Secure sockets layer cut through architecture
First Claim
1. A method for secure communications between a client and a server, comprising:
- (a) managing a communications negotiation between the client and the server;
(b) receiving encrypted data packets from the client;
(c) decrypting each encrypted packet data;
(d) forwarding unencrypted data packets to the server;
(e) receiving data packets from the server;
(f) encrypting the data packets from the server; and
(g) forwarding encrypted data packets to the client.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for secure communications between a client and a server. The method includes the steps of managing a communications negotiation between the client and the server; receiving encrypted data packets from the client; decrypting each encrypted packet data; forwarding unencrypted data packets to the server; receiving data packets from the server; encrypting the data packets from the server; and forwarding encrypted data packets to the client. In a further embodiment, an apparatus communicating with a client via a public network and communicating with one of a plurality of servers via a secure network is disclosed. The apparatus includes a network communications interface, at least one processor, programmable dynamic memory, and a communications channel coupling the processor, memory and network communications interface. In addition, the apparatus includes a client/server open communications session manager, a client secure communication session manager, a client/server secure communications session tracking database; and a data packet encryption and decryption engine.
-
Citations
50 Claims
-
1. A method for secure communications between a client and a server, comprising:
-
(a) managing a communications negotiation between the client and the server;
(b) receiving encrypted data packets from the client;
(c) decrypting each encrypted packet data;
(d) forwarding unencrypted data packets to the server;
(e) receiving data packets from the server;
(f) encrypting the data packets from the server; and
(g) forwarding encrypted data packets to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method for secure communications between a client and one of a plurality of servers performed on an intermediary device, comprising:
-
(a) establishing a communications session between the client and said one of said plurality of servers by receiving negotiation data from the client intended for the server and forwarding the negotiation data in modified form to the server, and receiving negotiation data from the server intended for the client and forwarding the negotiation data to the client;
(b) establishing a secure communications session between the client and the intermediary device;
(c) maintaining a database of the secure communications session including information on the session/packet associations;
(d) receiving encrypted application data from the intermediary device;
(e) decrypting the application data; and
(f) forwarding decrypted application data to said one of said plurality of servers. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
-
33. An apparatus coupled to a public network and a secure network, communicating with a client via the public network and communicating with one of a plurality of servers via the secure network, comprising:
-
a network communications interface;
at least one processor;
programmable dynamic memory;
a communications channel coupling the processor, memory and network communications interface;
a client/server open communications session manager;
a client secure communication session manager;
a client/server secure communications session tracking database; and
a data packet encryption and decryption engine. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 46, 47, 48, 49, 50)
-
-
45. An secure sockets layer processing acceleration device, comprising:
-
a client communication engine establishing a secure communications session with a client device via an open network;
a server communication engine establishing an open communications session with a server via a secure network; and
an encryption and decryption engine operable on encrypted data packets received via the open communications session and on clear data received via the open communications session.
-
Specification