HTTP multiplexor/demultiplexor system for use in secure transactions

US 7,055,028 B2
Filed: 04/29/2002
Issued: 05/30/2006
Est. Priority Date: 10/10/2000
Status: Expired due to Term

First Claim

Patent Images

1. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:

an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;

wherein the HTTP multiplexor/demultiplexor is further configured to receive a plurality of responses to the HTTP requests from the target server, via the common, secure, server-side connection, and to route each of the plurality of responses back to an originating client;

wherein the HTTP multiplexor/demultiplexor is further configured to compress each of the responses in real time before routing each response to an originating client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer networking system, method and device are provided for use in secure networking transactions. The method may include pre-establishing a secure server-side connection between the secure networking device and a server. The method may also include receiving requests at the secure networking device from the plurality of clients via plural client-side connections between the networking device and each of the clients. The method may further include sending the requests from the plurality of clients over the pre-established secure server-side connection. SSL may be used to provide security for the server-side and/or client-side connections.

103 Citations

View as Search Results

49 Claims

1. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the HTTP multiplexor/demultiplexor is further configured to receive a plurality of responses to the HTTP requests from the target server, via the common, secure, server-side connection, and to route each of the plurality of responses back to an originating client;
  
  wherein the HTTP multiplexor/demultiplexor is further configured to compress each of the responses in real time before routing each response to an originating client.
- View Dependent Claims (2, 3)
- - 2. The secure networking device of claim 1, wherein the responses are received in encrypted form at the HTTP multiplexor/demultiplexor from the target server, and where the HTTP multiplexor/demultiplexor is further configured to decrypt each responses, and encrypt it in real time before routing it to an originating client.
  - 3. The secure networking device of claim 1, wherein the HTTP multiplexor/demultiplexor is configured to pre-establish the secure server-side connection prior to receiving the plurality of requests.

4. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the HTTP multiplexor/demultiplexor is configured to pre-establish the secure server-side connection on boot-up, prior to receiving the plurality of requests.

5. A secure networking device the use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the HTTP multiplexor/demultiplexor is configured to periodically tear down and reestablish the secure server-side connection.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The secure networking device of claim 5, wherein the server-side connection is one of a plurality of server-side connections to the target server, each server-side connection having an associated server-side device socket and a server socket.
  - 7. The secure networking device of claim 6, wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket to which to send each of the plurality of requests.
  - 8. The secure networking device of claim 6, wherein the number of server-side connections is smaller than the number of client-side connections, and the HTTP multiplexor/demultiplexor is configured to multiplex HTTP traffic between the larger number of client-side connections and the smaller number of server-side connections.
  - 9. The secure networking device of claim 6, wherein the target server is a front-end server and the secure server-side connection is a front-end secure server-side connection.
  - 10. The secure networking device of claim 6, wherein the server-side connections connect to a plurality of servers, and the HTTP multiplexor/demultiplexor is configured to select a target server based on a characteristic of the request.
  - 11. The secure networking device of claim 10, wherein the characteristic of the request is selected from the group consisting of content-type, content, and header.

12. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the server-side connection is one of a plurality of server-side connections to the target server, each server-side connection having an associated server-side device socket and a server socket;
  
  wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket to which to send each of the plurality of requests; and
  
  wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket at least in part by examining response times of the server sockets.

13. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the server-side connection is one of a plurality of server-side connections to the target server, each server-side connection having an associated server-side device socket and a server socket;
  
  wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket to which to send each of the plurality of requests; and
  
  wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket at least in part by choosing a next server socket in a round robin.

14. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the target server is a front-end server and the secure server-side connection is a front-end secure server-side connection; and
  
  wherein the HTTP multiplexor/demultiplexor is configured to set up the front-end secure server-side connection using the Secure Socket Layer (SSL) protocol.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
- - 15. The secure networking device of claim 14, wherein the front-end server is a web server.
  - 16. The secure networking device of claim 14, wherein the server-side connection is one of a plurality of server-side connections to the target server, each server-side connection having an associated server-side device socket and a server socket.
  - 17. The secure networking device of claim 16, wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket to which to send each of the plurality of requests.
  - 18. The secure networking device of claim 17, wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket at least in part by examining response times of the server sockets.
  - 19. The secure networking device of claim 17, wherein the HTTP multiplexor/demultiplexor is configured to select an optimal server socket at least in part by choosing a next server socket in a round robin.
  - 20. The secure networking device of claim 16, wherein the number of server-side connections is smaller than the number of client-side connections, and the HTTP multiplexor/demultiplexor is configured to multiplex HTTP traffic between the larger number of client-side connections and the smaller number of server-side connections.
  - 21. The secure networking device of claim 16, wherein the server-side connections connect to a plurality of servers, and the HTTP multiplexor/demultiplexor is configured to select a target server based on a characteristic of the request.
  - 22. The secure networking device of claim 21, wherein the characteristic of the request is selected from the group consisting of content-type, content, and header.
  - 23. The secure networking device of claim 14, wherein the HTTP multiplexor/demultiplexor is further configured to pre-establish a secure server-side connection to a back-end server.
  - 24. The secure networking device of claim 23, wherein the back-end server is selected from the group consisting of an application server and a database server.
  - 25. The secure networking device of claim 23, wherein the HTTP multiplexor/demultiplexor is further configured to pre-establish the secure sever-side connection to the back-end server using the Secure Socket Layer (SSL) protocol.
  - 26. The secure networking device of claim 23, wherein the HTTP multiplexor/demultiplexor is further configured to periodically tear down and reestablish the secure server-side connection to the back-end server.
  - 27. The secure networking device of claim 23, wherein the HTTP multiplexor/demultiplexor is further configured to receive requests from the front-end server and to route the requests to the back-end server over the pre-established secure server-side connection to the back-end server.
  - 28. The secure networking device of claim 23, wherein the front-end server is one of a plurality of front-end servers, and the HTTP multiplexor/demultiplexor is further configured to receive requests from the plurality of font-end servers and to route the requests from the plurality of front-end servers to the back-end servers over the secure server-side connection to the back-end server.

29. A secure networking device for use in mediating networking communications between a server and a plurality of clients configured to communicate via the Hypertext Transfer Protocol (HTTP), the secure networking device comprising:
- an HTTP multiplexor/demultiplexor configured to receive HTTP requests from the plurality of clients via a plurality of client-side connections, and to route the requests from the plurality of clients to a target server over a common, secure, server-side connection to the server;
  
  wherein the target server is a front-end server and the secure server-side connection is a front-end secure server-side connection; and
  
  wherein the HTTP multiplexor/demultiplexor is further configured to pre-establish a secure server-side connection to a back-end server.
- View Dependent Claims (30, 31, 32, 33, 34)
- - 30. The secure networking device of claim 29, wherein the server is selected from the group consisting of an application server and a database server.
  - 31. The secure networking device of claim 29, wherein the HTTP multiplexor/demultiplexor is further configured to pre-establish the secure server-side connection to the back-end server using the Secure Socket Layer (SSL) protocol.
  - 32. The secure networking device of claim 29, wherein the HTTP multiplexor/demultiplexor is further configured to periodically tear down and re-establish the secure server-side connection to the back-end server.
  - 33. The secure networking device of claim 29, wherein the HTTP multiplexor/demultiplexor is further configured to receive requests from the front-end server and to route the requests to the back-end server over the pre-established secure server-side connection to the back-end server.
  - 34. The secure networking device of claim 33, wherein the front-end server is one of a plurality of front-end servers, and HTTP multiplexor/demultiplexor is further configured to receive requests from the plurality of front-end servers and to route the requests from the plurality of front-end servers to the back-end server over the secure server-side connection to the back-end server.

35. A secure networking system,a comprising:
- a plurality of clients configured to initiate HTTP requests;
  
  a front-end server configured to serve HTTP responses in response to receiving HTTP requests from each of the clients;
  
  a secure networking device configured to pre-establish a secure connection to the front-end server, and to connect to the plurality of clients via a plurality of secure client-side connections, wherein the secure networking device is further configured to receive a plurality of HTTP requests from the plurality of clients via the plurality of secure client-side connections, and to route the requests from the plurality of clients to the front-end server over the secure front-end server-side connection; and
  
  a back-end server configured to process requests from the front-end server;
  
  wherein the secure networking device is configured to pre-establish a secure bank-end connection between the networking device and the back-end server, and to route traffic between the front-end server and back-end server, over the secure back-end connection, where the traffic is related to transactions requested by a plurality of originating clients.

36. A secure networking method for use in mediating communications between a plurality of clients and one or more servers via a secure networking device, the method comprising:
- pre-establishing a secure server-side connection between the secure networking device and a server;
  
  receiving requests at the secure networking device from the plurality of clients via plural client-side connections between the networking device and each of the clients;
  
  decrypting the client requests at the networking device;
  
  selecting an optimal server socket on the server for each request; and
  
  sending the requests from the plurality of clients over the pre-established secure server-side connection;
  
  wherein the step of selecting an optimal server socket is accomplished at least in part by determining a next server socket in a round robin.
- View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44)
- - 37. The method of claim 36, wherein the server is one of a plurality of servers connected to the networking device via secure server-side connections, the method further comprising:
    - selecting a target server for each request.
  - 38. The method of claim 37, wherein the target server for each request is selected at least in part based on a characteristic of the request.
  - 39. The method of claim 38, wherein the characteristic of the request is selected from a group consisting of content-type, content, and header.
  - 40. The method of claim 36, further comprising:
    - re-encrypting each request and forwarding it to the server over the pre-established server-side connection.
  - 41. The method of claim 40, further comprising:
    - receiving a response to each request from the server, via a pre-established secure server-side connection between the networking device and the server.
  - 42. The method of claim 41, further comprising:
    - decrypting each response, at the networking device.
  - 43. The method of claim 41, further comprising:
    - compressing each response, at the networking device.
  - 44. The method of claim 41, further comprising:
    - sending each response to an originating client, via a client-side secure connection.

45. A secure networking method for use in mediating communications between a plurality of clients and one or more servers via a secure networking device, the method comprising:
- pre-establishing a secure front-end server-side connection between the secure networking device and a front-end server;
  
  pre-establishing a secure back-end server connection between the networking device and a back-end server;
  
  receiving requests at the secure networking device from the plurality of clients via plural client-side connections between the networking device and each of the clients;
  
  decrypting the client requests at the networking device;
  
  re-encrypting each request and forwarding it to the front-end server over the re-established front-end server-side connection;
  
  sending the requests from the plurality of clients over the re-established secure front-end server-side connection;
  
  receiving a plurality of requests from the front-end server relating to transactions requested by a plurality of originating clients, via the secure front-end server connection; and
  
  sending the plurality of requests to the back-end server, via the pre-established, secure back-end server connection.
- View Dependent Claims (46, 47, 48, 49)
- - 46. The method of claim 45, further comprising:
    - receiving responses from the back-end server via the pre-established, secure back-end server connection; and
      
      sending each response to an originating front-end server, via the pre-established, secure front-end server connection.
  - 47. The method of claim 46, wherein the back-end server is selected from the group consisting of an application server and a database server.
  - 48. The method of claim 45, wherein the front-end server is a web server.
  - 49. The method of claim 45, further comprising:
    - periodically tearing down and reestablishing the secure server-side connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Juniper Networks Incorporated
Original Assignee
Juniper Networks Incorporated
Inventors
Peiffer, Christopher, L'Heureux, Israel
Primary Examiner(s)
Moise, Emmanuel L.
Assistant Examiner(s)
CALLAHAN, PAUL E

Application Number

US10/136,030
Publication Number

US 20030033520A1
Time in Patent Office

1,492 Days
Field of Search

713/151, 713/153, 713/164, 713/200, 713/201, 370/230, 709/238, 709/275, 709/218, 709/230, 709/105, 726/3, 726/30
US Class Current

713/151
CPC Class Codes

H04L 63/0281   Proxies

H04L 63/04   for providing a confidentia...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/168   above the transport layer

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/56   Provisioning of proxy servi...

H04L 67/5651   Reducing the amount or size...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

HTTP multiplexor/demultiplexor system for use in secure transactions

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

103 Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

HTTP multiplexor/demultiplexor system for use in secure transactions

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

103 Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links