Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers
First Claim
1. A system comprising:
- a plurality of server devices configured to service data requests originating from a network of clients; and
a load balancer device configured to;
determine, from a received data request containing a secure session ID and including a reference to an encrypted component embedded on a product-information web page, which of the plurality of server devices to assign to process secure requests, anddetermine, from received data requests containing a server assignment indicator, which of the plurality of server devices to assign to process requests for non-secured data, wherein the load-balancer device comprises a session table storing a plurality of stored encrypted-session identifiers for comparison with the secure session ID, and wherein entries in the session table include a session identifier for an encrypted session and a server identifier that identifies an assigned server device in the plurality of server devices.
4 Assignments
0 Petitions
Accused Products
Abstract
A load-balancer assigns incoming requests to servers at a server farm. An atomic operation assigns both un-encrypted clear-text requests and encrypted requests from a client to the same server at the server farm. An encrypted session is started early by the atomic operation, before encryption is required. The atomic operation is initiated by a special, automatically loaded component on a web page. This component is referenced by code requiring that an encrypted session be used to retrieve the component. Keys and certificates are exchanged between a server and the client to establish the encrypted session. The server generates a secure-sockets-layer (SSL) session ID for the encrypted session. The server also generates a server-assignment cookie that identifies the server at the server farm. The server-assignment cookie is encrypted and sent to the client along with the SSL session ID. The Client decrypts the server-assignment cookie and stores it along with the SSL session ID. The load-balancer stores the SSL session ID along with a server assignment that identifies the server that generated the SSL session ID. When other encrypted requests are generated by the client to the server farm, they include the SSL session ID. The load-balancer uses the SSL session ID to send the requests to the assigned server. When the client sends a non-encrypted clear-text request to the server farm, it includes the decrypted server-assignment cookie. The load balancer parses the clear-text request to find the server-assignment cookie. The load-balancer then sends the request to the assigned server.
-
Citations
12 Claims
-
1. A system comprising:
-
a plurality of server devices configured to service data requests originating from a network of clients; and a load balancer device configured to; determine, from a received data request containing a secure session ID and including a reference to an encrypted component embedded on a product-information web page, which of the plurality of server devices to assign to process secure requests, and determine, from received data requests containing a server assignment indicator, which of the plurality of server devices to assign to process requests for non-secured data, wherein the load-balancer device comprises a session table storing a plurality of stored encrypted-session identifiers for comparison with the secure session ID, and wherein entries in the session table include a session identifier for an encrypted session and a server identifier that identifies an assigned server device in the plurality of server devices. - View Dependent Claims (2, 3)
-
-
4. A method comprising:
-
generating, using a load balancing device, a server-assignment indicator in response to a first data request that includes a reference to an encrypted component embedded on a product-information web page, wherein the first data request comprises an encrypted-session request; comparing an encrypted-session identifier received by the load balancing device to a plurality of stored encrypted-session identifiers in a table accessible by the load balancing device; receiving, using the load balancing device, a second data request originating from a network; parsing, using the load balancing device, the second data request to determine a server-assignment indicator or a secure session identifier; and based on the server-assignment indicator or secure session identifier, assigning, using the load balancing device, one of a plurality of servers to process encrypted and non-encrypted requests originating from the network. - View Dependent Claims (5, 6)
-
-
7. A method comprising:
-
receiving, using a load balancer device, a secure session data request originating from a network, wherein the secure session data request comprises a request for encrypted data embedded on a web page, and wherein the encrypted data is invisible to a user of the web page; parsing, using the load balancer device, the secure session data request to determine a secure session identifier; comparing the secure session identifier to stored secure session identifiers in a session table accessible by the load balancer device; assigning, using the load balancer device, a first server from a plurality of servers to process the secure session data request and all subsequent encrypted and non-encrypted requests originating from a client containing the secure session identifier and a server assignment indicator associated with the first server; and passing, using the load balancer device, encryption authorization data through the load balancer device to directly establish a secure session between the first server and the client. - View Dependent Claims (8, 9)
-
-
10. A server system comprising:
-
means for servicing data requests originating from a network of clients; means for determining, from received data requests containing a secure session ID and including a reference to an encrypted component embedded on a product-information web page, which of a plurality of servers to assign to process secure requests; means for determining, from received data requests containing a server assignment indicator, which of the plurality of servers to assign to process requests for non-secured data; and means for storing, in a session table, a plurality of stored encrypted-session identifiers for comparison to the secure session ID, wherein entries in the session table include a session identifier for an encrypted session and a server identifier identifying an assigned server in the plurality of servers.
-
-
11. A system comprising:
-
a processor; and a memory storing instructions that, if executed by a computing device, cause the processor to; generate a server-assignment indicator in response to a first data request that includes a reference to an encrypted component embedded on a product-information web page, wherein the first data request comprises an encrypted-session request; comparing a received encrypted-session identifier to a plurality of stored encrypted session identifiers in a table accessible by a load balancer; receive a second data request originating from a network; parse the second data request to determine a server-assignment indicator or a secure session identifier; and based on the server-assignment indicator or secure session identifier, assign one of a plurality of servers to process encrypted and non-encrypted requests originating from the network.
-
-
12. An article of manufacture including a non-transitory medium, the medium configured to be machine-accessible and readable, and the medium having instructions stored thereon, execution of which by a computing device causes the computing device to perform operations comprising:
-
receiving, using a load balancer device, a secure session data request originating from a network, wherein the secure session data request comprises a request for encrypted data embedded on a web page, and wherein the encrypted data is invisible to a user of the web page; parsing, using the load balancer device, the secure session data request to determine a secure session identifier, comparing the secure session identifier to stored secure session identifiers in a session table accessible by the load balancer device; assigning, using the load balancer device, a first server from a plurality of servers to process the secure session data request and all subsequent encrypted and non-encrypted requests originating from a client containing the secure session identifier and a server assignment indicator associated with the first server; and passing, using the load balancer device, encryption authorization data through the load balancer device to directly establish a secure session between the first server and the client.
-
Specification