| 摘要 |
A protocol negotiation platform permits a computer or other node lying outside of a security-enabled domain to negotiate a supported security protocol with a server or other node within that domain. Active Directory(TM), Kerberos and other secure network technologies permit agents or nodes within a domain to communicate securely with each other, using default, protocols and key, certificate or other authentication techniques. In the past external agents however had no transparent way to enter the domain, requiring the manual selection of protocols for use across the domain boundary. According to the invention either of an external agent or an internal agent may initiate an attempt to establish a secure session across the domain boundary, transmitting a request including a set of supported protocols to the recipient machine. A negotiation engine may then compare the available protocols on both of the agents, nodes or machines at either end of the session, and select a compatible protocol when found. The internal and external agents may likewise authenticate each other using a key, certificate or other mechanism.
|
