-
公开(公告)号:US10469594B2
公开(公告)日:2019-11-05
申请号:US14962058
申请日:2015-12-08
申请人: A10 Networks, Inc.
发明人: Xuyang Jiang , Yang Yang , Ali Golshan
IPC分类号: H04L29/08 , H04L29/06 , H04N21/222 , G06F21/00 , H04L9/00 , H04N21/647
摘要: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.
-
公开(公告)号:US10389538B2
公开(公告)日:2019-08-20
申请号:US15453861
申请日:2017-03-08
申请人: A10 Networks, Inc.
发明人: Ali Golshan , Xuyang Jiang , Yang Yang
摘要: Disclosed herein are systems and methods for a security gateway to process secure network sessions where there is a server certificate validation error. In various embodiments, varying security policies can be applied to the secure network sessions, including intercepting of network data, bypass of the security gateway, or termination of the secure sessions.
-
公开(公告)号:US20180262348A1
公开(公告)日:2018-09-13
申请号:US15453861
申请日:2017-03-08
申请人: A10 Networks, Inc.
发明人: Ali Golshan , Xuyang Jiang , Yang Yang
CPC分类号: H04L9/3268 , H04L9/0838 , H04L9/14 , H04L63/0823 , H04L63/0884 , H04L2209/76
摘要: Disclosed herein are systems and methods for a security gateway to process secure network sessions where there is a server certificate validation error. In various embodiments, varying security policies can be applied to the secure network sessions, including intercepting of network data, bypass of the security gateway, or termination of the secure sessions.
-
公开(公告)号:US10063591B1
公开(公告)日:2018-08-28
申请号:US14622840
申请日:2015-02-14
申请人: A10 Networks, Inc.
发明人: Xuyang Jiang , Ali Golshan
IPC分类号: H04L29/06
CPC分类号: H04L63/168 , H04L63/0464 , H04L63/1416
摘要: Provided are methods and systems for intercepting encrypted data packets. A system for intercepting encrypted data packets may comprise a first device, a second device, and a monitoring device. The first device may be operable to intercept at least one encrypted data packet. The first device may be further operable to decrypt the at least one encrypted packet to produce at least one decrypted data packet. The first device may provide the at least one decrypted data packet to the monitoring device. The monitoring device may be operable to inspect the at least one decrypted data packet based on predetermined criteria. The second device may be operable to receive, from the monitoring device, the at least one decrypted data packet. The second device may be further operable to re-encrypt the at least one decrypted data packet to produce the at least one encrypted data packet.
-
公开(公告)号:US20200092329A1
公开(公告)日:2020-03-19
申请号:US16044893
申请日:2018-07-25
申请人: A10 NETWORKS, INC.
发明人: Xuyang Jiang , Ali Golshan
IPC分类号: H04L29/06
摘要: Provided are methods and systems for intercepting encrypted data packets. A system for intercepting encrypted data packets includes a first device and a second device. The first device serves a client-side data traffic associated with a client device and the second device serves a server-side data traffic associated with a server. The first device is configured to intercept at least one encrypted data packet. The first device is further configured to decrypt the encrypted packet to produce at least one decrypted data packet. The first device provides the decrypted data packet to one or more monitoring devices for inspection of the decrypted data packet. The second device is configured to receive, from the one or more monitoring devices, the at least one decrypted data packet. The second device is further operable to re-encrypt the decrypted data packet to produce the at least one encrypted data packet.
-
公开(公告)号:US10341118B2
公开(公告)日:2019-07-02
申请号:US15225818
申请日:2016-08-01
申请人: A10 Networks, Inc.
发明人: Yang Yang , Xuyang Jiang , Ali Golshan
摘要: A security network system may include a security gateway operable to establish a client session between the security gateway and a client device. The security gateway is operable to receive client session information from the client session. The client session information includes an identification of a server with which the client device needs to exchange data. The security network system may also include a Hardware Security Module (HSM) in communication with the security gateway. The HSM is operable to establish, in concert with the security gateway, a secure session between the security gateway and the server based on the client session data, a public key, a secret key, and context attributed to the secure session.
-
公开(公告)号:US20180034643A1
公开(公告)日:2018-02-01
申请号:US15225818
申请日:2016-08-01
申请人: A10 Networks, Inc.
发明人: Yang Yang , Xuyang Jiang , Ali Golshan
CPC分类号: H04L9/3263 , H04L9/0827 , H04L9/0894 , H04L63/00 , H04L63/0281 , H04L63/0823 , H04L63/166 , H04L67/141 , H04L2209/76
摘要: A security network system may include a security gateway operable to establish a client session between the security gateway and a client device. The security gateway is operable to receive client session information from the client session. The client session information includes an identification of a server with which the client device needs to exchange data. The security network system may also include a Hardware Security Module (HSM) in communication with the security gateway. The HSM is operable to establish, in concert with the security gateway, a secure session between the security gateway and the server based on the client session data, a public key, a secret key, and context attributed to the secure session.
-
公开(公告)号:US20170163736A1
公开(公告)日:2017-06-08
申请号:US14962058
申请日:2015-12-08
申请人: A10 Networks, Inc.
发明人: Xuyang Jiang , Yang Yang , Ali Golshan
CPC分类号: H04L67/141 , G06F21/00 , H04L9/00 , H04L63/0272 , H04L63/0428 , H04L63/0471 , H04L63/0823 , H04L63/123 , H04L63/166 , H04L63/306 , H04L67/28 , H04N21/222 , H04N21/64707
摘要: Provided are methods and systems for inspecting secure data. A system for inspecting secure data comprises a server facing module, and a client facing module in communication with the server facing module. The client facing module is operable to intercept a client request associated with the secure data to establish a secure connection with a server, establish a data traffic channel via the server facing module, and provide a control message to the server facing module via the data traffic channel. The control message includes an instruction to the server facing module to obtain a security certificate from the server. The security certificate is received from the server facing module via the data traffic channel. The security certificate is forged to establish the secure connection between the client and the client facing module. The client facing module sends unencrypted data to the server facing module via the data traffic channel.
-
公开(公告)号:USRE47924E1
公开(公告)日:2020-03-31
申请号:US16290814
申请日:2019-03-01
申请人: A10 Networks, Inc.
发明人: Ali Golshan , Xuyang Jiang , Yang Yang
IPC分类号: H04L29/06
摘要: Provided are methods and systems for caching network generated security certificates. An example system may include a security gateway node and a storage module. The security gateway node may be operable to receive, from a client, a session request to establish a secure connection with a server. Based on the session request, the security gateway node may establish a first secure session between the client and the security gateway node and a second secure session between the security gateway node and the server. The security gateway node may receive a server certificate from the server. The security gateway node may match the server certificate against a gateway certificate table. Based on the matching, the security gateway node may receive a gateway certificate associated with the gateway certificate entry that matches the server certificate. The gateway certificate may be used for performing the first secure session.
-
公开(公告)号:US10382562B2
公开(公告)日:2019-08-13
申请号:US15344443
申请日:2016-11-04
申请人: A10 Networks, Inc.
发明人: Yang Yang , Xuyang Jiang , Ali Golshan
摘要: Described are systems and methods for verifying server security certificates using hash codes. The system may include a client secure socket layer (SSL) node, a service gateway node, and a storage node. The client SSL node may receive a session request from a client. The service gateway node may forward the session request to a server to receive a server security certificate. The service gateway node may query a server domain name system module to receive a hash code. The hash code may include a first hash value and a hash function to obtain the server security certificate based on the first hash value. The service gateway node may calculate a second hash value by applying the hash function to the server security certificate and match the second hash value and the first hash value to determine whether the server security certificate is valid.
-
-
-
-
-
-
-
-
-
搜索结果
19 条记录 (耗时 0.014 秒)
