US2019334950A1PendingUtilityA1
Private key operations
Assignee: SSH COMMUNICATIONS SECURITY OYJPriority: Jan 24, 2012Filed: Jul 9, 2019Published: Oct 31, 2019
Est. expiryJan 24, 2032(~5.5 yrs left)· nominal 20-yr term from priority
H04L 63/164H04L 63/0428H04L 63/1483H04L 63/166H04L 63/16
54
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
Encrypted SFTP file transfers and other encrypted file transfers may be audited and what files can be transferred may be controlled at a firewall or other gateway. Transferred files may be subjected to data loss prevention analysis and/or virus checks.
Claims
exact text as granted — not AI-modified1 .- 20 . (canceled)
21 . A method for session control, comprising:
connecting, by an interceptor device, to a private key server using a cryptographic protocol; sending, from the interceptor device, a request to the private key server to cause performance of a private key operation in relation to a secure session processed by the interceptor device, the request comprising information about the secure session; receiving, by the computing device, results of the requested private key operation; and using the results in processing the secure session.
22 . The method according to claim 21 , wherein the intercepted secure session comprises a Secure Shell (SSH) session and the private key operation comprises cryptographic operation performed using a Secure Shell (SSH) key.
23 . The method according to claim 21 , wherein the private key operation uses a private key corresponding to a Remote Desktop Protocol (RDP) certificate.
24 . The method according to claim 21 , comprising running the interceptor device in virtualization environment.
25 . The method according to claim 24 , comprising providing a virtual machine by the interceptor device.
26 . The method according to claim 21 , comprising performing a man-in-the-middle attack by an interceptor device based on the results of the requested private key operation without direct access to the private key.
27 . The method according to claim 21 , comprising causing performing of the requested private key operation on another server than the private key server, the other server having access to a relevant private key, and receiving the results of the private key operation directly or indirectly from said other server.
28 . The method according to claim 21 , comprising identifying a server that has access to a private key corresponding to a certificate for a destination server of the encrypted session, and causing use of the private key accessible by the identified server during the private key operation.
29 . The method according to claim 21 , comprising sending information about the secure session to at least one of a vault, a data loss prevention system and an audit server.
30 . The method according to claim 21 , wherein said information about the secure session comprises information identifying a destination computer for the secure session the request relates to.
31 . An interceptor device comprising at least one processor and memory comprising program code configured to, with the at least one processor, cause the apparatus to:
connect to a private key server using a cryptographic protocol; send a request to the private key server to cause performance of a private key operation in relation to a secure session processed by the interceptor device, the request comprising information about the secure session; receive results of the requested private key operation; and use the results in processing the secure session.
32 . The interceptor device according to claim 31 , the intercepted secure session comprising one of
a Secure Shell (SSH) session, wherein the private key operation comprises cryptographic operation performed using a Secure Shell (SSH) key, or a Remote Desktop Protocol (RDP) session, wherein the private key operation uses a private key corresponding to a Remote Desktop Protocol (RDP) certificate.
33 . The interceptor device according to claim 31 , configured to operate in virtualization environment.
34 . The interceptor device according to claim 31 , configured to perform a man-in-the-middle attack based on the results of the requested private key operation without direct access to the private key.
35 . The interceptor device according to claim 31 , wherein said information about the secure session comprises information identifying a destination computer for the secure session the request relates to.
36 . The interceptor device according to claim 31 , comprising an interceptor implemented in a firewall, a server or a gateway and configured to cause decryption of intercepted encrypted sessions and/or encryption of sessions communicated further from the interceptor device.
37 . A private key server, comprising at least one processor and memory comprising program code configured to, with the at least one processor, cause the private key server to:
receive a connection from an interceptor device; receive a request from the interceptor device for a private key operation in relation to a secure session processed by the interceptor device, the request comprising information about the secure session; cause performance of the request private key operation on the secure session on behalf of the interceptor device; and cause sending of results of the requested private key operation to the interceptor device for use in processing the secure session.
38 . The private key server according to claim 37 , configured to cause performing of the requested private key operation on a private key related to an Secure Shell (SSH) session on behalf of the interceptor device.
39 . The private key server according to claim 37 , configured to cause performance of the requested private key operation on another server than the private key server, the other server having access to a relevant private key.
40 . The private key server according to claim 37 , configured to identify a server that has access to a private key corresponding to a certificate for a destination server of the secure session, and causing use of the private key accessible by the identified server during the private key operation.
41 . The private key server according to claim 37 , configured to identify a destination server for the secure session based on the information in the request, and cause the destination server to perform the requested private key operation.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.