Bufferless secure sockets layer architecture
First Claim
1. A method for enabling secure communication between a client on an open network and a server apparatus on a secure network, the method performed on a intermediary apparatus coupled to the secure network and the open network, comprising:
- negotiating a secure communications session with the client apparatus via the open network;
negotiating an open communications session with the server via the secure network;
receiving encrypted packet application data having a length greater than a packet length via multiple data packets;
decrypting the encrypted packet application data in each data packet;
forwarding decrypted, unauthenticated application data to the server via the secure network; and
authenticating the decrypted packet data on receipt of a final packet of the segment.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for enabling secure communication between a client on an open network and a server apparatus on a secure network. The method is generally performed on a intermediary apparatus coupled to the secure network and the open network. The method includes the steps of negotiating a secure communications session with the client apparatus via the open network; negotiating an open communications session with the server via the secure network; receiving encrypted packet application data having a length greater than a packet length via multiple data packets; decrypting the encrypted packet application data in each data packet; forwarding decrypted, unauthenticated application data to the server via the secure network; and authenticating the decrypted packet data on receipt of a final packet of the segment.
-
Citations
20 Claims
-
1. A method for enabling secure communication between a client on an open network and a server apparatus on a secure network, the method performed on a intermediary apparatus coupled to the secure network and the open network, comprising:
-
negotiating a secure communications session with the client apparatus via the open network;
negotiating an open communications session with the server via the secure network;
receiving encrypted packet application data having a length greater than a packet length via multiple data packets;
decrypting the encrypted packet application data in each data packet;
forwarding decrypted, unauthenticated application data to the server via the secure network; and
authenticating the decrypted packet data on receipt of a final packet of the segment. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for processing encrypted data transferred between a first system and a second system, comprising:
-
providing an accelerator device including a decryption engine in communication with the first system via an open network and the second system via a secure network;
receiving encrypted data from the first system via the open network in the form of application data spanning multiple packets, each packet having a packet length and information for authenticating the application data;
decrypting ones of said packets as said packets are received;
forwarding application data as said packets are decrypted to the second device via the secure network; and
authenticating the data when said information for authenticating the data is received in a last of said multiple packets. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 17, 18, 19, 20)
-
-
16. A method of providing secure communications using limited buffer memory in an secure sockets layer processing device, comprising:
-
receiving SSL encrypted data having a length greater than a TCP segment carrying said data;
buffering the SSL encrypted data in a memory buffer in the SSL accelerator device, the buffer having a length equivalent to the block cipher size necessary to perform the cipher;
decrypting the buffered segment of the received SSL encrypted data to provide decrypted application data; and
forwarding the decrypted application data to a destination device.
-
Specification