SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING

US 20080046727A1
Filed: 08/21/2006
Published: 02/21/2008
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake, the method comprising:

(a) conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages;

(b) storing, by the appliance, the plurality of SSL handshake messages;

(c) providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages;

(d) receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages;

(e) determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and

(f) completing, by the appliance with the client, the SSL handshake.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.

Citations

18 Claims

1. A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake, the method comprising:
- (a) conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages;
  
  (b) storing, by the appliance, the plurality of SSL handshake messages;
  
  (c) providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages;
  
  (d) receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages;
  
  (e) determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and
  
  (f) completing, by the appliance with the client, the SSL handshake.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein step (a) comprises conducting, with a client by an appliance providing access to at least one server, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages.
  - 3. The method of claim 1, wherein step (a) comprises conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages, the plurality of SSL handshake messages comprising the entirety of messages received and transmitted in conducting the SSL handshake.
  - 4. The method of claim 1, wherein step (a) comprises conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages, the plurality of SSL handshake messages comprising a client hello message, a server hello message, and a client key exchange message.
  - 5. The method of claim 1, wherein step (c) comprises providing, by the appliance to a dedicated cryptographic processing card in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages.
  - 6. The method of claim 1, wherein step (b) comprises storing, by the appliance, the plurality of SSL handshake messages, each message having an associated length and each message stored in a buffer location.
  - 7. The method of claim 6, wherein step (c) comprises providing, by the appliance to a message digest computer in response to receiving a client finish message corresponding to the SSL handshake, the associated lengths and locations of the plurality of SSL handshake messages.
  - 8. The method of claim 6, wherein step (c) comprises providing, by the appliance to a dedicated cryptographic processing card in response to receiving a client finish message corresponding to the SSL handshake, the associated lengths and locations of the plurality of SSL handshake messages.
  - 9. The method of claim 1, wherein step (f) comprises transmitting, by the server to the client, an SSL server finish message.

10. A computer implemented system for buffering SSL handshake messages prior to computing a message digest for the SSL handshake, the system comprising:
- a network appliance which conducts, with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages;
  
  storing, by the appliance, the plurality of SSL handshake messages;
  
  providing, to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages;
  
  receiving, from the message digest computing device, a message digest corresponding to the provided messages;
  
  determining, the message digest matches a message digest included in the SSL client finish message; and
  
  completing, with the client, the SSL handshake; and
  
  a message digest computing device which computes a message digest corresponding to one or more received messages.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the appliance provides access to at least one server.
  - 12. The system of claim 10, wherein the appliance conducts, with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages, the plurality of SSL handshake messages comprising the entirety of messages received and transmitted in conducting the SSL handshake.
  - 13. The system of claim 10, wherein the appliance conducts, with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages, the plurality of SSL handshake messages comprising a client hello message, a server hello message, and a client key exchange message
  - 14. The system of claim 10, wherein the appliance provides, to a dedicated cryptographic processing card in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages.
  - 15. The system of claim 10, wherein the appliance stores the plurality of SSL handshake messages, each message having an associated length and each message stored in a buffer location.
  - 16. The system of claim 15, wherein the appliance provides, to a message digest computer in response to receiving a client finish message corresponding to the SSL handshake, the associated lengths and locations of the plurality of SSL handshake messages.
  - 17. The system of claim 15, wherein the appliance provides, to a dedicated cryptographic processing card in response to receiving a client finish message corresponding to the SSL handshake, the associated lengths and locations of the plurality of SSL handshake messages.
  - 18. The system of claim 10, wherein the appliance transmits, to the client, an SSL server finish message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kanekar, Tushar, Udupa, Sivaprasad

Granted Patent

US 8,095,787 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/168
CPC Class Codes

H04L 63/166 at the transport layer

SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links