公开(公告)号：WO2015023900A3

公开(公告)日：2015-11-19

申请号：PCT/US2014051154

申请日：2014-08-14

Applicant: IBOSS INC

Inventor： MARTINI PAUL MICHAEL

IPC: G06F17/00

CPC classification number: H04L63/0281 ,  H04L63/0471 ,  H04L63/20 ,  H04L67/02 ,  H04L67/42

Abstract: A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource.

Abstract translation: 从网络内的第一设备接收寻址到网络外部的第二设备上的第一资源的HTTP请求。 HTTP请求被重定向到网络中的第三个设备。 在第一设备和第三设备之间建立第一加密连接，以及第三设备和第二设备之间的第二加密连接。 第三个设备从第二个设备检索第一个资源。 修改第一资源以改变第一资源内的指针以指向与网络内的第三设备相关联的域中的位置。 第三设备向第一设备提供第二资源。

公开(公告)号：WO2015023336A3

公开(公告)日：2015-04-16

申请号：PCT/US2014039231

申请日：2014-05-22

Applicant: IBOSS INC

Inventor： MARTINI PAUL MICHAEL

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0209 ,  H04L63/0254 ,  H04L63/0281 ,  H04L63/0428 ,  H04L63/0464 ,  H04L63/168 ,  H04L63/20 ,  H04L67/02 ,  H04L67/42

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource.

Abstract translation: 方法，系统和装置，包括在计算机存储介质上编码的计算机程序，用于在中间解密中选择性地执行人员。 其中一种方法包括接收访问由网络外的服务器托管的第一资源的第一请求，确定来自客户端设备访问网络外部的第一资源的请求是否应被重定向到由所述网络内的代理托管的第二资源 网络，向客户端设备提供重定向响应，重定向响应包括第二通用资源标识符，建立连接在客户端设备和托管第二资源的代理之间的第一加密，以及托管第二域的代理之间的第二加密连接 以及承载第一资源的服务器，以及解密和检查在客户端设备和托管第一资源的服务器之间传递的加密通信流量。

公开(公告)号：WO2014182727A3

公开(公告)日：2014-12-31

申请号：PCT/US2014037009

申请日：2014-05-06

Applicant: IBOSS INC

Inventor： MARTINI PAUL MICHAEL

IPC: H04L29/06 ,  H04L29/08

CPC classification number: H04L63/0428 ,  H04L9/321 ,  H04L63/0227 ,  H04L63/0281 ,  H04L63/04 ,  H04L63/10 ,  H04L63/1441 ,  H04L63/166 ,  H04L63/168 ,  H04L63/20 ,  H04L63/30 ,  H04L63/306 ,  H04L67/02

Abstract: An agent on a device within a network receives a request to access a resource outside the network. A first encrypted connection is established between the device and the agent, and a second encrypted connection is established between the agent and the resource, to facilitate encrypted communication traffic between the device and the resource. The agent sends a policy request to a network appliance within the network, the request specifying the resource. The agent receives a policy response indicating that the resource is associated with one or more security policies of the network. Traffic passing between the device and the resource is selectively decrypted and inspected depending on the security policies.

Abstract translation: 网络中的设备上的代理接收到访问网络外的资源的请求。 在设备和代理之间建立第一加密连接，并且在代理和资源之间建立第二加密连接，以促进设备和资源之间的加密通信流量。 代理向网络中的网络设备发送策略请求，该请求指定资源。 代理接收到指示资源与网络的一个或多个安全策略相关联的策略响应。 根据安全策略，选择性地对设备和资源之间的流量进行解密和检查。