Providing secure connections for data transmission

US 7,870,380 B2
Filed: 10/29/2007
Issued: 01/11/2011
Est. Priority Date: 02/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method for establishing a secure connection for data transmission via a network, the method comprising:

receiving a request to establish a secure session with a computer using an unreliable protocol, the request received via the network;

transmitting a request for cached session information from a server storing the cached session information, the server coupled to the network;

receiving cached session information from the server storing the cached session information;

establishing a secure session with the computer using the unreliable protocol;

transmitting updated session information from the secure session to a plurality of recipient servers coupled to the network;

determining that the updated session information has been received at the plurality of recipient servers; and

adjusting a rate of transmission of updated session information to the plurality of recipient servers based on the determined receipt of the updated session information by the plurality of recipient servers.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed system and method allow secure packet transmission to be provided with a minimum amount of overhead and to employ a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device.

Citations

17 Claims

1. A method for establishing a secure connection for data transmission via a network, the method comprising:
- receiving a request to establish a secure session with a computer using an unreliable protocol, the request received via the network;
  
  transmitting a request for cached session information from a server storing the cached session information, the server coupled to the network;
  
  receiving cached session information from the server storing the cached session information;
  
  establishing a secure session with the computer using the unreliable protocol;
  
  transmitting updated session information from the secure session to a plurality of recipient servers coupled to the network;
  
  determining that the updated session information has been received at the plurality of recipient servers; and
  
  adjusting a rate of transmission of updated session information to the plurality of recipient servers based on the determined receipt of the updated session information by the plurality of recipient servers.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 16, 17)
- - 2. The method of claim 1, wherein the request to establish the secure connection includes a session identifier.
  - 3. The method of claim 1, further comprising performing a search of a local cache to locate the cached session information upon receiving the request to establish the secure connection.
  - 4. The method of claim 3, wherein performing the search includes generating a search key based on a session identifier.
  - 5. The method of claim 2, further comprising:
    - generating a search key upon receiving the request to establish the secure connection, the search key generated based on the session identifier; and
      
      transmitting the search key to the server storing the cached session information.
  - 6. The method of claim 2, wherein receiving the cached session information further comprises:
    - transmitting the session identifier to the server storing the cached session information; and
      
      receiving resumption information for a session associated with the session identifier.
  - 7. The method of claim 3, further comprising generating a record for storage in the local cache, the record including resumption information, an expiration date associated with the record, and the session identifier.
  - 8. The method of claim 3, wherein resumption information includes a message authentication check algorithm, a cipher specification, and flag information indicating that the session can be used to initiate a connection.
  - 9. The method of claim 8, further comprising:
    - initiating the session with the computer based on the flag information; and
      
      generating a record for storage in a local cache, the record including the resumption information, an expiration date associated with the record, and the session identifier.
  - 10. The method of claim 1, wherein the cached session information includes a peer certificate.
  - 11. The method of claim 1, wherein the cached session information includes a data compression algorithm.
  - 16. The method of claim 1, wherein adjusting the rate of transmission includes postponing the transmission of a data segment corresponding to the updated session information.
  - 17. The method of claim 1, wherein adjusting the rate of transmission includes determining an average number of data segments in an input queue.

12. A non-transitory computer-readable storage medium having embodied thereon a program, the program executable by a computer to perform a method for establishing a secure connection for data transmission in a network, the method comprising:
- receiving a request to establish a secure session using an unreliable protocol;
  
  transmitting a request for cached session information;
  
  receiving cached session information;
  
  establishing a secure session using the unreliable protocol;
  
  transmitting updated session information from the secure session to a plurality of recipient servers;
  
  determining that the updated session information has been received at the plurality of recipient servers; and
  
  adjusting a rate of transmission of updated session information to the plurality of recipient servers based on the determined receipt of the updated session information by the plurality of recipient servers.
- View Dependent Claims (13, 14, 15)
- - 13. The non-transitory computer-readable storage medium of claim 12, the method further comprising transmitting a positive acknowledgement of receipt of the cached session information.
  - 14. The non-transitory computer-readable storage medium of claim 12, the method further comprising transmitting a negative acknowledgement of receipt of the cached session information.
  - 15. The non-transitory computer readable storage medium of claim 12, the method further comprising initiating a session upon establishing a secure connection.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
VanHeyningen, Marc D., Erickson, Rodger D.
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
SHAW, YIN CHEN

Application Number

US11/927,362
Publication Number

US 20080104390A1
Time in Patent Office

1,170 Days
Field of Search

713/150, 713/151, 713/153, 713/152, 380/255, 380/37, 709227-229, 726 2- 3, 370229-235
US Class Current

713/151
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/12   Applying verification of th...

H04L 63/166   at the transport layer

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/12   Transmitting and receiving ...

H04L 9/32   including means for verifyi...

Providing secure connections for data transmission

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Providing secure connections for data transmission

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links