×

SYSTEMS AND METHODS FOR FLASH CROWD CONTROL AND BATCHING OCSP REQUESTS VIA ONLINE CERTIFICATE STATUS PROTOCOL

  • US 20110154018A1
  • Filed: 12/23/2009
  • Published: 06/23/2011
  • Est. Priority Date: 12/23/2009
  • Status: Active Grant
First Claim
Patent Images

1. A method of batching Online Certificate Status Protocol (OCSP) requests and caching responses to the OCSP requests, the method comprising:

  • (a) receiving, by an intermediary device between a plurality of clients and one or more servers, a first client certificate during a first Secure Socket Layer (SSL) handshake with a first client and a second client certificate during a second SSL handshake with a second client, each of the first client certificate and the second client certificate corresponding to a certificate authority;

    (b) identifying, by the intermediary device, that a status of the first client certificate and a status of the second client certificate is not in a cache of the intermediary device;

    (c) transmitting, by an Online Certificate Status Protocol (OCSP) responder of the intermediary device, a single request to an OCSP server to determine the status of each of the first client certificate and the second client certificate;

    (d) determining, by the intermediary device from a single response received from the OCSP server, whether to establish a first SSL connection with the first client based on the status of the first client certificate and a second SSL connection with the second client based on the status of the second client certificate;

    (e) storing, by the intermediary device, to the cache a first cache entry identifying the status of the first client certificate and a second cache entry identifying the status of second client certificate, each of the first cache entry and the second cache entry stored in association with the OCSP responder and with a cache expiry identified by the OCSP responder;

    (f) receiving, by the intermediary device from the first client during a third SSL handshake, the first client certificate; and

    (g) determining, by the intermediary, whether to establish a third SSL connection with the first client based on the status of the first client certificate identified via the cache.

View all claims
  • 8 Assignments
Timeline View
Assignment View
    ×
    ×