Method and apparatus for providing data from a service to a client based on encryption capabilities of the client
First Claim
1. A method of providing data from a service to a client over a telecommunication network based on encryption capabilities of the client, the method comprising the computer-implemented steps of:
- at an intermediate server, creating and storing a mapping that associates encryption types to a plurality of available online services, wherein each of the plurality of online services is provided by one or more of a plurality of servers;
wherein the intermediate server is coupled to the client and to the plurality of servers;
at the intermediate server, receiving from the client a request for data and a list of encryption types representing encryption capabilities that are available at the client;
determining an encryption type match by matching the list of encryption types received from the client to the mapping of encryption types to the plurality of online services;
selecting, from the plurality of online services, an online service that can provide the data to the client based on the encryption type match, wherein selecting the online service comprises selecting a particular server from the plurality of servers that provides the online service; and
causing communication of the data from the selected online service to the client.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus are disclosed for providing data from a service to a client based on the encryption capabilities of the client. Cipher suite lists are exchanged between a client and an endpoint. On the endpoint, the cipher suite list incorporates a mapping of cipher suite names to services. The endpoint uses the client'"'"'s list of cipher suites in conjunction with the mapping of cipher suite names to services to determine a cipher suite match. A service is selected based on the cipher suite match. A server farm is selected based on the service. The client is informed of this cipher suite match and the endpoint retains knowledge of the cipher suite match throughout the session. Therefore, the encrypted connection between the client and the endpoint can be disconnected and later reestablished to provide data from the particular server.
-
Citations
38 Claims
-
1. A method of providing data from a service to a client over a telecommunication network based on encryption capabilities of the client, the method comprising the computer-implemented steps of:
-
at an intermediate server, creating and storing a mapping that associates encryption types to a plurality of available online services, wherein each of the plurality of online services is provided by one or more of a plurality of servers; wherein the intermediate server is coupled to the client and to the plurality of servers; at the intermediate server, receiving from the client a request for data and a list of encryption types representing encryption capabilities that are available at the client; determining an encryption type match by matching the list of encryption types received from the client to the mapping of encryption types to the plurality of online services; selecting, from the plurality of online services, an online service that can provide the data to the client based on the encryption type match, wherein selecting the online service comprises selecting a particular server from the plurality of servers that provides the online service; and causing communication of the data from the selected online service to the client. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 12)
-
-
11. A method of providing data from a service to a client based on encryption capabilities of the client, the method comprising the computer-implemented steps of:
-
at an intermediate server, receiving an ordered mapping of cipher suite names to a plurality of services, wherein each of the plurality of services is provided by one or more of a plurality of servers in a server farm; wherein the intermediate server is coupled to the client and to the plurality of servers in the server farm; at the intermediate server, receiving from the client a request for data and an ordered list of cipher suites; determining a cipher suite match by selecting a first common cipher suite in the ordered list of cipher suites and the ordered mapping of cipher suite names to services; transmitting the cipher suite match to the client; selecting, from the plurality of services, the service that is associated with the cipher suite match in the ordered mapping; selecting the server farm based on the service; selecting a particular server from the plurality of servers in the server farm to provide the data to the client, wherein the particular server provides the service; and transmitting the data to the client.
-
-
13. A method of providing data associated with a service to a client over a telecommunication network based on SSL encryption capabilities of the client, the method comprising the computer-implemented steps of:
-
creating and storing, at an SSL termination device, a mapping that associates cipher suites that are supported by the SSL termination device with a plurality of online services that are accessible through the SSL termination device, wherein each of the plurality of services is provided by one or more of a plurality of servers; wherein the SSL termination device is coupled to the client and to the plurality of servers; receiving from the client as part of an SSL handshake phase message, a request for data and a list of cipher suites that are available at the client; matching the cipher suite list received from the client to the mapping to result in identifying at least one cipher suite in common between the cipher suite list and the mapping; based at least on the mapping, selecting an online service from the plurality of online services that corresponds to the cipher suite in common, wherein selecting the online service comprises selecting a particular server from the plurality of servers that provides the online service; and causing communication of the data from the selected online service to the client over an SSL connection using encryption parameters as defined in the cipher suite in common.
-
-
14. A computer-readable medium carrying one or more sequences of instructions for providing data from a service to a client based on encryption capabilities of the client, which instructions, when executed by one or more processors, cause the one or more processors to carry out the steps of:
-
at an intermediate server, creating and storing a mapping that associates encryption types to a plurality of available online services, wherein each of the plurality of online services is provided by one or more of a plurality of servers; wherein the intermediate server is coupled to the client and to the plurality of servers; at the intermediate server, receiving from the client a request for data and a list of encryption types representing encryption capabilities that are available at the client; determining an encryption type match by matching the list of encryption types received from the client to the mapping of encryption types to the plurality of online services; selecting, from the plurality of online services, an online service that can provide the data to the client based on the encryption type match, wherein selecting the online service comprises selecting a particular server from the plurality of servers that provides the online service; and causing communication of the data from the selected online service to the client.
-
-
15. An apparatus for providing data from a service to a client based on encryption capabilities of the client, comprising:
-
means for executing an intermediate server that is operable to connect to the client and to a plurality of servers; means for creating and storing, at the intermediate server, a mapping that associates encryption types to a plurality of available online services, wherein each of the plurality of online services is provided by one or more of the plurality of servers; means for receiving from the client a request for data and a list of encryption types representing encryption capabilities that are available at the client; means for determining an encryption type match by matching the list of encryption types received from the client to the mapping of encryption types to the plurality of online services; means for selecting, from the plurality of online services, an online service that can provide the data to the client based on the encryption type match, wherein the means for selecting the online service comprise means for selecting a particular server from the plurality of servers that provides the online service; and means for causing communication of the data from the selected service to the client. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
16. An apparatus for providing data from a service to a client based on encryption capabilities of the client, comprising:
-
a network interface that is coupled to a data network for receiving one or more packet flows therefrom; a processor; an intermediate server which, when executed by the processor, is operable to connect to the client and to a plurality of servers; and one or more stored sequences of instructions which, when executed by the processor, cause the processor to carry out the steps of; creating and storing, at the intermediate server, a mapping that associates encryption types to a plurality of available online services, wherein each of the plurality of online services is provided by one or more of the plurality of servers; receiving from the client a request for data and an ordered list of encryption types; determining an encryption type match by matching the list of encryption types received from the client to the mapping of encryption types to the plurality of online services; determining a particular server from the plurality of servers to retrieve the data based on the encryption type match, wherein the particular server provides the service which is selected from the plurality of online services; and causing communication of the data from the particular server to the client. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
37. An apparatus for providing data from a service to a client based on encryption capabilities of the client, comprising:
-
means for executing an intermediate server that is operable to connect to the client and to a plurality of servers in a server farm; means for receiving an ordered mapping of cipher suite names to a plurality of services, wherein each of the plurality of services is provided by one or more of the plurality of servers in the server farm; means for receiving from the client a request for data and an ordered list of cipher suites; means for determining a cipher suite match by selecting a first common cipher suite in the ordered list of cipher suites and the ordered mapping of cipher suite names to services; means for transmitting the cipher suite match to the client; means for selecting, from the plurality of services, the service that is associated with the cipher suite match in the ordered mapping; means for selecting the server farm based on the service; means for selecting a particular server from the plurality of servers in the server farm to provide the data to the client, wherein the particular server provides the service; and means for transmitting the data to the client.
-
-
38. An apparatus for providing data from a service to a client over a telecommunication network based on Secure Socket Layer (SSL) encryption capabilities of the client, comprising:
-
an SSL termination device that is operable to connect to the client and to a plurality of servers; means for creating and storing, at the SSL termination device, a mapping that associates cipher suites that are supported by the SSL termination device with a plurality of online services that are accessible through the SSL termination device, wherein each of the plurality of services is provided by one or more of the plurality of servers; means for receiving from the client as part of an SSL handshake phase message, a request for data and a list of cipher suites that are available at the client; means for matching the cipher suite list received from the client to the mapping to result in identifying at least one cipher suite in common between the cipher suite list and the mapping; means for selecting, based at least on the mapping, an online service from the plurality of online services that corresponds to the cipher suite in common, wherein the means for selecting the online service comprise means for selecting a particular server from the plurality of servers that provides the online service; and means for causing communication of the data from the selected online service to the client over an SSL connection using encryption parameters as defined in the cipher suite in common.
-
Specification