SYSTEMS AND METHODS FOR BULK ENCRYPTION AND DECRYPTION OF TRANSMITTED DATA
First Claim
1. A method for using an intermediary device to efficiently buffer and encrypt data for transmission between a client and a server, the method comprising:
- (a) decrypting, by a cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device;
(b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor;
(c) communicating, by the device responsive to detecting that a predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and
(d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server.
8 Assignments
0 Petitions
Accused Products
Abstract
A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
-
Citations
20 Claims
-
1. A method for using an intermediary device to efficiently buffer and encrypt data for transmission between a client and a server, the method comprising:
-
(a) decrypting, by a cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device; (b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor; (c) communicating, by the device responsive to detecting that a predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and (d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for efficiently buffering and encrypting data for transmission, the system comprising:
-
a device intermediary to a plurality of clients and one or more servers, the device configured to receive a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device; a cryptographic processor of the device, the cryptographic processor configured to decrypt the plurality of Secure Socket Layer (SSL) records; wherein the device is configured to store, for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor; wherein the device is configured to detect that a predetermined transmittal condition has occurred for the first transport layer connection, and to communicate the buffered decrypted messages to the cryptographic processor to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and wherein the device is configured to transmit the encrypted SSL record to the server via a second transport layer connection between the device and the server. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification