Distributed SSL processing

US 20070074282A1
Filed: 08/18/2006
Published: 03/29/2007
Est. Priority Date: 08/19/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of securely communicating data between a server and a remote client computer, the method comprising:

a. providing an SSL server proxy, and a certificate manager comprising a decryption facility;

b. establishing a secure socket layer (SSL) connection between the client computer and the server utilizing communications between the SSL server proxy and the certificate manager; and

c. conducting a SSL communication session between the client computer and the server via the SSL server proxy.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for communicating data between a server and a remote client computer through a secure socket layer (“SSL”). In accordance with the present invention, server-side SSL functions are performed by a network device located remotely from a secure data center, while maintaining the secure use of centralized certificates and their associated private keys. The invention may be employed in conjunction with acceleration functions operating within coordinated network devices, facilitating acceleration of overall SSL traffic. The invention improves on the prior art by allowing the remotely located acceleration device to use the certificate and private key of the target application server, but without compromising the security of the server'"'"'s private key.

Citations

20 Claims

1. A method of securely communicating data between a server and a remote client computer, the method comprising:
- a. providing an SSL server proxy, and a certificate manager comprising a decryption facility;
  
  b. establishing a secure socket layer (SSL) connection between the client computer and the server utilizing communications between the SSL server proxy and the certificate manager; and
  
  c. conducting a SSL communication session between the client computer and the server via the SSL server proxy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 wherein the SSL server proxy decrypts client-originated messages to the server.
  - 3. The method of claim 2 wherein the SSL server proxy decrypts without further involvement from the certificate manager.
  - 4. The method of claim 1 wherein the SSL server proxy encrypts server-originated messages to the client.
  - 5. The method of claim 4 wherein the SSL server proxy encrypts without further involvement from the certificate manager.
  - 6. The method of claim 1 wherein the SSL server proxy is co-located with the client computer.
  - 7. The method of claim 1 wherein the decryption facility utilizes a key.
  - 8. The method of claim 7 wherein the key is a private key and the certificate manager performs all operations using the private key so as to exclude the client computer and the SSL server proxy from access thereto.
  - 9. The method of claim 1 further comprising causing the SSL server proxy to terminate the SSL connection with the client computer and perform data reduction on unencrypted data traffic outside the SSL connection.
  - 10. The method of claim 9 wherein the reduced data traffic is exchanged via a virtual private network.

11. A system for facilitating secure communication of data between a server and a remote client computer, the system comprising:
- a certificate manager comprising a decryption facility;
  
  a secure socket layer (SSL) server proxy;
  
  a connector for establishing an SSL connection between the client computer and the server via the SSL server proxy and the certificate manager using the decryption facility;
  
  and a transceiver for conducting a SSL communication session between the client computer and the server via the SSL server proxy.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11 wherein the SSL server proxy decrypts client-originated messages to the server.
  - 13. The system of claim 12 wherein the SSL server proxy decrypts without further involvement from the certificate manager.
  - 14. The system of claim 11 wherein the SSL server proxy encrypts server-originated messages to the client.
  - 15. The system of claim 14 wherein the SSL server proxy encrypts without further involvement from the certificate manager.
  - 16. The system of claim 11 wherein the SSL server proxy is co-located with the client computer.
  - 17. The system of claim 11 wherein the decryption facility utilizes a key.
  - 18. The system of claim 17 wherein the key is a private key and the certificate manager performs all operations using the private key so as to exclude the client computer and the SSL server proxy from access thereto.
  - 19. The system of claim 11 further comprising an accelerator that causes the SSL server proxy to terminate the SSL connection to the client computer, and performs data reduction on unencrypted data traffic outside the SSL connection.
  - 20. The system of claim 19 wherein the reduced data traffic is exchanged via a virtual private network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Certeon, Inc. (Hitachi, Ltd.)
Original Assignee
Certeon, Inc. (Hitachi, Ltd.)
Inventors
Black, Jeffrey, Zimmerman, Myron, Lee, Kwok

Application Number

US11/506,403
Publication Number

US 20070074282A1
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

H04L 63/0471 applying encryption by an i...

H04L 63/166 at the transport layer

Distributed SSL processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed SSL processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links