1. Field
Embodiments of the present invention generally relate to computer systems. More specifically, certain embodiments of the present invention relate to computer systems which utilize a sequential, stream-oriented protocol.
2. Description of the Related Art
Cryptographic protocols, such as Secured Sockets Layer (SSL)/Transport Layer Security (TLS), Internet Protocol Security (IPSec), and OpenVPN, can provide security for communications over networks such as the Internet. One type of security that a cryptographic protocol can provide is client authentication. For example, a client may wish to access a server over a sequential, stream-oriented protocol. However, the server may only allow legitimate clients to access services that reside on the server, and thus, can require a mechanism for authenticating clients. The cryptographic protocol may allow a server to request authentication of a client. In response to the request, if the client is a legitimate client, the client can present a certificate via the cryptographic protocol, which indicates that the client is a legitimate client. The server then can authenticate the certificate, and allow the client access to the server and the services that reside on the server. The cryptographic protocol may also allow a client to volunteer a certificate to the server without the server requesting that the client provide a certificate.
However, in cryptographic protocols, client authentication is an all-or-nothing endeavor. Either the server authenticates the client and allows the client to access the server and all the services of the server, or the server fails to authenticate the client and the client is denied access to the server and all the services of the server. Currently, cryptographic protocols do not provide the capability of forwarding an unauthenticated client away from a service of the server that is protected to another service of the server that is accessible to all clients.