Many-to-One Mapping of Host Identities

US 20090287826A1
Filed: 05/13/2008
Published: 11/19/2009
Est. Priority Date: 05/13/2008
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

sending, from a first node to a second node, an initiator message to open a connection between the first node and the second node;

receiving, at the first node, a responder message sent from the second node, wherein the responder message comprises a responder certificate;

converting the responder certificate to a responder canonical identifier;

comparing the responder canonical identifier to a stored canonical identifier; and

establishing the connection between the first node and the second node over a pre-existing session corresponding to the stored canonical identifier, when the responder canonical identifier matches the stored canonical identifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method includes sending, from a first node to a second node, an initiator message to open a connection between the first node and the second node, receiving, at the first node, a responder message sent from the second node, in which the responder message comprises a responder certificate, converting the responder certificate to a responder canonical identifier, comparing the responder canonical identifier to a stored canonical identifier, and establishing the connection between the first node and the second node over a pre-existing session corresponding to the stored canonical identifier, when the responder canonical identifier matches the stored canonical identifier.

59 Citations

View as Search Results

30 Claims

1. A computer-implemented method comprising:
- sending, from a first node to a second node, an initiator message to open a connection between the first node and the second node;
  
  receiving, at the first node, a responder message sent from the second node, wherein the responder message comprises a responder certificate;
  
  converting the responder certificate to a responder canonical identifier;
  
  comparing the responder canonical identifier to a stored canonical identifier; and
  
  establishing the connection between the first node and the second node over a pre-existing session corresponding to the stored canonical identifier, when the responder canonical identifier matches the stored canonical identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the initiator message comprises an endpoint discriminator identifying the second node.
  - 3. The method of claim 2, wherein the responder message comprises information matching the endpoint discriminator provided in the initiator message.
  - 4. The method of claim 2, further comprising:
    - comparing information contained in the responder message with the endpoint discriminator provided in the initiator message; and
      
      confirming that the responder certificate was sent by the second node when the information contained in the responder message matches the endpoint discriminator provided in the initiator message.
  - 5. The method of claim 1, wherein converting the responder certificate comprises converting the responder certificate to the responder canonical identifier after confirming that the responder certificate was sent by the second node.
  - 6. The method of claim 1, wherein the responder canonical identifier comprises a cryptographic hash of the responder certificate.
  - 7. The method of claim 1, wherein comparing the responder canonical identifier comprises comparing the responder canonical identifier to multiple stored canonical identifiers indexed to multiple pre-existing sessions.
  - 8. The method of claim 1, further comprising opening the connection between the first node and the second node in a new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 9. The method of claim 8, further comprising indexing the responder canonical identifier to the new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 10. The method of claim 1, further comprising terminating a session setup between the first node and the second node, when the responder canonical identifier matches the stored canonical identifier, andwherein the responder message is sent from the second node in response to receipt of the initiator message at the second node.

11. A computer program product, encoded on a computer-readable medium, operable to cause data processing apparatus to perform operations comprising:
- sending, from a first node to a second node, an initiator message to open a connection between the first node and the second node;
  
  receiving, at the first node, a responder message sent from the second node, wherein the responder message comprises a responder certificate;
  
  converting the responder certificate to a responder canonical identifier;
  
  comparing the responder canonical identifier to a stored canonical identifier; and
  
  establishing the connection between the first node and the second node over a pre-existing session corresponding to the stored canonical identifier, when the responder canonical identifier matches the stored canonical identifier.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer program product of claim 11, wherein the initiator message comprises an endpoint discriminator identifying the second node.
  - 13. The computer program product of claim 12, wherein the responder message comprises information matching the endpoint discriminator provided in the initiator message.
  - 14. The computer program product of claim 12, operable to cause data processing apparatus to perform operations further comprising:
    - comparing information contained in the responder message with the endpoint discriminator provided in the initiator message; and
      
      confirming that the responder certificate was sent by the second node when the information contained in the responder message matches the endpoint discriminator provided in the initiator message.
  - 15. The computer program product of claim 11, wherein converting the responder certificate comprises converting the responder certificate to the responder canonical identifier after confirming that the responder certificate was sent by the second node.
  - 16. The computer program product of claim 11, wherein the responder canonical identifier comprises a cryptographic hash of the responder certificate.
  - 17. The computer program product of claim 11, wherein comparing the responder canonical identifier comprises comparing the responder canonical identifier to multiple stored canonical identifiers indexed to multiple pre-existing sessions.
  - 18. The computer program product of claim 11, operable to cause data processing apparatus to perform operations further comprising opening the connection between the first node and the second node in a new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 19. The computer program product of claim 18, operable to cause data processing apparatus to perform operations further comprising indexing the responder canonical identifier to the new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 20. The computer program product of claim 11, operable to cause data processing apparatus to perform operations further comprising terminating a session setup between the first node and the second node, when the responder canonical identifier matches the stored canonical identifier.

21. A system comprising:
- a processor to transmit information to and receive information from a network, wherein the processor is operable to perform operations comprising;
  
  sending, from a first node to a second node, an initiator message to open a connection between the first node and the second node;
  
  receiving, at the first node, a responder message sent from the second node, wherein the responder message comprises a responder certificate;
  
  converting the responder certificate to a responder canonical identifier;
  
  comparing the responder canonical identifier to a stored canonical identifier; and
  
  establishing the connection between the first node and the second node over a pre-existing session corresponding to the stored canonical identifier, when the responder canonical identifier matches the stored canonical identifier.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The system of claim 21, wherein the initiator message comprises an endpoint discriminator identifying the second node.
  - 23. The system of claim 22, wherein the responder message comprises information matching the endpoint discriminator provided in the initiator message.
  - 24. The system of claim 22, wherein the processor is operable to perform operations further comprising:
    - comparing information contained in the responder message with the endpoint discriminator provided in the initiator message; and
      
      confirming that the responder certificate was sent by the second node when the information contained in the responder message matches the endpoint discriminator provided in the initiator message.
  - 25. The system of claim 21, wherein converting the responder certificate comprises converting the responder certificate to the responder canonical identifier after confirming that the responder certificate was sent by the second node.
  - 26. The system of claim 21, wherein the responder canonical identifier comprises a cryptographic hash of the responder certificate.
  - 27. The system of claim 21, wherein comparing the responder canonical identifier comprises comparing the responder canonical identifier to multiple stored canonical identifiers indexed to multiple pre-existing sessions.
  - 28. The system of claim 21, wherein the processor is operable to perform operations further comprising opening the connection between the first node and the second node in a new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 29. The system of claim 28, wherein the processor is operable to perform operations further comprising indexing the responder canonical identifier to the new session, when the responder canonical identifier does not match the stored canonical identifier.
  - 30. The system of claim 21, wherein the processor is operable to perform operations further comprising terminating a session setup between the first node and the second node, when the responder canonical identifier matches the stored canonical identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Kaufman, Matthew, Thornburgh, Michael

Granted Patent

US 8,312,147 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/227
CPC Class Codes

H04L 61/45   Network directories; Name-t...

H04L 63/126   the source of the received ...

H04L 67/14   Session management for real...

H04L 67/141   Setup of application sessio...

H04L 67/148   Migration or transfer of se...

Many-to-One Mapping of Host Identities

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

59 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Many-to-One Mapping of Host Identities

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

59 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links