SYSTEMS AND METHODS FOR ENCODING THE CORE IDENTIFIER IN THE SESSION IDENTIFIER

US 20100325419A1
Filed: 06/22/2009
Published: 12/23/2010
Est. Priority Date: 06/22/2009
Status: Active Grant

First Claim

Patent Images

1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:

a) receiving, by a packet engine executing on a core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session, the core assigned a core identifier;

b) establishing, by the packet engine, a session identifier for the SSL session;

c) encoding, by the packet engine, the core identifier in the session identifier to form a second session identifier; and

d) establishing, by the packet engine responsive to the request, the SSL session with the client using the second session identifier.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

69 Citations

View as Search Results

20 Claims

1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:
- a) receiving, by a packet engine executing on a core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session, the core assigned a core identifier;
  
  b) establishing, by the packet engine, a session identifier for the SSL session;
  
  c) encoding, by the packet engine, the core identifier in the session identifier to form a second session identifier; and
  
  d) establishing, by the packet engine responsive to the request, the SSL session with the client using the second session identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises receiving, by the packet engine of the core of the multi-core system deployed as an intermediary between the client and a server, the request from the client to establish the SSL session with the server.
  - 3. The method of claim 1, wherein step (a) further comprises assigning the core identifier based on an identifier of a processing unit.
  - 4. The method of claim 1, wherein step (a) further comprises assigning the core a one-byte core identifier.
  - 5. The method of claim 1, wherein step (b) further comprises generating, by the packet engine, the session identifier for the SSL connection.
  - 6. The method of claim 1, wherein step (b) further comprises obtaining, by the packet engine, the session identifier from a server.
  - 7. The method of claim 1, wherein step (c) further comprises encoding a byte of the session identifier with the core identifier to form the second session identifier.
  - 8. The method of claim 1, wherein step (c) further comprises encoding with a block cipher the core identifier and a validity identifier with the session identifier to form the second session identifier.
  - 9. The method of claim 1, wherein step (c) further comprises encoding the core identifier into a plurality of bits of the session identifier to form the second session identifier.
  - 10. The method of claim 1, wherein step (c) further comprises determining, by the packet engine, at a predetermined frequency a predetermined set of one or more bytes of the session identifier to encode to form the second session identifier.

11. A method of determining an identifier of a core of a multi-core system via a Secure Socket Layer (SSL) session identifier, the method comprising:
- a) receiving, by a packet engine executing on a core of a multi-core system, a request from a client via a secure socket layer (SSL) session, the request comprising a session identifier, the core assigned a core identifier;
  
  b) decoding, by the packet engine, a second core identifier encoded in the session identifier; and
  
  c) determining, by the packet engine, whether the second core identifier corresponds to the core identifier of the core.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11, wherein step (a) further comprises receiving, by the packet engine of the core of the multi-core system deployed as an intermediary between the client and a server, the request from the client to establish the SSL session with the server.
  - 13. The method of claim 11, wherein step (a) further comprises assigning the core identifier to the core based on an identifier of a processing unit.
  - 14. The method of claim 11, wherein step (a) further comprises assigning the core a one-byte core identifier.
  - 15. The method of claim 11, wherein step (b) further comprises decoding a predetermined byte of the session identifier to obtain the second core identifier.
  - 16. The method of claim 11, wherein step (b) further comprises decoding with a block cipher the second core identifier to obtain the session identifier.
  - 17. The method of claim 11, wherein step (b) further comprises decoding the second core identifier from a plurality of bits of the session identifier.
  - 18. The method of claim 11, wherein step (c) further comprises determining, by the packet engine, that the second core identifier does not correspond to the core identifier of the core, and responsive to the determination, sending a message to a second core identified by the second core identifier to obtain information about the SSL session.
  - 19. The method of claim 18, further comprising establishing by the core a copy of the SSL session on the core based on the information about the SSL session obtained from the second core.
  - 20. The method of claim 11, wherein step (c) further comprises determining, by the packet engine, that the second core identifier corresponds to the core identifier of the core, and responsive to the determining, forwarding the request to a server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kanekar, Tushar

Granted Patent

US 9,654,505 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless network architectu...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0471   applying encryption by an i...

H04L 63/0485   Networking architectures fo...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/1027   Persistence of sessions dur...

H04L 67/1036   Load balancing of requests ...

H04L 67/146   Markers for unambiguous ide...

H04L 69/162   involving adaptations of so...

H04L 9/3268   using certificate validatio...

H04L 9/3271 : using challenge-response

H04L 9/3297 : involving time stamps, e.g....

View All

SYSTEMS AND METHODS FOR ENCODING THE CORE IDENTIFIER IN THE SESSION IDENTIFIER

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

69 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR ENCODING THE CORE IDENTIFIER IN THE SESSION IDENTIFIER

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

69 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links