SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA

US 20080046714A1
Filed: 08/21/2006
Published: 02/21/2008
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for using a network appliance to efficiently buffer and encrypt data for transmission, the method comprising:

(a) receiving, by an appliance via a connection, a first SSL record, the first record comprising a first encrypted message;

(b) decrypting, by the appliance, the first encrypted message to produce a first decrypted message;

(c) buffering, by the appliance, the first decrypted message;

(d) receiving, by the appliance via the connection, a second SSL record, the second record comprising a second encrypted message;

(e) decrypting, by the appliance, the second encrypted message to produce a second decrypted message;

(f) determining, by the appliance, that a transmittal condition has been satisfied;

(g) encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and

(h) transmitting, by the appliance via a second connection, the third record.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two ore more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.

116 Citations

View as Search Results

20 Claims

1. A method for using a network appliance to efficiently buffer and encrypt data for transmission, the method comprising:
- (a) receiving, by an appliance via a connection, a first SSL record, the first record comprising a first encrypted message;
  
  (b) decrypting, by the appliance, the first encrypted message to produce a first decrypted message;
  
  (c) buffering, by the appliance, the first decrypted message;
  
  (d) receiving, by the appliance via the connection, a second SSL record, the second record comprising a second encrypted message;
  
  (e) decrypting, by the appliance, the second encrypted message to produce a second decrypted message;
  
  (f) determining, by the appliance, that a transmittal condition has been satisfied;
  
  (g) encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and
  
  (h) transmitting, by the appliance via a second connection, the third record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) comprises receiving, by an appliance via a connection, a plurality of packets, the plurality of packets comprising a first SSL record, the first record comprising a first encrypted message.
  - 3. The method of claim 1, wherein step (a) comprises receiving, by an appliance via a connection, a first SSL record, the first record comprising a first encrypted message, a header, and a message authentication code.
  - 4. The method of claim 1, wherein step (f) comprises determining, by the appliance, that the length of the currently cached messages exceeds a given threshold.
  - 5. The method of claim 1, wherein step (f) comprises determining, by the appliance, that the length of the currently buffered messages equals or exceeds a maximum quantum size of a second connection, the maximum quantum determined with respect to at least one of:
    - a TCP maximum segment size, a type of cipher, and an SSL protocol version.
  - 6. The method of claim 1, wherein step (f) comprises determining, by the appliance, that the second decrypted message indicates the end of an HTTP transaction.
  - 7. The method of claim 1, wherein step (f) comprises determining, by the appliance, that the second decrypted message comprises a TCP push indication.
  - 8. The method of claim 1, wherein step (f) comprises determining, by the appliance, that a transmission timer corresponding to one of the first or second decrypted messages has expired.
  - 9. The method of claim 1, wherein step (f) comprises determining, by the appliance, the second decrypted message comprises an indication that the transmission has concluded.
  - 10. The method of claim 1, wherein step (a) comprises receiving, by an appliance via a connection, a plurality of SSL records, the plurality of records comprising a plurality of encrypted messages.

11. A computer implemented system for efficiently buffering and encrypting data for transmission, the system comprising:
- a network appliance which receives, via a connection, a first SSL record, the first record comprising a first encrypted message;
  
  decrypts the first encrypted message to produce a first decrypted message;
  
  buffers the first decrypted message;
  
  receives, via the connection, a second SSL record, the second record comprising a second encrypted message;
  
  decrypts the second encrypted message to produce a second decrypted message;
  
  determines that a transmittal condition has been satisfied;
  
  encrypts, in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and
  
  transmits, via a second connection, the third record.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the appliance receives, via a connection, a plurality of packets, the plurality of packets comprising a first SSL record, the first record comprising a first encrypted message.
  - 13. The system of claim 11, wherein the appliance receives, via a connection, a first SSL record, the first record comprising a first encrypted message, a header, and a message authentication code.
  - 14. The system of claim 11, wherein the appliance determines that the length of the currently buffered messages exceeds a given threshold.
  - 15. The system of claim 11, wherein the appliance determines that the length of the currently buffered messages equals or exceeds a maximum segment size of a second connection.
  - 16. The system of claim 11, wherein the appliance determines that the second decrypted message indicates the end of an HTTP transaction.
  - 17. The system of claim 11, wherein the appliance determines that the second decrypted message comprises a TCP push indication.
  - 18. The system of claim 11, wherein the appliance determines that a transmission timer corresponding to one of the first or second decrypted messages has expired.
  - 19. The system of claim 11, wherein the appliance determines the second decrypted message comprises an indication that the transmission has concluded.
  - 20. The system of claim 11, wherein the appliance receives, via a connection, a plurality of SSL records, the plurality of records comprising a plurality of encrypted messages.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Suganthi, Josephine, Kanekar, Tushar, Udupa, Sivaprasad

Granted Patent

US 8,352,728 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

H04L 63/0428 wherein the data content is...

SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links