公开(公告)号：WO0103398A3

公开(公告)日：2001-06-07

申请号：PCT/GB0002469

申请日：2000-06-28

Applicant: IBM ,  IBM UK

Inventor： BELLWOOD THOMAS ALEXANDER ,  LITA CHRISTIAN ,  RUTKOWSKI MATTHEW FRANCIS

IPC: G06F13/00 ,  G06F15/00 ,  H04L9/08 ,  H04L12/22 ,  H04L12/66 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0464 ,  H04L63/166 ,  H04L2463/102

Abstract: A method of enabling a proxy to participate in a secure communication between a client and a set of servers. The method begins by establishing a first secure session between the client and the proxy. Upon verifying the first secure session, the method continues by establishing a second secure session between the client and the proxy. In the second secure session, the client requests the proxy to act as a conduit to a first server. Thereafter, the client and the first server negotiate a first session master secret. Using the first secure session, this first session master secret is then provided by the client to the proxy to enable the proxy to participate in secure communications between the client and the first server. After receiving the first session master secret, the proxy generates cryptographic information that enables it to provide a given service (e.g., transcoding) on the client's behalf and without the first server's knowledge or participation. If data from a second server is required during the processing of a given client request to the first server, the proxy issues a request to the client to tunnel back through the proxy to the second server using the same protocol.

Abstract translation: 一种使代理能够参与客户端与一组服务器之间的安全通信的方法。 该方法首先在客户端和代理之间建立第一个安全会话。 在验证第一安全会话后，该方法继续在客户端和代理之间建立第二安全会话。 在第二个安全会话中，客户端请求代理充当第一台服务器的管道。 此后，客户端和第一服务器协商第一会话主密钥。 使用第一安全会话，然后由客户端将第一会话主密钥提供给代理，以使代理能够参与客户端和第一服务器之间的安全通信。 在接收到第一会话主秘密之后，代理生成密码信息，使其能够代表客户提供给定的服务（例如代码转换），并且不需要第一服务器的知识或参与。 如果在处理给定第一个服务器的给定客户机请求期间需要来自第二个服务器的数据，则代理向客户机发出请求，以使用相同协议通过代理向第二个服务器进行隧道传输。