 20-yr term from priority
H04L 63/0281H04L 63/0428H04L 63/0823H04L 63/20H04L 63/0464
41
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A proxy server may receive from a user endpoint, a secure connection request to a second server. The secure connection request may be matched to a globally unique identifier registered for the user endpoint by employing a device-specified identifier associated with the globally unique identifier. The proxy server may respond. with an acknowledgement to the user endpoint. The proxy server may intercept, from the user endpoint, a first secure handshake with the second server. The proxy server may initiate a second secure handshake with the second server based on the intercepted first secure handshake. The proxy server may intercept from the second server a second secure handshake response comprising a server certificate with metadata. The proxy server may generate a second certificate using the metadata and signed by a first certificate authority associated with the globally unique identifier registered for the user endpoint. The proxy server may transmit to the user endpoint a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method, comprising:
 receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request matched to a globally unique identifier registered for the user endpoint by employing a device-specified identifier associated with the globally unique identifier;   responding, by the proxy server, with an acknowledgement to the user endpoint;   intercepting, by the proxy server from the user endpoint, a first secure handshake with the second server;   initiating, by the proxy server, a second secure handshake with the second server based on the first secure handshake;   intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate with metadata;   generating, by the proxy server, a second certificate using the metadata and signed by a first certificate authority associated with the globally unique identifier registered for the user endpoint; and   transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.   
     
     
         2 . The method of  claim 1 , further comprising, prior to receiving the secure connection request to the second server:
 receiving, by the proxy server, the first certificate authority, wherein the first certificate authority is also installed on the user endpoint, the first certificate authority generated using the globally unique identifier; and   receiving, by the proxy server, a registration that distinguishes the first certificate authority from other certificate authorities based on the globally unique identifier employed as a primary key.   
     
     
         3 . The method of  claim 1 , further comprising determining whether to forward or not forward the secure connection request to the second server based on a rule or policy. 
     
     
         4 . The method of  claim 1 , further comprising:
 intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising a payload from the user endpoint;   decrypting, by the proxy server, the payload using a private key of the second certificate;   creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate; and   forwarding, by the proxy server, the encrypted payload to the second server.   
     
     
         5 . The method of  claim 3 , further comprising:
 receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;   decrypting, by the proxy server, the media receive response with the public key of the second server certificate to obtain a media receive payload;   passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;   encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create a pre-filtered media receive response; and   forwarding, by the proxy server, the pre-filtered media receive response to the user endpoint.   
     
     
         6 . The method of  claim 5 , wherein passing the media receive payload through the media pre-filtering processor comprises performing at least one of resolution reduction, dynamic range reduction, frame rate reduction, spatial high frequency reduction, spatio-temporal high frequency reduction, entropy coding of protocol headers, or discrete cosine transform (DCT) or wavelet coefficient re-quantization of the media, audio, images or video payloads. 
     
     
         7 . The method of  claim 1 , further comprising, prior to receiving a first secure connection, receiving a configuration, by the proxy server, to incorporate or communicate with a media pre-filtering processor to generated pre-filtered media, audio, images or video payloads. 
     
     
         8 . The method of  claim 3 , wherein the rule or policy is at least predicated on presence of a corresponding certificate authority of a plurality of certificate authorities on the user endpoint. 
     
     
         9 . The method of  claim 1 , wherein the proxy server communicates a media receive payload to a transcoding or a transrating service using the internet content adaptation protocol (ICAP). 
     
     
         10 . The method of  claim 1 , wherein the proxy server communicates a media receive payload to a transcoding or a transrating service using asynchronous application programming interface (API) calls. 
     
     
         11 . The method of  claim 1 , further comprising:
 intercepting, by the proxy server from the user endpoint, a media send request comprising a pre-filtered media payload to the second server via the proxied secure connection;   decrypting, by the proxy server, the pre-filtered media payload using a private key of the second certificate;   passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;   encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create a second media post request; and   forwarding, by the proxy server, the encrypted second media post request to the second server.   
     
     
         12 . The method of  claim 11 , wherein passing the pre-filtered media payload through the post-filtering processor comprises performing one or more of super-resolution or non-linear interpolation methods in any of the audio frequency, discrete cosine transform (DCT), image spatial, color gamut, or video statio-temporal domains. 
     
     
         13 . The method of  claim 11 , further comprising, communicating, by the proxy server, the pre-filtered media payload to the post-filtering processor using the internet content adaptation protocol (ICAP) protocol. 
     
     
         14 . The method of  claim 11 , further comprising, communicating, by the proxy server, the pre-filtered media payload to the post-filtering processor using asynchronous application programming interface (API) calls. 
     
     
         15 . A system, comprising:
 a memory;   a processing device, operatively coupled to the memory, the processing device to:
 receive, from a user endpoint, a secure connection request to a second server, the secure connection request matched to a globally unique identifier registered for the user endpoint by employing a device-specified identifier associated with the globally unique identifier; 
 respond with an acknowledgement to the user endpoint; 
 intercept, from the user endpoint, a first secure handshake with the second server; 
 initiate a second secure handshake with the second server based on the first secure handshake; 
 receive, from the second server, a second secure handshake response comprising a server certificate with metadata; 
 generate a second certificate using the metadata and signed by a first certificate authority associated with the globally unique identifier registered for the user endpoint; and 
 transmit, to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection. 
   
     
     
         16 . The system of  claim 15 , wherein the proxy server is further to, prior to receiving the secure connection request to the second server:
 receive the first certificate authority, wherein the first certificate authority is also installed on the user endpoint, the first certificate authority generated using the globally unique identifier; and   receive a registration that distinguishes the first certificate authority from other certificate authorities based on the globally unique identifier employed as a primary key.   
     
     
         17 . The system of  claim 16 , wherein the processing device is further to:
 intercept, from the user endpoint, a media receive request intended for the second server comprising a payload from the user endpoint;   decrypt the payload using a private key of the second certificate;   create a media request to the second server by encrypting the payload with the public key of the server certificate; and   forward the encrypted payload to the second server.   
     
     
         18 . The system of  claim 17 , wherein the processing device is further to:
 receive an encrypted media receive response from the second server containing media data encrypted with the generated second server certificate private key;   decrypt the media receive response with the public key of the second server certificate to obtain a media receive payload;   pass the media receive payload through the media pre-filtering processor of the proxy server to obtain a pre-filtered payload;   encrypt the pre-filtered payload with the second certificate private key to create a pre-filtered media receive response; and   forward the pre-filtered media receive response to the user endpoint.   
     
     
         19 . The system of  claim 15 , wherein the processing device is further to:
 intercept, from the user endpoint, a media send request comprising a pre-filtered media payload to the second server via the proxied secure connection;   decrypt the pre-filtered media payload using a private key of the second certificate;   pass the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;   encrypt the post-filtered media payload with a generated certificate private key to create a second media post request; and   forward the encrypted second media post request to the second server.   
     
     
         20 . A non-transitory computer-readable storage medium including instructions that, when accessed by a proxy server, cause the proxy server to perform operations comprising:
 receiving, by the proxy server from a user endpoint, a secure connection request to a second server, the secure connection request matched to a globally unique identifier registered for the user endpoint by employing a device-specified identifier associated with the globally unique identifier;   intercepting, by the proxy server from the user endpoint, a first secure handshake with the second server;   responding, by the proxy server, with an acknowledgement to the user endpoint;   initiating, by the proxy server, a second secure handshake with the second based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate with metadata;   generating, by the proxy server, a second certificate using the metadata and signed by a first certificate authority associated with the globally unique identifier registered for the user endpoint; and   transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection.   
     
     
         21 . The non-transitory computer-readable storage medium of  claim 20 , further comprising, prior to receiving the secure connection request to the second server:
 receiving, by the proxy server, the first certificate authority, wherein the first certificate authority is also installed on the user endpoint, the first certificate authority generated using the globally unique identifier; and   receiving, by the proxy server, a registration that distinguishes the first certificate authority from other certificate authorities based on the globally unique identifier employed as a primary key.   
     
     
         22 . The non-transitory computer-readable storage medium of  claim 20 , further comprising:
 intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising a payload from the user endpoint;   decrypting, by the proxy server, the payload using a private key of the second certificate;   creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate; and   forwarding, by the proxy server, the encrypted payload to the second server.   
     
     
         23 . The non-transitory computer-readable storage medium of  claim 20 , further comprising:
 receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate;   decrypting, by the proxy server, the media receive response with the public key of the second server certificate to obtain a media receive payload;   passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload;   encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create a pre-filtered media receive response; and   forwarding, by the proxy server, the pre-filtered media receive response to the user endpoint.   
     
     
         24 . The non-transitory computer-readable storage medium of  claim 20 , further comprising:
 intercepting, by the proxy server from the user endpoint, a media send request comprising a pre-filtered media payload to the second server via the proxied secure connection;   decrypting, by the proxy server, the pre-filtered media payload using a private key of the second certificate;   passing, by the proxy server, the pre-filtered media payload through a post-filtering processor to obtain a post-filtered media payload;   encrypting, by the proxy server, the post-filtered media payload with a generated certificate private key to create a second media post request; and   forwarding, by the proxy server, the encrypted second media post request to the second server.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.