Transport layer security latency mitigation

US 10,237,241 B2
Filed: 09/08/2017
Issued: 03/19/2019
Est. Priority Date: 01/30/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

accruing, by a server proxy, a server random number and a server cipher suite parameter from a server;

initiating, by the server proxy upon receiving a client hello message, an authentication protocol handshake with the server;

generating, by the server proxy, a server hello message and a server certificate message based on the server random number and the server cipher suite parameter, wherein the server hello message and a server certificate message are sent to a client device that the server proxy is proxying for the server; and

forwarding, by the server proxy to the server device, the client hello message from the server proxy, wherein the forwarding is performed upon receiving the client hello message,wherein a client proxy connects with the client device at a higher latency delay than with the server proxy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Some embodiments include a method of utilizing a proxy device to mitigate latency related to a transport layer security (TLS) handshake protocol. The proxy device can be an untrusted proxy of a server or a client. The proxy device can negotiate cipher suites on behalf of its principal (e.g., the server or the server) without storing private keys of its principal. The use of the proxy device can reduce a typical two round-trips taken between the server and the client into a single round-trip.

Citations

19 Claims

1. A method comprising:
- accruing, by a server proxy, a server random number and a server cipher suite parameter from a server;
  
  initiating, by the server proxy upon receiving a client hello message, an authentication protocol handshake with the server;
  
  generating, by the server proxy, a server hello message and a server certificate message based on the server random number and the server cipher suite parameter, wherein the server hello message and a server certificate message are sent to a client device that the server proxy is proxying for the server; and
  
  forwarding, by the server proxy to the server device, the client hello message from the server proxy, wherein the forwarding is performed upon receiving the client hello message,wherein a client proxy connects with the client device at a higher latency delay than with the server proxy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, further comprising:
    - receiving the client hello message from the client proxy, wherein the server proxy does not receive a message from the client proxy indicating that the client proxy is proxying for the client device.
  - 3. The method of claim 1, further comprising:
    - receiving the client hello message from the client proxy, wherein the server proxy is oblivious of the existence of the client device.
  - 4. The method of claim 1, wherein generating the server hello message and the server certificate message is performed in response to receiving the client hello message.
  - 5. The method of claim 1, wherein sending the server hello message and the server certificate message to the client device is performed by way of the client proxy.
  - 6. The method of claim 1, wherein said accruing the server random number and the server cipher suite parameter includes receiving a plurality of server random numbers and a plurality of server cipher suite parameters.
  - 7. The method of claim 1, wherein said accruing the server random number and the server cipher suite parameter is performed prior to, and asynchronous from, receiving the client hello message that initiates the authentication protocol handshake.
  - 8. The method of claim 1, wherein sending to, or receiving from, the server device involves communicating through a backhaul network.
  - 9. The method of claim 1, further comprising:
    - receiving a client key exchange message, a client change spec message, and a client finished message from the client device; and
      
      forwarding the client key exchange message, the client change spec message, and the client finished message to the server device.
  - 10. The method of claim 1, further comprising:
    - receiving a server change spec message and a server finished message from the server device; and
      
      forwarding the server change spec message and the server finished message to the client device.
  - 11. The method of claim 1, further comprising:
    - generating a set of client random numbers; and
      
      sending the set of client random numbers along with the cipher suite parameters to the client proxy.
  - 12. The method of claim 11, further comprising:
    - tracking the client random number included in the generated client hello message in a client session database.

13. A server proxy comprising:
- one or more processors and a memory storing executable instructions that, when executed by the one or more processors, implement a process, wherein the process includes;
  
  accruing a server random number and a server cipher suite parameter from a server;
  
  initiating an authentication protocol handshake with the server upon receiving a client hello message;
  
  generating a server hello message and a server certificate message based on the server random number and the server cipher suite parameter to send to a client device that is oblivious that the server proxy is proxying for the server; and
  
  forwarding the client hello message from the server proxy to the server upon receiving the client hello message,wherein a client proxy connects with the client device at a higher latency delay than with the server proxy.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The server proxy of claim 13, said process further comprising:
    - receiving a client hello message from a client device to initiate the authentication protocol handshake with the server.
  - 15. The server proxy of claim 13, wherein the server proxy is oblivious that a client proxy is proxying for the client device.
  - 16. The server proxy of claim 13, wherein said accruing the server random number and the server cipher suite parameter is performed prior to and asynchronous from receiving the client hello message that initiates the authentication protocol handshake.
  - 17. The server proxy of claim 13, wherein the process further includes:
    - receiving a client key exchange message, a client change spec message, and a client finished message from the client device;
      
      forwarding the client key exchange message, the client change spec message, and the client finished message to the server;
      
      receiving a server change spec message and a server change spec message from the server; and
      
      forwarding the server change spec message and the server finished message to the client device.

18. A non-transitory computer-readable storage medium storing instructions that, when executed by a computing system, cause the computing system to perform operations comprising:
- accruing, by a server proxy, a server random number and a server cipher suite parameter from a server;
  
  receiving a client hello message from a client proxy, wherein the server proxy does not receive a message from the client proxy indicating that the client proxy is proxying for a client device;
  
  initiating, by the server proxy upon receiving the client hello message, an authentication protocol handshake with the server;
  
  generating, by the server proxy, a server hello message and a server certificate message based on the server random number and the server cipher suite parameter, wherein the server hello message and a server certificate message are sent to the client device, which is oblivious that the server proxy is proxying for the server; and
  
  forwarding, by the server proxy to the server, the client hello message from the server proxy to the server, wherein the forwarding is performed upon receiving the client hello message,wherein the client proxy connects with the client device at a higher latency delay than with the server proxy.
- View Dependent Claims (19)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the server proxy is oblivious that a client proxy is proxying for the client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
Bohannon, Philip Lewis
Primary Examiner(s)
Scott, Randy A

Application Number

US15/699,953
Publication Number

US 20180013727A1
Time in Patent Office

557 Days
Field of Search

713150, 713151, 713168, 713170, 726 5, 726 12, 726 14, 380 28, 380255, 380270
US Class Current
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/168   above the transport layer

Transport layer security latency mitigation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Transport layer security latency mitigation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links