Split termination of secure communication sessions with mutual certificate-based authentication
US8707043B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 3, 2009 |
| Grant date | Apr 22, 2014 |
| Priority date | — |
| Expiry date | Jun 29, 2031 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/56
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A method and apparatus are provided for split-terminating a secure client-server communication connection when the client and server perform mutual authentication by exchanging certificates, such as within a Lotus Notes environment. When the client submits a certificate to the server, an intermediary device intercepts the certificate and submits to the server a substitute client certificate generated by that intermediary. A certificate authority's private key is previously installed on the intermediary to enable it to generate public keys, private keys and digital certificates. With the private key corresponding to the substitute certificate, the intermediary extracts a temporary key from a subsequent server message. The intermediary uses the temporary key to read a session key issued later by the server. Thereafter, the intermediary shares the session key with another intermediary, and together they use the session keys to access and optimize (e.g., accelerate) messages sent by the client and the server.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.