Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers
4 Assignments
0 Petitions
Accused Products
Abstract
A load-balancer assigns incoming requests to servers at a server farm. An atomic operation assigns both un-encrypted clear-text requests and encrypted requests from a client to the same server at the server farm. An encrypted session is started early by the atomic operation, before encryption is required. The atomic operation is initiated by a special, automatically loaded component on a web page. This component is referenced by code requiring that an encrypted session be used to retrieve the component. Keys and certificates are exchanged between a server and the client to establish the encrypted session. The server generates a secure-sockets-layer (SSL) session ID for the encrypted session. The server also generates a server-assignment cookie that identifies the server at the server farm. The server-assignment cookie is encrypted and sent to the client along with the SSL session ID. The Client decrypts the server-assignment cookie and stores it along with the SSL session ID. The load-balancer stores the SSL session ID along with a server assignment that identifies the server that generated the SSL session ID. When other encrypted requests are generated by the client to the server farm, they include the SSL session ID. The load-balancer uses the SSL session ID to send the requests to the assigned server. When the client sends a non-encrypted clear-text request to the server farm, it includes the decrypted server-assignment cookie. The load balancer parses the clear-text request to find the server-assignment cookie. The load-balancer then sends the request to the assigned server.
-
Citations
41 Claims
-
1-20. -20. (canceled)
-
21. A method of assigning servers of a server farm to service requests from clients for encrypted content and non-encrypted content, the method comprising:
-
establishing a first encrypted session between a server of a plurality of servers and a client before a second encrypted connection is required;
obtaining an encrypted session identification and a server assignment derived from the first encrypted session in response to receiving a request for the second encrypted session from the client; and
assigning the server to service encrypted and non-encrypted content to the client according to the server assignment. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A system for assigning a server to server both encrypted data and non-encrypted data to a client, the system comprising:
-
at least one processor;
a computer readable storage medium coupled to the processor, wherein the computer readable storage medium includes instructions stored therein for directing the processor to assign a server to respond to a client'"'"'s request for both encrypted data and non-encrypted data, the instructions comprising;
code for establishing between a server that is part of a plurality of servers and a client, a first encrypted session before a second encrypted connection is requested by the client;
code for obtaining an encrypted session identification and a server assignment derived from the first encrypted session in response to receiving a request for the second encrypted session from the client; and
code for assigning the server to service encrypted and non-encrypted content requests from the client according to the server assignment. - View Dependent Claims (29, 30, 31, 32, 33, 34)
-
-
35. A method for receiving encrypted and non-encrypted data at a client from one server which is part of a server farm, the method comprising:
-
storing at a client, an encrypted-session identifier and encrypted server assignment pertaining to a server assigned to provide both non-encrypted data and encrypted data to the client;
when requesting non-encrypted data from the server farm, transmitting a decrypted version of the encrypted server assignment to the server farm as part of the request for non-encrypted data from the assigned server; and
when requesting encrypted data from the server farm, transmitting encrypted-session identifier to the server farm as part of the request for encrypted data from the assigned server. - View Dependent Claims (36, 37, 38, 39, 40, 41)
-
Specification