Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers

US 7,900,040 B2
Filed: 08/31/2006
Issued: 03/01/2011
Est. Priority Date: 09/01/1999
Status: Expired due to Term

First Claim

Patent Images

1. A system comprising:

a server device configured to;

initiate, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, an assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment, andtransmit the encrypted-session identifier and the server-assignment cookie to a client device.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A load-balancer assigns incoming requests to servers at a server farm. An atomic operation assigns both un-encrypted clear-text requests and encrypted requests from a client to the same server at the server farm. An encrypted session is started early by the atomic operation, before encryption is required. The atomic operation is initiated by a special, automatically loaded component on a web page. This component is referenced by code requiring that an encrypted session be used to retrieve the component. Keys and certificates are exchanged between a server and the client to establish the encrypted session. The server generates a secure-sockets-layer (SSL) session ID for the encrypted session. The server also generates a server-assignment cookie that identifies the server at the server farm. The server-assignment cookie is encrypted and sent to the client along with the SSL session ID. The Client decrypts the server-assignment cookie and stores it along with the SSL session ID. The load-balancer stores the SSL session ID along with a server assignment that identifies the server that generated the SSL session ID. When other encrypted requests are generated by the client to the server farm, they include the SSL session ID. The load-balancer uses the SSL session ID to send the requests to the assigned server. When the client sends a non-encrypted clear-text request to the server farm, it includes the decrypted server-assignment cookie. The load balancer parses the clear-text request to find the server-assignment cookie. The load-balancer then sends the request to the assigned server.

58 Citations

View as Search Results

25 Claims

1. A system comprising:
- a server device configured to;
  
  initiate, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, an assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment, andtransmit the encrypted-session identifier and the server-assignment cookie to a client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1, further comprising a device coupled to the server device, wherein the device is a middleware device or a load-balancer.
  - 3. The system of claim 2, wherein the device is configured to use load-balancing to assign a server to an encrypted-session request in response to receiving the encrypted session request without a corresponding encrypted-session identifier from the client device.
  - 4. The system of claim 3, wherein the device is configured to use the load-balancing by utilizing a random method or a least-used server method.
  - 5. The system of claim 3, wherein the device is configured to generate an entry in an encrypted-session identifier table in response to receiving packets generated by the server device.
  - 6. The system of claim 5, wherein the entry in the encrypted-session identifier table comprises the encrypted-session identifier and a server -assignment field.
  - 7. The system of claim 6, wherein the server-assignment field comprises a server-farm identifier of the server device, a MAC address, or an IP address.
  - 8. The system of claim 2, wherein the device is configured to match a received encrypted-session identifier to the server device using an encrypted-session identifier table and to transmit an encrypted-session request to the server device, in response to receiving the encrypted session request containing the received encrypted session identifier from the client device.
  - 9. The system of claim 2, wherein the device is configured to match a server-assignment in a received server-assignment cookie to the server device and to transmit a clear-text request to the server device, in response to receiving the clear-text request, containing the received server-assignment cookie, for a clear text page from the client device.
  - 10. The system of claim 1, wherein the server-assignment cookie is encrypted before the server device transmits the server-assignment cookie to the client device.
  - 11. The system of claim 1, wherein the server device comprises one or more servers at a web server farm.
  - 12. The system of claim 1, wherein the clear-text web page is part of an electronic commerce website.
  - 13. The system of claim 1, wherein the encrypted-session identifier comprises a secure-sockets layer (SSL) session ID located in a non-encrypted portion of an encrypted connection.

14. A method comprising:
- initiating, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file and using a processing device, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie, having a same server-assignment; and
  
  transmitting the encrypted-session identifier and the server-assignment cookie to a client device.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 15. The method of claim 14, further comprising:
    - assigning a server to an encrypted-session request using a load-balancing method in response to a receipt of an encrypted-session request without an encrypted-session identifier by a device coupled to the server.
  - 16. The method of claim 15, further comprising:
    - generating an entry in an encrypted-session identifier table.
  - 17. The method of claim 14, further comprising:
    - matching the encrypted-session identifier to a server using an encrypted-session identifier table; and
      
      transmitting an encrypted-session request to the server in response to a receipt, by a device coupled to the server, of an encrypted-session request containing an encrypted-session identifier.
  - 18. The method of claim 14, further comprising:
    - matching a server-assignment to a server; and
      
      transmitting a clear-text request to the server in response to a receipt, by a device coupled to the server, of a clear-text request for a clear-text page containing a server-assignment cookie.
  - 19. The method of claim 14, further comprising:
    - suppressing an encrypted session warning by the client device.
  - 20. The method of claim 14, further comprising using a secure-sockets layer (SSL) session ID contained in a non-encrypted portion of an encrypted connection as the encrypted-session identifier.
  - 21. The method of claim 14, wherein the clear-text web page is part of an electronic commerce web site.
  - 22. The method of claim 14, further comprising exchanging encryption keys and certificates between the client device and a server.
  - 23. The method of claim 14, further comprising encrypting the server-assignment cookie before a transmission of the server-assignment cookie to the client device.

24. A system comprising:
- means for initiating, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment; and
  
  means for transmitting the encrypted-session identifier and the server-assignment cookie to a client device.

25. A non-transitory computer-readable storage medium having instructions stored thereon, the instructions comprising:
- instructions to perform, in response to a reference to an encrypted component on a clear-text web page comprising an invisible image file and using a processing device, a server-assignment operation to generate an encrypted-session identifier and a server-assignment cookie having a same server-assignment; and
  
  instructions to transmit, using the processing device, the encrypted session-identifier and the server-assignment cookie to a client device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hanger Solutions, LLC (IP Investments Group LLC)
Original Assignee
Dickens Coal LLC (Intellectual Ventures LLC)
Inventors
Brendel, Juergen
Primary Examiner(s)
ZIA, SYED

Application Number

US11/515,358
Publication Number

US 20070094373A1
Time in Patent Office

1,643 Days
Field of Search

None
US Class Current

713/153
CPC Class Codes

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/104   Grouping of entities

H04L 63/166   at the transport layer

H04L 63/20   for managing network securi...

H04L 67/1001   for accessing one among a p...

H04L 67/1012   based on compliance of requ...

H04L 67/1027   Persistence of sessions dur...

H04L 67/14   Session management for real...

H04L 69/16   Implementation or adaptatio...

H04L 69/163   In-band adaptation of TCP d...

H04L 69/22   Parsing or analysis of headers

Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

58 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

58 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others