Techniques for securely accelerating external domains locally

US 7,904,951 B1
Filed: 03/31/2004
Issued: 03/08/2011
Est. Priority Date: 03/16/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method residing in a computer-readable medium and processed by a forward proxy for securely accelerating an external domain locally to a client, comprising:

receiving, at the forward proxy, a secure communications request for an external domain from a client;

establishing, at the forward proxy, a secure channel with the client using an anonymous secure socket layer (SSL) handshake, the secure channel is a temporary secure channel;

identifying, at the forward proxy, a domain identification associated with the request by inspecting a host header for the request;

discontinuing, by the forward proxy, the temporary secure channel; and

routing, by the forward proxy, the request to a local domain accelerator based on the domain identification, the local domain accelerator communicates securely with the external domain via a first set of unique session keys used for the local domain accelerator and the external domain to communicate via encrypted communications with one another and separately the local domain accelerator communicates securely with the client via a second set of unique session keys used for the local domain accelerator and the client to communicate and the first set of session keys and the second set of session keys are different from one another and the client believes communication that the client has with the local domain accelerator is occurring with the external domain because the local domain accelerator vends an external domain certificate to the client during the communication to present itself as the external domain but in fact it occurs with the local domain accelerator via the second set of session keys, and the local domain accelerator caches data from the external domain for servicing the request of the client, and wherein the data is cached and managed via the forward proxy and maintained in encrypted format within cache and then decrypted and re-encrypted using the second set of unique session keys when data from the cache is delivered from the local domain accelerator to the client from the cache to satisfy the request and all communication between the external domain and the local domain accelerator is mutually signed.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for securely accelerating external domains locally. Secure client requests directed to an external domain are forwarded to a local domain accelerator. The local domain accelerator communicates securely with the client as if it were the external domain. The local domain accelerator communicates securely with the external domain and acquires data to service the client requests within a local cache. The data is vended from the local cache via secure communications made to the client.

99 Citations

View as Search Results

18 Claims

1. A computer-implemented method residing in a computer-readable medium and processed by a forward proxy for securely accelerating an external domain locally to a client, comprising:
- receiving, at the forward proxy, a secure communications request for an external domain from a client;
  
  establishing, at the forward proxy, a secure channel with the client using an anonymous secure socket layer (SSL) handshake, the secure channel is a temporary secure channel;
  
  identifying, at the forward proxy, a domain identification associated with the request by inspecting a host header for the request;
  
  discontinuing, by the forward proxy, the temporary secure channel; and
  
  routing, by the forward proxy, the request to a local domain accelerator based on the domain identification, the local domain accelerator communicates securely with the external domain via a first set of unique session keys used for the local domain accelerator and the external domain to communicate via encrypted communications with one another and separately the local domain accelerator communicates securely with the client via a second set of unique session keys used for the local domain accelerator and the client to communicate and the first set of session keys and the second set of session keys are different from one another and the client believes communication that the client has with the local domain accelerator is occurring with the external domain because the local domain accelerator vends an external domain certificate to the client during the communication to present itself as the external domain but in fact it occurs with the local domain accelerator via the second set of session keys, and the local domain accelerator caches data from the external domain for servicing the request of the client, and wherein the data is cached and managed via the forward proxy and maintained in encrypted format within cache and then decrypted and re-encrypted using the second set of unique session keys when data from the cache is delivered from the local domain accelerator to the client from the cache to satisfy the request and all communication between the external domain and the local domain accelerator is mutually signed.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1 further comprising, establishing a Secure Sockets Layer (SSL) handshake between the client and the local domain accelerator to service the request, wherein the client believes that the handshake is with the external domain.
  - 3. The method of claim 1 wherein receiving further includes intercepting the request that originates from the client for the external domain.
  - 4. The method of claim 1 further comprising, accessing, by the local domain accelerator, caching services for caching and managing the data.
  - 5. The method of claim 1 wherein identifying further includes stripping a host header from the request, wherein the host header is the domain identifier which identifies the external domain.

6. A computer-implemented method residing in a computer-readable medium and processed by a proxy for securely accelerating an external domain locally, comprising:
- receiving a secure request forwarded from a proxy, the secure request originating from a client and destined for an external domain, the proxy acting as both a transparent and forward proxy within a local environment of the client;
  
  establishing a temporary secure channel between the client and the proxy via an anonymous secure socket layer (SSL) handshake to acquire from a header of the secure request an identity for the external domain and then discontinuing the temporary secure channel;
  
  establishing a secure communication with the client by providing the client a certificate associated with the external domain, the certificate is for the external domain and is vended to the client to make the client believe the secure interaction is occurring with the external domain, and the secure communication entails using a first set of session keys to communicate securely with the client and the client believes after receiving the certificate that communication is occurring with the external domain; and
  
  servicing the client with data from local cache that is acquired from the external domain via encrypted communications, and a portion of that data is used to service the secure request, and separate communication is securely established with the external domain using a second set of session keys via the encrypted communications, the first set of session keys different from the second set of session keys, and the data is encrypted within the local cache of the proxy and subsequently decrypted and then re-encrypted and delivered to the client using the first set of session keys via the secure communication with the client and all communication with the external domain to and from the method is mutually signed.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6 wherein servicing further includes acting as the external domain when interacting with the client.
  - 8. The method of claim 6 further comprising accessing caching services from the proxy to manage the data in the local cache.
  - 9. The method of claim 6 wherein servicing further includes acquiring at least a portion of the data from the external domain in advance of a subsequent request for that portion of the data, wherein the subsequent request is issued from the client.
  - 10. The method of claim 6 wherein servicing further includes interacting securely with the external domain to acquire the data housed in the local cache.

11. An external domain acceleration system, comprising:
- a proxy configured as both a transparent and forward proxy; and
  
  a local domain accelerator implemented in a computer-readable medium and to process on the proxy, a client securely requests an external domain and the proxy routes the request to the local domain accelerator, a secure request between the client and the proxy occurs via an anonymous secure socket layer (SSL) handshake via a temporary secure channel that is discontinued by the proxy once the proxy acquires an identity for the external domain from a header of the secure request;
  
  the local domain accelerator securely communicates with the external domain via encrypted communications and caches data in a local cache of the proxy in an encrypted format which is used to service the client via secure communications between the local domain accelerator and the client by decrypting and then re-encrypting the data from the local cache using a first set of session keys, and the local domain accelerator securely communicates with the client using the first set of session keys and securely communicates with the external domain using a second set of session keys via the encrypted communications, the first set of session keys are different from the second set of session keys, and wherein the client believes communication is occurring between the client and the external domain because the local domain accelerator vends an external domain certificate to the client during the communication to present itself as the external domain, but in fact communication is occurring between the client and the local domain accelerator via the first set of session keys and all communication between the external domain and the local domain accelerator is mutually signed.
- View Dependent Claims (12, 13)
- - 12. The external domain acceleration system of claim 11 wherein the client is a browser application that interacts with the local domain accelerator via Secure Sockets Layer (SSL) communications.
  - 13. The external domain acceleration system of claim 11 wherein the proxy creates a secure communications tunnel between the client and the local domain accelerator and the proxy creates a secure communications channel between the local domain accelerator and the external domain.

14. An external domain acceleration system, comprising:
- a local domain accelerator implemented in a computer-readable medium and to process on a forward proxy for a client; and
  
  cache of the proxy, the proxy configured to establish an initial temporary secure channel with the client via an anonymous secure socket layer (SSL) handshake to parse from a header of a secure request an identity for an external domain and then the proxy discontinues the temporary secure channel, the local domain accelerator securely communicates with the client as if the local domain accelerator was the external domain and securely communicates with the external domain via encrypted communications for purposes of acquiring data from the external domain, and wherein the local domain accelerator houses the data in and vends the data from the cache to the client, the data housed in the cache in an encrypted format, and wherein the local domain accelerator securely communicates with the client via a first set of session keys and separately securely communicates with the external domain using a second set of session keys via the encrypted communications and the first set of session keys is different from the second set of session keys and the client believes that the client is communicating with the external domain because the local domain accelerator vends an external domain certificate to the client during the communication to present itself as the external domain, but in fact the client is communicating with the local domain accelerator using the first set of session keys and all communication between the external domain and the local domain accelerator is mutually signed.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The external domain acceleration system of claim 14 further comprising a proxy that acts as a secure conduit between the client and the local domain accelerator and a secure conduit between the local domain accelerator and the external domain.
  - 16. The external domain acceleration system of claim 14 wherein the local domain accelerator and the external domain exchange certificates with one another during communications with one another.
  - 17. The external domain acceleration system of claim 14 wherein the client is a browser and uses Secure Sockets Layer (SSL) communications to attempt to directly communicate with the external domain, the communications are intercepted and forwarded to the proxy and the proxy forwards the communications to the local domain accelerator where the local domain accelerator presents itself securely to the client as if it were the external domain.
  - 18. The external domain acceleration system of claim 14 wherein the external domain includes a plurality of external sites having a plurality of services.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Ackerman, Mark D., Amin, Baber, Ebrahimi, Hashem Mohammad
Primary Examiner(s)
Vu, Kimyen
Assistant Examiner(s)
GYORFI, THOMAS A

Application Number

US10/814,983
Time in Patent Office

2,533 Days
Field of Search

726/12, 726/14, 713/151, 713/153, 713/156, 380/255
US Class Current

726/12
CPC Class Codes

H04L 63/0823   using certificates cryptogr...

H04L 63/0884   by delegation of authentica...

H04L 67/568   Storing data temporarily at...

Techniques for securely accelerating external domains locally

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

99 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for securely accelerating external domains locally

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

99 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links