SECURE REQUEST HANDLING USING A KERNEL LEVEL CACHE

US 20090193251A1
Filed: 01/29/2008
Published: 07/30/2009
Est. Priority Date: 01/29/2008
Status: Active Grant

First Claim

Patent Images

1. A method for handling requests comprising:

receiving a request from a remotely located client over a secure communication channel;

executing a transport layer security service for the secure communication channel within a transport layer of a kernel to decrypt content of the request that was previously encrypted within the secure communication channel;

executing a request handling service to determine if the request is able to be handled using a kernel level cache, wherein the request handling service executes within the transport layer of the kernel;

upon a determination that the request is able to be handled using the kernel level cache, generating a response to the request at the transport layer using the kernel level cache;

upon a determination that the request is not able to be handled using the kernel level cache, conveying the request through an application layer of the kernel where an application-level handling service executes to produce a response to the request; and

executing the transport layer security service to encrypt the response for conveyance over the secure communication channel to the remotely located client, wherein, upon a determination that the request is able to be handled using the kernel level cache the request is handled without requiring the request to be conveyed beyond the transport layer of the kernel.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a system, method, apparatus, and computer usable product code for handling requests. The invention can include a kernel level cache, a request handling service, and a transport layer security service. The kernel level cache can store request handling data. The request handling service can handle secure requests at a transport layer of a kernel when request handling data is present in the kernel level cache. The transport layer security service can handle encryption/decryption operations for the secure requests and request responses at the transport layer.

31 Citations

View as Search Results

20 Claims

1. A method for handling requests comprising:
- receiving a request from a remotely located client over a secure communication channel;
  
  executing a transport layer security service for the secure communication channel within a transport layer of a kernel to decrypt content of the request that was previously encrypted within the secure communication channel;
  
  executing a request handling service to determine if the request is able to be handled using a kernel level cache, wherein the request handling service executes within the transport layer of the kernel;
  
  upon a determination that the request is able to be handled using the kernel level cache, generating a response to the request at the transport layer using the kernel level cache;
  
  upon a determination that the request is not able to be handled using the kernel level cache, conveying the request through an application layer of the kernel where an application-level handling service executes to produce a response to the request; and
  
  executing the transport layer security service to encrypt the response for conveyance over the secure communication channel to the remotely located client, wherein, upon a determination that the request is able to be handled using the kernel level cache the request is handled without requiring the request to be conveyed beyond the transport layer of the kernel.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said transport layer security service and said request handling service execute within a Transmission Control Protocol stack.
  - 3. The method of claim 1, wherein transport layer security service and said request handling service are System Licensed Internal Code (SLIC).
  - 4. The method of claim 1, wherein said secure communication channel conforms to at least one of a Secure Sockets Layer (SSL) protocol and a Transport Layer Security (TLS) protocol.
  - 5. The method of claim 1, further comprising:
    - replicating an application security environment of the application layer of the kernel for use by the transport layer security service; and
      
      the transport layer security service performing authentication actions that utilize authentication data acquired from the application security environment.
  - 6. The method of claim 1, further comprising:
    - conveying a set comprising more than one Hyper Text Markup Language (HTML) file from an application level repository to the kernel level cache within which a copy of the conveyed set comprising more than one HTML file is stored;
      
      utilizing a set comprising more than one kernel exit to parse a Uniform Resource Identifier (URI) specified within the request;
      
      determining whether an HTML file is present in the kernel level cache that corresponds to the parsed URI; and
      
      upon a determination that an HTML file is present that corresponds to the request, providing that HTML as part of the response and handling the request at the transport layer.
  - 7. The method of claim 6, wherein said set comprising more than one HTML file comprises static HTML files.

8. A computer program product for handling requests, the computer program product comprising:
- a computer usable medium having computer usable program code embodied therewith, the computer usable program code comprising;
  
  computer usable program code configured to receive a request from a remotely located client over a secure communication channel;
  
  computer usable program code configured to execute a transport layer security service for the secure communication channel within a transport layer of a kernel to decrypt content of the request that was previously encrypted within the secure communication channel;
  
  computer usable program code configured to execute a request handling service to determine if the request is able to be handled using a kernel level cache, wherein the request handling service executes within the transport layer of the kernel;
  
  computer usable program code configured to generate a response to the request at the transport layer using the kernel level cache upon a determination that the request handling service indicates that the request is able to be handled using the kernel level cache;
  
  computer usable program code configured to convey the request through an application layer of the kernel where an application-level handling service executes to produce a response to the request upon a determination that the request handling service indicates that the request is not able to be handled using the kernel level cache; and
  
  computer usable program code configured to execute the transport layer security service to encrypt the response for conveyance over the secure communication channel to the remotely located client, wherein upon a determination that the request is able to be handled using the kernel level cache the request is handled without requiring the request to be conveyed beyond the transport layer of the kernel.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer program product of claim 8, wherein said transport layer security service and said request handling service execute within a Transmission Control Protocol stack.
  - 10. The computer program product of claim 8, wherein computer usable program code configured to execute the transport layer security service and the request handling service are computer usable program code configured to execute within a System Licensed Internal Code (SLIC) level.
  - 11. The computer program product of claim 8, wherein said secure communication channel conforms to at least one of a Secure Sockets Layer (SSL) protocol and a Transport Layer Security (TLS) protocol.
  - 12. The computer program product of claim 8, the computer usable program code further comprising:
    - computer usable program code configured to replicate the application security environment of the application layer of the kernel for use by the transport layer security service; and
      
      computer usable program code associated with the transport layer security server configured to performing authentication actions that utilize authentication data acquired from the application security environment.
  - 13. The computer program product of claim 8, the computer usable program code further comprising:
    - computer usable program code configured to convey a set comprising more than one Hyper Text Markup Language (HTML) file from an application level repository to the kernel level cache within which a copy of the conveyed set comprising more than one HTML file is stored;
      
      computer usable program code configured to utilize a set comprising more than one kernel exit to parse a Uniform Resource Identifier (URI) specified within the request;
      
      computer usable program code configured to determine whether an HTML file is present in the kernel level cache that corresponds to the parsed URI; and
      
      computer usable program code configured to provide that HTML as part of the response and handling the request at the transport layer upon a determination that an HTML file is present in the kernel level cache that corresponds to the request.
  - 14. The computer program product of claim 13, wherein said set comprising more than one HTML file comprises static HTML files.

15. A system for handling requests comprising:
- kernel level cache configured to store a set comprising more than one request handling data;
  
  a request handling service configured to handle secure requests at a transport layer of a kernel upon a determination that request handling data is present in the kernel level cache; and
  
  a transport layer security service configured to handle encryption and decryption operations for the secure requests and request responses at the transport layer.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The system of claim 15, wherein said request handling data stored in the kernel level cache comprises a plurality of software objects, each software object being associated with a unique Uniform Resource Identifier (URI), wherein the request handling service is configured to detect a Uniform Resource Identifier contained within each of the secure requests after each of the secure requests has been decrypted by the transport layer security service, wherein the request handling service is configured to search the kernel level cache for the detected Uniform Resource Identifiers, wherein the request handling service is configured to generate a response comprising a copy of a software object associated with a Uniform Resource Identifier for which a search is conducted that has been found in the kernel level cache, and wherein the transport layer security service is configured to encrypt the response generated by the request handling service before the response is securely conveyed to a requestor that generated the corresponding secure request.
  - 17. The system of claim 15, wherein the request handling service and the transport layer security service are implemented within a Transmission Control Protocol (TCP) stack.
  - 18. The system of claim 15, wherein the request handling service and the transport layer security service are programmatic services implemented in System Licensed Internal Code (SLIC).
  - 19. The system of claim 15, wherein the request handling service is performed by at least one of a fast response cache accelerator (FRCA) and an Adaptive Fast-Path Architecture (AFPA), and wherein the transport layer security service is an Application Transparent-Transport Layer Security (AT-TLS) service.
  - 20. The system of claim 15, wherein said request handling data comprises a plurality of static HyperText Markup Language (HTML) files, and wherein the secure requests handled by the transport layer security service and the request handling service conform to at least one of a Secure Sockets Layer (SSL) protocol and a Transport Layer Security (TLS) protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
TRACY, ANDREW K., BRABSON, ROY F.

Granted Patent

US 8,335,916 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

H04L 63/0428 wherein the data content is...

SECURE REQUEST HANDLING USING A KERNEL LEVEL CACHE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE REQUEST HANDLING USING A KERNEL LEVEL CACHE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links