Enabling encryption of application level persistence between a server and a client

US 7,287,084 B1
Filed: 09/26/2005
Issued: 10/23/2007
Est. Priority Date: 07/15/1999
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing persistent communication between at least one client and a destination server, comprising:

at the destination server, receiving a first application level protocol request from a client, wherein the first application level protocol request includes a request for access to a resource provided by the destination server;

encrypting at least a portion of information associated with an application level protocol command to store data, wherein the encrypted information indicates at least the destination server, and wherein the encrypted information is included in a cookie;

sending a first response to the client, wherein the first response includes at least the encrypted portion of the application level protocol command to store data; and

decrypting at least a portion of information included in a second application level protocol request from the client, wherein the decrypted information is employable by a network transmission device to indicate the destination server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for inserting and examining encrypted identification information in the data streams of application level connections for the purpose of persistently directing application connections to the same destination. The invention enables a network device to direct subsequent application level connections from the same client to the same server (destination) for accessing the requested resources. There are four modes for employing the encrypted information to persistently direct application level connections. The associative mode inserts information that uniquely identifies the client into a response. The passive mode inserts information that uniquely identifies a previously selected destination into a response. In the rewrite mode, a network device manages the destination information that is rewritten over blank information generated by the destination producing the response. The insert mode inserts and removes identification information in the data packets for application level requests and responses prior to processing by the destination.

Citations

31 Claims

1. A method for providing persistent communication between at least one client and a destination server, comprising:
- at the destination server, receiving a first application level protocol request from a client, wherein the first application level protocol request includes a request for access to a resource provided by the destination server;
  
  encrypting at least a portion of information associated with an application level protocol command to store data, wherein the encrypted information indicates at least the destination server, and wherein the encrypted information is included in a cookie;
  
  sending a first response to the client, wherein the first response includes at least the encrypted portion of the application level protocol command to store data; and
  
  decrypting at least a portion of information included in a second application level protocol request from the client, wherein the decrypted information is employable by a network transmission device to indicate the destination server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, further comprising enabling a network transmission device to perform at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 3. The method of claim 1, further comprising enabling the destination server to perform at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 4. The method of claim 1, wherein the application level protocol command further comprises a space for a subsequent insertion of information.
  - 5. The method of claim 4, wherein the space is sized to allow the network transmission device to rewrite destination server identification data in the space and to maintain the size of the response.
  - 6. The method of claim 4, wherein the application level protocol command is recognizable by the network transmission device as including the space, and wherein the space is over writeable.
  - 7. The method of claim 1, further comprising sending, to the client, a timestamp, wherein the time stamp is associated with a time period for enabling the decrypted information associated with the second application level protocol request to indicate the destination server.
  - 8. The method of claim 1, wherein the information associated with the application level command to store data, further comprises a node address or a node port number.
  - 9. The method of claim 1, wherein the application level protocol is the Hypertext Transfer Protocol (HTTP).
  - 10. The method of claim 1, wherein the application level protocol command to store data is a command to create a cookie.
  - 11. The method of claim 1, further comprising providing a second response to the second application protocol level request, wherein the second response enables the client to access the resource provided by the destination server.
  - 12. The method of claim 1, further comprising enabling the network transmission device to forward each application level protocol request from the client to at least one destination server.
  - 13. The method of claim 1, further comprising enabling the network transmission device to load balance communication from the client and a plurality of destination services.
  - 14. The method of claim 1, wherein the information associated with the application level command to store data, further comprises at least one of an equation or a hash that is employable to encode the at least one destination server.

15. A processor readable medium, comprising processor executable data for enabling actions that provide persistent communication between at least one client and a destination server, including:
- enabling the destination server to receive a first application level protocol request from a client, wherein the first application level protocol request includes a request for access to a resource provided by the destination server;
  
  enabling encryption for at least a portion of information associated with an application level protocol command to store data, wherein the encrypted information indicates at least the destination server, and wherein the encrypted information is included in a cookie;
  
  forwarding a first response to the client, wherein the first response includes at least the encrypted portion of the application level protocol command to store data; and
  
  enabling decryption of at least a portion of information included in a second application level protocol request from the client, wherein the decrypted information is employable by a network transmission device to indicate the destination server.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The processor readable medium of claim 15, further comprising enabling a network transmission device to perform at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 17. The processor readable medium of claim 15, further comprising enabling the destination server to perform at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 18. The processor readable medium of claim 15, wherein the application level protocol command further comprises a space for a subsequent insertion of information.
  - 19. The processor readable medium of claim 15, wherein the space is sized to allow the network transmission device to rewrite destination server identification data in the space and to maintain the size of the response.
  - 20. The processor readable medium of claim 19, wherein the application level protocol command is recognizable by the network transmission device as including the space, and wherein the space is over writeable.
  - 21. The processor readable medium of claim 15, further comprising sending, to the client, a timestamp, wherein the time stamp is associated with a time period for enabling the decrypted information associated with the second application level protocol request to indicate the destination server.
  - 22. The processor readable medium of claim 15, wherein the information associated with the application level command to store data, further comprises at least one of an equation or a hash that is employable to encode the at least one destination server.

23. An apparatus for providing persistent communication between at least one client and a destination server, comprising:
- a memory for storing data;
  
  a processor for employing the stored data to enable actions, including;
  
  enabling the destination server to receive a first application level protocol request from a client, wherein the first application level protocol request includes a request for access to a resource provided by the destination server;
  
  enabling encryption for at least a portion of information associated with an application level protocol command to store data, wherein the encrypted information indicates at least the destination server, and wherein the encrypted information is included in a cookie;
  
  forwarding a first response to the client, wherein the first response includes at least the encrypted portion of the application level protocol command to store data; and
  
  enabling decryption of at least a portion of information included in a second application level protocol request from the client, wherein the decrypted information is employable by a network transmission device to indicate the destination server.
- View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31)
- - 24. The apparatus of claim 23, wherein the apparatus is operative as at least one of a server.
  - 25. The apparatus of claim 23, wherein the apparatus enables the balancing of a plurality of requests by one or more clients to access at least one resource provided by a plurality of destination servers.
  - 26. The apparatus of claim 23, wherein the application level protocol command further comprises a space for a subsequent insertion of information.
  - 27. The apparatus of claim 23, wherein the space is sized to allow the network transmission device to rewrite destination server identification data in the space and to maintain the size of the response.
  - 28. The apparatus of claim 23, wherein the application level protocol command is recognizable by the network transmission device as including the space, and wherein the space is over writeable.
  - 29. The apparatus of claim 23, further comprising enabling at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 30. The apparatus of claim 23, further comprising enabling the destination server to perform at least one of encryption or decryption for at least the portion of the information associated with the application level protocol command to store data.
  - 31. The apparatus of claim 23, wherein the information associated with the application level command to store data, further comprises at least one of an equation or a hash that is employable to encode the at least one destination server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
F5 Networks, Inc. (F5 Incorporated)
Original Assignee
F5 Networks, Inc. (F5 Incorporated)
Inventors
Masters, Richard R.
Primary Examiner(s)
VU, VIET DUY

Application Number

US11/235,643
Time in Patent Office

757 Days
Field of Search

709/217, 709/219, 709/223, 709/225, 709/226, 709/227, 709/229, 709/245, 709/246, 709/250
US Class Current

709/229
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/168   above the transport layer

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/1027   Persistence of sessions dur...

Enabling encryption of application level persistence between a server and a client

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling encryption of application level persistence between a server and a client

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links