公开(公告)号：US07506368B1

公开(公告)日：2009-03-17

申请号：US10365940

申请日：2003-02-13

Applicant: Edward C. Kersey ,  James W. O'Toole, Jr. ,  Bradley Dale Dike ,  Patrick Darrell Tate ,  Eric A. Fritzges ,  Andre Justin Pecqueur ,  Bruce F. Wong ,  Hema M. Prasad ,  Shaheed Bacchus ,  Larry David Bisel

Inventor： Edward C. Kersey ,  James W. O'Toole, Jr. ,  Bradley Dale Dike ,  Patrick Darrell Tate ,  Eric A. Fritzges ,  Andre Justin Pecqueur ,  Bruce F. Wong ,  Hema M. Prasad ,  Shaheed Bacchus ,  Larry David Bisel

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00

CPC classification number: H04L63/0471 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/10 ,  H04L2209/56 ,  H04L2209/76

Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.

Abstract translation: 一种数据安全装置，用于经由透明网络代理提供网络传输连接，所述透明网络代理通过在中间节点处仿真所述端点之一来沿着两个端点之间的通信会话采用不同的加密安全介质，使得所述通信会话显示为原子安全连接 端到端提供了端到端连接的适当安全性。 发送方节点发送连接请求以建立与预期接收方节点的安全通信会话。 中间节点上的透明代理接收请求，并使用加密机制建立链路。 透明代理与预期的接收器建立第二个链接，并应用第二个较便宜的加密机制。 透明代理将两个链接组合在一起形成可信赖的安全连接，但仅在第二个链接上承担减轻的费用。

公开(公告)号：US08224966B2

公开(公告)日：2012-07-17

申请号：US10925396

申请日：2004-08-24

Applicant: Patrick Darrell Tate ,  Alexander S. Waterman ,  Martin David Grimm ,  Anurag Kahol

Inventor： Patrick Darrell Tate ,  Alexander S. Waterman ,  Martin David Grimm ,  Anurag Kahol

IPC: G06F15/16 ,  G06F15/173 ,  G06F11/00 ,  G01R31/08 ,  G08C15/00 ,  H04J1/16 ,  H04J3/14 ,  H04L1/00 ,  H04L12/26

CPC classification number: H04L67/2814 ,  H04L67/1002 ,  H04L67/2842 ,  H04L69/16 ,  H04L69/163 ,  H04L69/165

Abstract: A method is disclosed for reproxying connections. According to one aspect, a first connection is established between a client and a proxy device. A second connection is established between the proxy device and a server. The first connection comprises a first endpoint at the client and a second endpoint at the proxy device. The second connection comprises a third endpoint at the proxy device and a fourth endpoint at the server. The first and second connections are unproxied by dissolving the second and third endpoints while maintaining the first and fourth endpoints. After the connections have been unproxied, a packet is received at the proxy device. In response, the first and second connections are reproxied by creating fifth and sixth endpoints at the proxy device, so that the first connection comprises the fifth endpoint and the second connection comprises the sixth endpoint.

Abstract translation: 公开了用于重新连接的方法。 根据一个方面，在客户端和代理设备之间建立第一连接。 在代理设备和服务器之间建立第二个连接。 第一连接包括客户端处的第一端点和代理设备处的第二端点。 第二连接包括代理设备处的第三端点和服务器处的第四端点。 通过在保持第一和第四端点的同时溶解第二和第三端点来解决第一和第二连接。 在连接未被占用之后，在代理设备处接收到一个数据包。 作为响应，通过在代理设备处创建第五和第六端点来使第一和第二连接重新发布，使得第一连接包括第五端点，第二连接包括第六端点。

公开(公告)号：US08452956B1

公开(公告)日：2013-05-28

申请号：US12390113

申请日：2009-02-20

Applicant: Edward C. Kersey ,  James W. O'Toole, Jr. ,  Bradley Dale Dike ,  Patrick Darrell Tate ,  Eric A. Fritzges ,  Andre Justin Pecqueur ,  Bruce F. Wong ,  Hema M. Prasad ,  Shaheed Bacchus ,  Larry David Bisel

Inventor： Edward C. Kersey ,  James W. O'Toole, Jr. ,  Bradley Dale Dike ,  Patrick Darrell Tate ,  Eric A. Fritzges ,  Andre Justin Pecqueur ,  Bruce F. Wong ,  Hema M. Prasad ,  Shaheed Bacchus ,  Larry David Bisel

IPC: H04L29/06

CPC classification number: H04L63/0471 ,  H04L9/14 ,  H04L9/321 ,  H04L9/3263 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/10 ,  H04L2209/56 ,  H04L2209/76

Abstract: A data security device for providing a network transport connection via a transparent network proxy that employs different encryption security mediums along a communications session between two endpoints by emulating one of the endpoints at an intermediate node such that the communication session appears as an atomic, secure connection to the endpoints yet provides appropriate security over the end-to-end connection. A sender node sends a connection request to establish a secure communication session with an intended receiver node. A transparent proxy on an intermediate node receives the request and establishes the link employing an encryption mechanism. The transparent proxy establishes a second link with the intended receiver, and applies a second, less expensive encryption mechanism. The transparent proxy combines the two links to form the trusted, secure connection but incurring only the mitigated expense over the second link.