SYSTEM AND METHOD FOR OPTIMIZING NAME-RESOLUTION OVERHEAD IN A CACHING NETWORK INTERMEDIARY DEVICE

US 20130054671A1
Filed: 08/25/2011
Published: 02/28/2013
Est. Priority Date: 08/25/2011
Status: Active Grant

First Claim

Patent Images

1. In a network intermediary device, a computer-implemented method for name resolution, comprising:

receiving an object by the network intermediary device that is transmitted between a client and a server, the object associated with a network protocol, an object name, a supplier identity, and one or more trust properties responsive to the resolution of the object name to the supplier identity;

querying an object storage to determine if the object name associated with the object exists in the object storage;

responsive to the object name associated with the object that exists in the object storage, examining the trust properties of the object to be obtained from a supplier of trusted resolution by the network intermediary device; and

responsive to the object being an untrusted object, comparing the supplier identity of the object with an implied client-resolved supplier address by the network intermediary device.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention describes a system, method, and article of manufacture for resolving names received in network protocol requests by a network intermediary device coupled between a client network and a server network. A deferred trust model caching engine in the network intermediary device includes a transactor module configured to efficiently process a protocol request with a sequence of determinant criteria, although the sequence can occur in different orders. The deferred trust model caching engine includes a cacheability evaluator component configured to determine whether the protocol request is for a resource that the protocol permits to be cached by the network intermediate device, and a supplier trust evaluator component configured to compare information about the client'"'"'s network protocol request and a cached object representation to determine if the object is trustworthy or not. The cached object representation associates an object with a supplier identity and a supplier trust property.

12 Citations

View as Search Results

46 Claims

1. In a network intermediary device, a computer-implemented method for name resolution, comprising:
- receiving an object by the network intermediary device that is transmitted between a client and a server, the object associated with a network protocol, an object name, a supplier identity, and one or more trust properties responsive to the resolution of the object name to the supplier identity;
  
  querying an object storage to determine if the object name associated with the object exists in the object storage;
  
  responsive to the object name associated with the object that exists in the object storage, examining the trust properties of the object to be obtained from a supplier of trusted resolution by the network intermediary device; and
  
  responsive to the object being an untrusted object, comparing the supplier identity of the object with an implied client-resolved supplier address by the network intermediary device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31)
- - 2. The method as recited in claim 1, prior to the querying step, further comprising determining by the network intermediary device if the object is cacheable, the object being cacheable if the associated network protocol is permitted to be cached by the network intermediary device.
  - 3. The method as recited in claim 1, after the comparing step, if the supplier identity of the object does not match with the implied client-resolved supplier address, further comprising resolving the object name associated with the object by a name resolution module in the network intermediary device to determine an authoritative list of supplier identities.
  - 4. The method as recited in claim 1, wherein the receiving step comprises intercepting the object by the network intermediary device.
  - 5. The method as recited in claim 1, wherein the receiving step comprises auditing the object transmitted from the client to the server.
  - 6. The method as recited in claim 1, wherein the network intermediary device acts as a remote agent disposed between the client and the server.
  - 7. The method as recited in claim 2, wherein the determining step comprises determining the object is cacheable if the associated network protocol is a standardized protocol.
  - 8. The method as recited in claim 2, wherein the determining step comprises determining the object is non-cacheable if the associated network protocol having an observed property that is not permitted by a network protocol module in the network intermediate device.
  - 9. The method as recited in claim 2, wherein the determining step comprises the object being cacheable by using a cacheability heuristic or statistical means.
  - 10. The method as recited in claim 2, wherein the determining step comprises a combination of determining if the associated network protocol is a standardized protocol, determining if the associated network protocol having an observed property that is not permitted by a network protocol module in the network intermediate device, and using a cacheability heuristic or statistical means.
  - 11. The method as recited in claim 2, if the object is determined to be non-cacheable, further comprising employing the implied client-resolved supplier address on the non-cacheable object request by the network intermediary device.
  - 12. The method as recited in claim 1, if the object name associated with the object exists in the object storage, wherein the querying step comprises certifying the object is usable for a direct communication between the client and the server.
  - 13. The method as recited in claim 1, if the object name associated with the object exists in the object storage, wherein the querying step comprises certifying the object partially satisfies a policy logic as set forth in a network protocol module in the network intermediary device.
  - 14. The method as recited in claim 1, if the object name associated with the object exists in the object storage, wherein the querying step comprises retrieving the one or more trust properties and the supplier identity associated with the object from the object storage.
  - 15. The method as recited in claim 1, if the object name associated with the object does not exist in the object storage, further comprising employing the implied client-resolved supplier address to obtain the object from the untrusted resolved supplier.
  - 16. The method as recited in claim 15, further comprising marking the object stored in the object storage of the network intermediary device as an object obtained from a trusted supplier.
  - 17. The method as recited in claim 1, wherein the examining step comprising validating the object as the trusted object by validating the one or more trust properties with an authoritative supplier.
  - 18. The method as recited in claim 17, after validating the object as authoritative, further comprising storing the object as associated with a trusted supplier.
  - 19. The method as recited in claim 17, wherein the trust object comprises an object marked in the object storage as having been acquired from a trusted resolution supplier address.
  - 20. The method as recited in claim 1, wherein the untrusted object is identified with a non-validated supplier.
  - 21. The method as recited in claim 1, if the supplier identity of the stored object matches the implied client-resolved supplier address, after the comparing step, further comprising retrieving the stored untrusted supplier object from the object storage to satisfy a request associated with the object from the client.
  - 22. The method as recited in claim 3, if the supplier identity of the object does not match with the authoritative list of supplier identities, further comprising discarding the cached object from the object storage.
  - 23. The method as recited in claim 3, if the supplier identity of the stored object matches with the authoritative list of trusted resolution supplier identities, further comprising escalating the object to a trusted supplier status by the network intermediary device.
  - 24. The method as recited in claim 23, if the supplier identity of the stored object matches with the authoritative list of trusted resolution supplier identities, further comprising marking the object stored in the object storage of the network intermediary device as associated with a trusted supplier.
  - 25. The method as recited in claim 1, wherein the object is embodied in an electronic message.
  - 26. The method as recited in claim 1, wherein the object comprises a HyperText Transfer Protocol (HTTP) message.
  - 27. The method as recited in claim 1, wherein the object comprises a HyperText Transfer Protocol (HTTP) response message, wherein the name of the object comprises a Uniform Resource Identifier (URI).
  - 28. The method as recited in claim 1, wherein the object comprises a HyperText Transfer Protocol (HTTP) response message, wherein the name of the object comprises a Uniform Resource Identifier (URI) and additional representation information.
  - 29. The method as recited in claim 1, wherein the object comprises a portion of a HyperText Transfer Protocol (HTTP) response message, wherein the name of the object comprises a Uniform Resource Identifier (URI).
  - 30. The method as recited in claim 1, wherein the object comprises a portion of a HyperText Transfer Protocol (HTTP) response message, wherein the name of the object comprises a Uniform Resource Identifier (URI) and additional representation information.
  - 31. The method as recited in claim 1, wherein the network intermediary device comprises a HTTP caching proxy device.

32. A network intermediary device disposed between a client network and a server network, comprising:
- a network protocol module configured to decode a network protocol associated with an object transmitted from a client, the object associated with a network protocol, an object name, a supplier identity, and one or more trust properties responsive to the resolution of the object name to the supplier identity;
  
  a transactor module, communicatively coupled to the network protocol module, having a cacheability evaluator component and a supplier trust evaluator component, the cacheability evaluator component configured to determine that the network protocol of the object permits the object to be cached by the network intermediary device, the transactor configured to query an object storage to determine if the name object exists in the object storage.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The network intermediary device as recited in claim 32, wherein the supplier trust evaluator component is configured to examine the one or more trust properties of the object to be a trusted supplier object or an untrusted supplier object.
  - 34. The network intermediary device as recited in claim 32, wherein the supplier trust evaluator component is configured to compare the supplier identity of the object with an implied client-resolved supplier address by the network intermediary device.
  - 35. The network intermediary device as recited in claim 32, wherein the object comprises protocol information and system information;
    - and wherein the supplier trust evaluator component is configured to compare the protocol meta information and the system meta information of the object with the meta information in the object storage.
  - 36. The network intermediary device as recited in claim 35, wherein the protocol information comprises protocol meta information, and the system information comprises system meta information.
  - 37. The network device as recited in claim 32, further comprising an object storage interface, communicatively coupled to the transactor module and the network protocol module, configured to access the object storage.
  - 38. The network device as recited in claim 37, further comprising a name resolution module, communicatively coupled to the transactor module, the network protocol module, and the object storage interface, configured to determine an authoritative list of supplier identities for the object name of the object.

39. A computer program product comprising a computer readable storage medium structured to store instructions executable by a processor in a mobile device, the instructions, when executed cause the processor to:
- a network protocol module configured to decode a network protocol associated with an object transmitted from a client, the object associated with a network protocol, an object name, and a supplier identity, and one or more trust properties responsive to the resolution of the object name to the supplier identity;
  
  a transactor module, communicatively coupled to the network protocol module, having a cacheability evaluator component and a supplier trust evaluator component, the cacheability evaluator component configured to determine that the network protocol of the object permits the object to be cached by the network intermediary device, the transactor configured to query an object storage to determine if the name object exists in the object storage.

40. In a network intermediary device, a computer-implemented method for name resolution, comprising:
- receiving an object by the network intermediary device that is transmitted between a client and a server, the object associated with a network protocol, an object name, a supplier identity, and one or more trust properties responsive to the resolution of the object name to the supplier identity; and
  
  determining by the network intermediary device if the object is cacheable, the object being cacheable if the associated network protocol is permitted to be cached by the network intermediary device.
- View Dependent Claims (41, 42, 43, 44, 45)
- - 41. The method as recited in claim 40, after the determining step, further comprising querying an object storage to determine if the object name associated with the object exists in the object storage.
  - 42. The method as recited in claim 41, after the querying step, further comprising responsive to the object name associated with the object that exists in the object storage, examining the one or more trust properties of the object to be a trusted object or an untrusted object by the network intermediary device;
    - and
  - 43. The method as recited in claim 42, after the examining step, further comprising responsive to the object being an untrusted object, comparing the supplier identity of the object with the implied client-resolved supplier address by the network intermediary device.
  - 44. The method as recited in claim 43, after the comparing step, if the supplier identity of the stored object does not match with the implied client-resolved supplier address, further comprising resolving the object name associated with the object by a name resolution module in the network intermediary device to determine an authoritative list of supplier identities,
  - 45. The method as recited in claim 42, wherein the trust object comprises an object marked in the object storage as having been acquired from a trusted resolution supplier address.

46. In a network intermediary device, a computer-implemented method for name resolution, comprising:
- receiving an object by the network intermediary device that is transmitted between a client and a server, the object associated with a network protocol, an object name, a supplier identity and one or more trust properties responsive to the resolution of the object name to the supplier identity;
  
  determining by the network intermediary device if the object is cacheable, the object being cacheable if the associated network protocol is permitted to be cached by the network intermediary device;
  
  responsive to the object being provisionally cacheable, querying an object storage to determine if the object name associated with the object exists in the object storage;
  
  responsive to the object name associated with the object that exists in the object storage, examining the one or more trust properties of the object to be a trusted objected or an untrusted object by the network intermediary device;
  
  responsive to the object being an untrusted object, comparing the supplier identity of the object with an implied client-resolved supplier address by the network intermediary device; and
  
  responsive to the supplier identity of the object that does not match with the implied client-resolved supplier address, resolving the object name associated with the object by a name resolution module in the network intermediary device to determine an authoritative list of supplier identities.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Blue Coat Systems Incorporated (Gen Digital Inc.)
Inventors
Maki, Eric

Granted Patent

US 8,671,157 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/202
CPC Class Codes

H04L 2463/145   Detection or countermeasure...

H04L 61/4511   using domain name system [DNS]

H04L 63/126   the source of the received ...

H04L 63/1466   Active attacks involving in...

SYSTEM AND METHOD FOR OPTIMIZING NAME-RESOLUTION OVERHEAD IN A CACHING NETWORK INTERMEDIARY DEVICE

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

12 Citations

46 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR OPTIMIZING NAME-RESOLUTION OVERHEAD IN A CACHING NETWORK INTERMEDIARY DEVICE

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

12 Citations

46 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links