主权项 |
1. A method, comprising:
receiving, by a proxy server from a user endpoint, a secure connection request to a second server, the secure connection request comprising a globally unique identifier registered for the user endpoint; employing, by the proxy server, the globally unique identifier as a primary key to distinguish a first certificate authority of a plurality of certificate authorities installed in the proxy server from other certificate authorities of the plurality of certificate authorities installed in the proxy server; responding, by the proxy server, with an acknowledgement to the user endpoint; intercepting, by the proxy server from the user endpoint, a first secure handshake from the user endpoint to the second server; initiating, by the proxy server, a second secure handshake on behalf of the user endpoint with the second server based on the first secure handshake; intercepting, by the proxy server from the second server, a second secure handshake response comprising a server certificate and metadata; generating, by the proxy server, a second certificate using the metadata and signed by the first certificate authority distinguished with the globally unique identifier registered for the user endpoint; transmitting, by the proxy server to the user endpoint, a modified response to the secure connection request secured with the second certificate to establish a proxied secure connection; intercepting, by the proxy server from the user endpoint, a media receive request intended for the second server comprising an encrypted payload from the user endpoint; decrypting, by the proxy server, the encrypted payload using a private key of the second certificate; creating, by the proxy server, a media request to the second server by encrypting the payload with the public key of the server certificate; forwarding, by the proxy server, the encrypted payload to the second server; receiving, by the proxy server, an encrypted media receive response from the second server containing media data encrypted with a private key associated with the generated second server certificate; decrypting, by the proxy server, the encrypted media receive response with the public key of the second server certificate to obtain a media receive payload; passing, by the proxy server, the media receive payload through a media pre-filtering processor of the proxy server to obtain a pre-filtered payload; encrypting, by the proxy server, the pre-filtered payload with the private key associated with the second server certificate to create an encrypted pre-filtered media receive response; and forwarding, by the proxy server, the encrypted pre-filtered media receive response to the user endpoint. |