Efficient SSL/TLS Proxy
US-2020304476-A1 · Sep 24, 2020 · US
Mutual secure communications
US12238095B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12238095-B2 |
| Application number | US-202318478419-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 29, 2023 |
| Priority date | Apr 5, 2019 |
| Publication date | Feb 25, 2025 |
| Grant date | Feb 25, 2025 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device.
First claim
Opening claim text (preview).
The invention claimed is: 1. A method comprising: determining, by a first device, a second device for receipt of data; generating, by the first device, request data comprising: certificate data; and an encrypted version of the certificate data; sending, by the first device via an intermediate device and to the second device, the request data, wherein the intermediate device is blocked from decrypting the encrypted version of the certificate data included in the request data; and establishing, based on the certificate data included in the request data, a secure communication channel between the first device and the intermediate device. 2. The method of claim 1 , wherein the generating the request data further comprises: generating a nonce; generating a timestamp; generating an indication of a type of the certificate data; and including the nonce, the timestamp, and the indication of the type in the request data. 3. A method comprising: determining, by a first device, a second device for receipt of data; generating, by the first device, request data comprising: certificate data; and an encrypted version of the certificate data; encrypting the request data using a private key associated with the first device; sending, by the first device via an intermediate device and to the second device, the request data; and establishing, based on the certificate data included in the request data, a secure communication channel between the first device and the intermediate device. 4. The method of claim 3 , wherein the request data is included in a header of a message. 5. The method of claim 3 , further comprising receiving, by the first device and from a certificate authority, the certificate data. 6. The method of claim 3 , further comprising encoding, by the first device and using a Base64 encoding, the request data. 7. The method of claim 3 , wherein the establishing, based on the request data, the secure communication channel further comprises: sending, to the intermediate device, a request message; and receiving, from the intermediate device, a response message. 8. The method of claim 3 , wherein the establishing, based on the request data, the secure communication channel further comprises: receiving, by the first device and from the intermediate device, a message indicating at least one of: a chosen protocol version, a random number, cipher suite, a compression method, a session identifier, a public key associated with the intermediate device, or the public key associated with the second device. 9. A method comprising: determining, by a first device, a second device for receipt of data; generating, by the first device, request data comprising: certificate data; and an encrypted version of the certificate data; sending, by the first device via an intermediate device and to the second device, the request data; establishing, based on the certificate data included in the request data, a secure communication channel between the first device and the intermediate device; and sending, by the first device, to the second device, and via the intermediate device, data that is encrypted by the first device, wherein the first device and the second device are managed by a first service provider, and the intermediate device is managed by a second service provider. 10. The method of claim 9 , further comprising determining, by the first device, the certificate data associated with the first device. 11. A method comprising: determining, by a first device, a second device for receipt of data; encrypting certificate data, using a public key associated with the second device, to generate an encrypted version of the certificate data; generating, by the first device, request data comprising: the certificate data; and the encrypted version of the certificate data; sending, by the first device via an intermediate device and to the second device, the request data; and establishing, based on the certificate data included in the request data, a secure communication channel between the first device and the intermediate device. 12. A method comprising: receiving, by a second device and from an intermediate device, request data comprising: certificate data; and an encrypted version of the certificate data; decrypting the encrypted version of the certificate data using a private key associated with the second device to obtain decrypted certificate data; validating the request data based on the decrypted certificate data and the certificate data; and verifying an identity of a first device based on the certificate data. 13. The method of claim 12 , wherein the intermediate device is blocked from decrypting the encrypted version of the certificate data included in the request data. 14. The method of claim 12 , further comprising decrypting the request data using a public key associated with the first device. 15. The method of claim 12 , further comprising decoding, by the second device and using a Base64 decoding, the request data. 16. The method of claim 12 , wherein the validating the request data further comprises: comparing, by the second device, a timestamp indicated in the request data to a current time maintained by the second device; and validating the request data based on the current time being within a threshold period of the timestamp. 17. The method of claim 12 , wherein the validating the request data further comprises: comparing, by the second device: a nonce value indicated in the request data; and a database of previously received nonce values. 18. The method of claim 12 , wherein the verifying the identity of the first device further comprises: sending, to a certificate authority, the certificate data; and receiving, from the certificate authority, validated certificate data. 19. The method of claim 18 , wherein the validating the request data further comprises: decoding a digital signature based on the validated certificate data. 20. A first device comprising: one or more processors; and memory storing instructions, when executed by the one or more processors, cause the first device to: determine a second device for receipt of data; generate request data comprising: certificate data; and an encrypted version of the certificate data; send, via an intermediate device and to the second device, the request data, wherein the intermediate device is blocked from decrypting the encrypted version of the certificate data included in the request; and establish, based on the certificate data included in the request data, a secure communication channel between the first device and the intermediate device. 21. The first device of claim 20 , wherein the instructions, when executed by the one or more processors, further cause the first device to: generate a nonce; generate a timestamp; generate an indication of a type of the certificate data; and include the nonce, the timestamp, and the indication of the type in the request data. 22. A first device comprising: one or more processors; and memory storing instructions, when executed by the one or more processors, cause the first device to: determine a second device for receipt of data; generate request data comprising: certificate data; and an encrypted version of the certificate data; encrypt the request data using a private key associated with the first device; send, via an intermediate device and to the second device, the reques
Assignees
Inventors
Classifications
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
involving time stamps, e.g. generation of time stamps · CPC title
at the transport layer · CPC title
involving digital signatures · CPC title
using different networks or channels, e.g. using out of band channels (cryptographic mechanisms or cryptographic arrangements for key distribution involving distinctive intermediate devices or communication paths H04L9/0827; cryptographic mechanisms or cryptographic arrangements for authentication using a plurality of channels H04L9/3215) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12238095B2 cover?
- A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through t…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0869. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 25 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).