| 发明名称 |
PROXY SSL AUTHENTICATION IN SPLIT SSL FOR CLIENT-SIDE PROXY AGENT RESOURCES WITH CONTENT INSERTION |
| 摘要 |
A traffic management device (TMD), system, and processor-readable storage medium are directed to determining that an end-to-end encrypted session has been established between a client and an authentication server, intercepting and decrypting subsequent task traffic from the client, and forwarding the intercepted traffic toward a server. In some embodiments, a second connection between the TMD and server may be employed to forward the intercepted traffic, and the second connection may be unencrypted or encrypted with a different mechanism than the encrypted connection to the authentication server. The encrypted connection to the authentication server may be maintained following authentication to enable termination of the second connection if the client becomes untrusted, and/or to enable logging of client requests, connection information, and the like. In some embodiments, the TMD may act as a proxy to provide client access to a number of servers and/or resources. |
| 申请公布号 |
US2016072811(A1) |
申请公布日期 |
2016.03.10 |
| 申请号 |
US201514856127 |
申请日期 |
2015.09.16 |
| 申请人 |
F5 Networks, Inc. |
发明人 |
Bollay Benn Sapin;Hawthorne Jonathan Mini |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A traffic management device for managing network traffic between a client device and a server device, comprising:
a transceiver to send and receive data over a network; and a processor, in communication with the transceiver, that performs actions, including:
obtaining a key associated with an encrypted first connection between the client device and an authentication server device, wherein the encrypted first connection is established using a two-way authentication between the client device and the authentication server device;intercepting a message sent from the client device toward the authentication server device over the encrypted first connection;performing an analysis of the intercepted message based on the key; andselectively forwarding the intercepted message toward the server device based on the analysis, using a second connection between the traffic management device and the server device, while the encrypted first connection is actively maintained between the client device and the authentication server device. |
| 地址 |
Seattle WA US |
