Method and apparatus for batched network security protection server performance
First Claim
1. A method for secure communications in a computer network, comprising;
- combining individually encrypted network security protection handshake messages into a set of encrypted messages wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to each encryption exponent;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes decreasing the number of modular inversions wherein efficiency of the decryption is increased.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for efficiently conducting secure communications in a commuter network are provided. Secure communications in a network are typically of the Secure Socket Layer (“SSL”) and Transport Layer Security (“TLS”) formats. These formats require the server to decrypt numerous encrypted messages at the cost of efficiency and speed. By combining the encrypted messages into a batch and utilizing a Rivest-Shamir-Adleman (“RSA”) batch decryption algorithm, the efficiency of the decryption is improved. Methods for improving this process include replacing the required number of divisions and inversion with more efficient multiplication operations. Further computation savings are realized by reducing the number of exponentiations and structuring the batches of encrypted messages to contain balanced exponents.
-
Citations
76 Claims
-
1. A method for secure communications in a computer network, comprising;
-
combining individually encrypted network security protection handshake messages into a set of encrypted messages wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to each encryption exponent;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes decreasing the number of modular inversions wherein efficiency of the decryption is increased. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for improving secure communications in a computer network comprising;
-
combining individually encrypted network security protection handshake messages into a set of encrypted messages wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to the encryption exponent of each encrypted message;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by evaluating at least one individual leaf node by multiplying an inversion of the total product of leaf nodes with a partial product of the leaf nodes to produce an inversion of the at least one individual leaf node wherein efficiency of the decryption is increased. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31)
-
-
17. A method for secure communications in a computer network, comprising;
-
combining individually encrypted network security protection handshake messages into a set of encrypted messages wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to the encryption exponent of each encrypted message;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by minimizing the disparity between the sizes of the encryption exponents of the public keys, wherein efficiency of the secure communications is increased.
-
-
25. A method for improving secure communications in a computer network, comprising;
-
combining individually encrypted network security protection handshake into a set of encrypted messages wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to each encryption exponent by using a plurality of separate parallel batch trees finding the root node of each tree and combining the final answers;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes producing a reduced number of modular inversions wherein efficiency of establishing secure communications is increased.
-
-
32. A method for secure communications in a computer network, comprising;
-
combining individually encrypted network security protection messages into a set of encrypted messages, wherein each encrypted handshake message is derived using a public key containing an encryption exponent;
determining a root node of a binary tree comprising leaf nodes corresponding to each encrypted messages encryption exponent;
calculating a product of the encrypted messages;
minimizing the disparity among the sizes of the encryption exponents of the public keys within the set;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by evaluating the at least one leaf node by multiplying an inversion of a total product of the leaf nodes with a partial product of the leaf nodes to produce the inversion of the at least one leaf node wherein efficiency of establishing secure network communications is increased. - View Dependent Claims (33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 47, 48, 49, 50, 51)
-
-
36. A method for secure communications in a computer network, comprising:
-
coupling a client to a web server;
sending a client hello message to the web server;
generating a public/private key pair at the web server, wherein the public key contains an encryption exponent;
responding to the client with a server hello message comprising the public key;
encrypting a random handshake message at the client using the public key;
sending the encrypted handshake message to a batch-decryption server;
batching handshake messages on a batch-decryption server according to the public key such that the disparity between the sizes of the encryption exponents of the public key is minimized;
separating the batch'"'"'s eth root in a downward-percolation phase into constituent decrypted messages, wherein internal inversions are converted to modular divisions increasing efficiency by producing a reduced number of modular inversions;
scheduling the batch-decryption server based on server-load considerations;
decrypting the handshake messages using at least one alternate expression of at least on arithmetic function of at least one batch'"'"'s eth root; and
sending the decrypted message to the web server.
-
-
46. A method for batch decryption in a computer network comprising:
-
combining a plurality of encrypted messages into a plurality of batches, wherein each encrypted message includes a public/private key pair, each public key comprising an encryption exponent;
scheduling the batches of encrypted messages using a plurality of criteria selected from a group including maximum throughput, minimum turnaround-time, minimum turnaround-time variance, and server load considerations, wherein the efficiency of establishing secure communications is enhanced; and
replacing at least one inversion of at least one batch decryption operation with a single inversion and a plurality of multiplication operations, wherein the speed of the decryption is significantly improved.
-
-
52. A method for secure communications in a computer network, comprising;
-
combining individually encrypted network security protection handshake messages into a set of encrypted handshake messages wherein each encrypted message is derived using a public key comprising an encryption exponent;
determining a root node of a binary tree containing leaf nodes corresponding to each encrypted message encryption exponent by using a plurality of separate parallel batch trees finding the root node of each tree and combining the final answers;
minimizing the disparity between the sizes of the encryption exponents of the public keys within the set;
using simultaneous multiple exponentiation such that the encryption exponents are combined to reduce the number of exponentiations;
calculating a product of the encrypted messages;
extracting at least one root from the product of the encrypted messages; and
decrypting the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes, and multiplying an inversion of a total product of the leaf nodes with a partial product of the leaf nodes decreasing the number of modular inversions by producing an inversion of the leaf node wherein efficiency of secure communications is increased. - View Dependent Claims (53, 54, 55, 57, 58, 59, 60, 61, 62, 63)
-
-
56. A method for performing batch decryption in a computer network, comprising:
-
receiving a plurality of encrypted messages generated using a plurality of public keys, wherein the plurality of public keys share a common modulus;
forming a binary tree using leaf nodes corresponding to the plurality of public keys;
placing each of the plurality of encrypted messages in a leaf node having a corresponding public key;
percolating the plurality of encrypted messages up the binary tree to form a root node including a product of the encrypted messages, extracting at least one root from the product of the encrypted messages by forming an exponentiation product in the root node;
expressing the at least one root using at least one promise that includes at least one alternative representation of at least one arithmetic function of the at least one root;
percolating the at least one root down the binary tree using the at least one promise; and
decrypting the plurality of encrypted messages by evaluating the at least one promise at the leaf nodes, wherein efficiency of the decryption is increased by reducing a number of modular inversions and a number of root extractions.
-
-
64. A method for secure communications in a computer network, comprising:
-
generating a Rivest-Shamir-Adleman (“
RSA”
) public/private key pair at a web server;
coupling a client to the web server;
sending a client hello message to the web server requesting the establishment of a Secure Socket Layer (“
SSL”
);
responding to the client with a server hello message containing the RSA public key;
encrypting a random string R, the pre-master secret at the client, using the RSA public key, wherein the resulting cipher-text, C, contains R;
sending the encrypted cipher-text message, C, to the web server;
combining individually encrypted secure socket layer (“
SSL”
) encrypted cipher-text messages to form a batch;
decrypting the batch of cipher-text, C, messages at the web server using the RSA private keys to determine R, wherein the efficiency of the decryption is enhanced by replacing at least one inversion with at least one multiplication; and
establishing a common session key between the web server and the client using R. - View Dependent Claims (65)
-
-
66. A system for secure communications in a computer network comprising:
-
at least one client processor;
at least one web server; and
at least one batch server coupled among the at least one client processor and the at least one web server, wherein the at least one batch server receives requests for decryption of a plurality of individually encrypted network secure protection handshake messages, aggregates the plurality of individually encrypted handshake messages into at least one batch wherein each encrypted message is derived by using an encryption exponent from an Rivest-Shamir-Adleman (“
RSA”
) public/private key pair, forms a binary tree containing leaf nodes corresponding to each encryption exponent, extracts at least one root from a product of the encrypted messages, decrypts the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes, and multiplies an inversion of a total product of the leaf nodes with a partial product of the leaf nodes producing an inversion of the leaf node decreasing the number of modular inversions, and responds to the requests for decryption with corresponding plain-text. - View Dependent Claims (67, 68, 69, 70)
-
-
71. A system for secure communications in a computer network, comprising at least one client processor coupled among at least one web server, wherein the web server receives requests for decryption of a plurality of individually encrypted network security protection handshake messages, aggregates the plurality of individually encrypted handshake messages into at least one batch wherein each encrypted message is derived using an encryption exponent from an Rivest-Shamir-Adleman (“
- RSA”
) public/private key pair, forms a binary tree containing leaf nodes corresponding to each encryption exponent, extracts at least one root from a product of the encrypted messages, decrypts the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes, and multiplies an inversion of a total product of the leaf nodes with a partial product of the leaf nodes producing an inversion of the leaf node decreasing the number of modular inversions, wherein efficiency of secure communications is increased.
- RSA”
-
72. A system of scheduling batch decryption in a computer network, comprising:
-
a plurality of client processors;
at least one web server;
at least one batch server coupled among the at least one web server and the plurality of client processors using a Rivest-Shamir-Adleman (“
RSA”
) decryption algorithm, wherein the at least one batch server links the plurality of client processors to the at least one web server; and
a scheduler, wherein during a timed period the scheduler places arriving encrypted messages in a queue forming a batch, wherein the encrypted messages in the queue are decrypted upon completion of the timed period.
-
-
73. A system for secure network communications in a computer network, comprising at least one batch server coupled among at least one client processor and at least one web server, wherein the at least one batch server uses a Rivest-Shamir-Adleman (“
- RSA”
) batch algorithm to decrypt an aggregation of encrypted messages transferred among the at least one client processor and the at least one web server.
- RSA”
-
74. A system for secure computer network communications, comprising at least one client processor and at least one server processor wherein the server processor combines decryption requests of Secure Socket Layer (“
- SSL”
) messages into at least one batch and decrypts the at least one batch using a Rivest-Shamir-Adleman (“
RSA”
) batch decryption algorithm.
- SSL”
-
75. A computer-readable medium, comprising executable instructions for establishing secure communications in a computer network which, when executed in a processing system, causes the system to:
-
combine individually encrypted network security protection handshake messages into a set of encrypted messages wherein each encrypted handshake message is derived using a public key comprising an encryption exponent;
determine a root node of a binary tree containing leaf nodes corresponding to each encrypted messages encryption exponent by using a plurality of separate parallel batch trees to find the root node of each tree and combine the final answers;
minimize the disparity between the sizes of the encryption exponents of the public keys within the set;
combine the encryption exponents using simultaneous multiple exponentiation such that the number of exponentiations is reduced;
calculate a product of the encrypted messages;
extract at least one root from the product of the encrypted messages; and
decrypt the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes, multiplying an inversion of a total product of the leaf nodes with a partial product of the leaf nodes producing an inversion of the leaf node and decreasing the number of modular inversions, wherein efficiency of establishing secure communications is increased.
-
-
76. An electromagnetic medium, comprising executable instructions for establishing secure communications in a computer network which, when executed in a processing system, causes the system to;
-
combine individually encrypted secure network handshake messages into a set of encrypted handshake messages wherein each encrypted handshake message is derived using a public key comprising an encryption exponent;
determine a root node of a binary tree containing leaf nodes corresponding to each encrypted messages encryption exponent by using a plurality of separate parallel batch trees to find the root node of each tree and combine the final answers;
minimize the disparity between the sizes of the encryption exponents of the public keys within the set;
combine the encryption exponents using simultaneous multiple exponentiation such that the number of exponentiations is reduced;
calculate a product of the encrypted messages;
extract at least one root from the product of the encrypted messages; and
decrypt the encrypted messages by expressing the at least one root as at least one promise and evaluating the at least one promise at the leaf nodes, multiplying an inversion of a total product of the leaf nodes with a partial product of the leaf nodes producing an inversion of the leaf node, and decreasing the number of modular inversions wherein efficiency of establishing secure communications is increased.
-
Specification