Processing

Please wait...

Settings

Settings

Goto Application

1. WO2020117827 - METHOD FOR SECURELY NEGOTIATING END-TO-END CRYPTOGRAPHIC CONTEXT USING INLINE MESSAGES THROUGH MULTIPLE PROXIES IN CLOUD AND CUSTOMER ENVIRONMENT

Publication Number WO/2020/117827
Publication Date 11.06.2020
International Application No. PCT/US2019/064264
International Filing Date 03.12.2019
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
H04L 29/08 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
08Transmission control procedure, e.g. data link level control procedure
CPC
H04L 63/0281
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0281Proxies
H04L 63/0428
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
H04L 63/0464
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
0464using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it
H04L 63/0471
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
04for providing a confidential data exchange among entities communicating through data packet networks
0428wherein the data content is protected, e.g. by encrypting or encapsulating the payload
0471applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
H04L 63/06
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
06for supporting key management in a packet data network
H04L 63/08
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
08for supporting authentication of entities communicating through a packet data network
Applicants
  • CITRIX SYSTEMS, INC. [US]/[US]
Inventors
  • SURESH, Viswanath Yarangatta
Agents
  • MCKENNA, Christopher J.
  • PUA, Meng H.
Priority Data
16/210,84005.12.2018US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) METHOD FOR SECURELY NEGOTIATING END-TO-END CRYPTOGRAPHIC CONTEXT USING INLINE MESSAGES THROUGH MULTIPLE PROXIES IN CLOUD AND CUSTOMER ENVIRONMENT
(FR) PROCÉDÉ POUR NÉGOCIER DE MANIÈRE SÉCURISÉE UN CONTEXTE CRYPTOGRAPHIQUE DE BOUT EN BOUT À L'AIDE DE MESSAGES EN LIGNE PAR L'INTERMÉDIAIRE DE MULTIPLES MANDATAIRES DANS UN ENVIRONNEMENT EN NUAGE ET CLIENT
Abstract
(EN)
Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context.
(FR)
L'invention porte, dans des modes de réalisation, sur des systèmes et des procédés permettant l'établissement d'un contexte cryptographique de bout en bout. Un nœud de service peut être situé entre un client et un serveur qui fournit un service au client. Au moins un dispositif de réseau peut être situé entre le nœud de service et le serveur. Le nœud de service peut obtenir des informations pour valider le service. Le nœud de service peut établir un contexte cryptographique de bout en bout entre le nœud de service et le serveur par l'intermédiaire du ou des dispositifs de réseau. Un premier dispositif de réseau du ou des dispositifs de réseau peut partager un contexte cryptographique avec le nœud de service, qui existait avant l'établissement du contexte cryptographique de bout en bout. Le nœud de service peut transmettre un message au dispositif de réseau chiffré à l'aide du premier contexte cryptographique. Le message chiffré peut informer le premier dispositif de réseau de passer le trafic qui est chiffré à l'aide du contexte cryptographique de bout en bout.
Also published as
Latest bibliographic data on file with the International Bureau