发明名称 |
Policy based trust of proxies |
摘要 |
A proxy connect component establishes a connection with a proxy, and provides the proxy with a name of a host with which to establish a connection. A negotiation component negotiates a tunnel directly with the host, and a security component classifies the tunnel as at least one of a private-tunnel or a public-tunnel based at least in part on a set of privacy policies. If the tunnel is classified as a public-tunnel, then the proxy is provided a set of security credentials to inspect and/or modify data passing through the tunnel, or a NULL cipher is employed. If the tunnel is classified as a private-tunnel, then the proxy is not provided the security credentials to inspect and/or modify data passing through the tunnel. |
申请公布号 |
US8978093(B1) |
申请公布日期 |
2015.03.10 |
申请号 |
US201213463668 |
申请日期 |
2012.05.03 |
申请人 |
Google Inc. |
发明人 |
Peon Roberto |
分类号 |
G06F17/00;H04L12/28 |
主分类号 |
G06F17/00 |
代理机构 |
Foley & Lardner LLP |
代理人 |
Gordon Edward A.;Foley & Lardner LLP |
主权项 |
1. A system, comprising:
a client comprising:
a memory storing computer executable components; anda processor configured to execute the following computer executable components stored in the memory, the components comprising:
a proxy connect component that establishes a first connection between the client and a proxy, and provides the proxy with a name of a host with which to establish a second connection;a negotiation component that negotiates directly with the host a tunnel between the client and the host through the proxy;a security component that classifies the tunnel as at least one of a private-tunnel or a public-tunnel based at least in part on a set of privacy policies;a credentials component configured to
in response to the to the tunnel being classified as a public-tunnel, provide a set of security credentials for the public-tunnel to the proxy or employ a NULL cipher for encryption of communications between the client and the host; andin response to the tunnel being classified as a private-tunnel, encrypt communications between the client and the host through the proxy and does not provide a set of security credentials for the private-tunnel to the proxy; anda bypass component that in response to the tunnel being classified as a private-tunnel and a determination that the proxy has closed the private-tunnel, bypasses the proxy, and establishes a connection between the client and the host. |
地址 |
Mountain View CA US |