Techniques for securely managing and accelerating data delivery

US 8,060,926 B1
Filed: 02/23/2004
Issued: 11/15/2011
Est. Priority Date: 03/16/1999
Status: Expired due to Fees

First Claim

Patent Images

1. A method for managing and accelerating the delivery of data implemented in a computer-readable storage medium and processed on a proxy device for performing the method, comprising:

receiving a secure communications request for data associated with a remote site, wherein the request is received from a client and the secure communications request occurs via Secure Socket Layer (SSL) communications with the client and wherein the request is received at a forward proxy that processes within a local networking environment of the client, the local networking environment within a same physical and geographical location for the client and the forward proxy;

determining that a local managing service is needed to mediate between the client and the remote site based on an identity for the remote site, the remote site associated with an external networking environment, the external networking environment existing in a different physical and geographical location from that of the client and the forward proxy;

processing the local managing service from within the local networking environment of the client;

passing the request to the local managing service for processing acting as the forward proxy for the client, the local managing service is capable of caching the data for servicing the secure communications request of the client within the local networking environment of the client and capable of securely interfacing with the remote site via the external networking environment, the local managing service houses the identity for the remote site and local managing service is trusted by the remote site and the remote site delegates authority to the local managing service to vend data of the remote site within the local networking environment of the client;

creating, by the proxy device, a secure communications tunnel between the client and the local managing service; and

creating, by the proxy device, another secure communications tunnel between the local managing service and the remote site, the local managing service also acts as a reverse proxy on behalf of the remote site from within the local networking environment of the client, the remote site delegates data vending on behalf of the remote site to be managed and distributed by the local managing service from within the local networking environment of the client and the local managing service presents itself to the client as the remote site appearing to originate from the external networking environment.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided for securely managing and accelerating the delivery of data associated with remote sites. A client desires to establish secure communications with a remote site. Requests made from the client to the remote site are intercepted or forwarded to a proxy, which locates a local managing service associated with handling the requests. The local managing service acts as an intermediary between the client and the remote site and communicates securely with the client. Data associated with the client'"'"'s requests is at least partially cached by the local managing service for purposes of accelerating the delivery of that data to the client.

66 Citations

View as Search Results

24 Claims

1. A method for managing and accelerating the delivery of data implemented in a computer-readable storage medium and processed on a proxy device for performing the method, comprising:
- receiving a secure communications request for data associated with a remote site, wherein the request is received from a client and the secure communications request occurs via Secure Socket Layer (SSL) communications with the client and wherein the request is received at a forward proxy that processes within a local networking environment of the client, the local networking environment within a same physical and geographical location for the client and the forward proxy;
  
  determining that a local managing service is needed to mediate between the client and the remote site based on an identity for the remote site, the remote site associated with an external networking environment, the external networking environment existing in a different physical and geographical location from that of the client and the forward proxy;
  
  processing the local managing service from within the local networking environment of the client;
  
  passing the request to the local managing service for processing acting as the forward proxy for the client, the local managing service is capable of caching the data for servicing the secure communications request of the client within the local networking environment of the client and capable of securely interfacing with the remote site via the external networking environment, the local managing service houses the identity for the remote site and local managing service is trusted by the remote site and the remote site delegates authority to the local managing service to vend data of the remote site within the local networking environment of the client;
  
  creating, by the proxy device, a secure communications tunnel between the client and the local managing service; and
  
  creating, by the proxy device, another secure communications tunnel between the local managing service and the remote site, the local managing service also acts as a reverse proxy on behalf of the remote site from within the local networking environment of the client, the remote site delegates data vending on behalf of the remote site to be managed and distributed by the local managing service from within the local networking environment of the client and the local managing service presents itself to the client as the remote site appearing to originate from the external networking environment.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - determining, by the local managing service, when the secure communications request can be satisfied with cached data; and
      
      supplying the data from the cached data to the client with secure communications, when present in cache.
  - 3. The method of claim 2 further comprising:
    - requesting, by the local managing service, the data from the remote site if the data is not in the cache;
      
      receiving the data from the remote site; and
      
      supplying the data to the client with secure communications.
  - 4. The method of claim 3 further comprising, housing the data in the cache for subsequent requests made by the client or other clients for the data, when the data is permitted to be cached.
  - 5. The method of claim 1 further comprising, maintaining, by the local managing service, a certificate associated with communications from the remote site.
  - 6. The method of claim 1 further comprising:
    - transmitting, by the local managing service, to the remote site a first certificate associated with the identity of the local managing service;
      
      receiving, from the remote site, at the local managing service a second certificate associated with the identity of the remote site; and
      
      communicating between the remote site and the local managing service with Secure Sockets Layer (SSL) communications using the first and second certificates.

7. A method of managing and accelerating delivery of data implemented in a computer-readable storage medium and to process within a local networking environment of a client for performing the method, comprising:
- processing a local service of a proxy for communicating securely with the client and for acting on behalf of the client during interactions between the client and a remote site, the local service processed based on an identity of the remote site that identity used to determine that the local service is needed to mediate between the client and the remote site, the local service processes from within a local networking environment of the client and uses Secure Socket Layer (SSL) communications when interacting with the client, the local networking environment within a same physical and geographical location as the client, and the local service presents itself to the client as the remote site appearing from an external networking environment, the external networking environment existing within a different physical and geographical location from that which is associated with the client and the local service, and the local service acts as a reverse proxy on behalf of the remote site from the local networking environment of the client, the remote site delegates data vending from the remote site to the local service for distributing to the client;
  
  managing authority from the remote site at the local service, wherein authority is managed by accessing a certificate of the remote site at the local service and within the local networking environment of the client;
  
  establishing a secure tunnel between the local service of the proxy and the client for interactions between the client and the local service;
  
  establishing another secure tunnel between the local service and the remote site for interactions between the local service and the remote site; and
  
  caching, within the local service, data received from the remote site, and portions of the data are sent to the client in order to service data requests made from the client to the remote site.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 further comprising:
    - initially transmitting a local service certificate to the remote site; and
      
      subsequently communicating securely between the local service and the remote site using the local service certificate and the certificate of the remote site.
  - 9. The method of claim 7 further comprising, establishing the proxy as a transparent proxy for the client.
  - 10. The method of claim 7 further comprising:
    - inspecting at the proxy a secure request made from the client for the remote site; and
      
      transferring the secure request to the local service for processing.
  - 11. The method of claim 7 wherein caching further includes housing the data in a decrypted format within cache of the local service.
  - 12. The method of claim 7 wherein caching further includes sending the portions of the data from the cache to the client along with the certificate associated with the remote site.

13. A data management and acceleration delivery system implemented in computer-readable storage media and to process on devices of a network, the system comprising:
- a proxy;
  
  a local service accessible to the proxy; and
  
  a remote site external to the proxy, the proxy directs secure requests received from a client for the remote site to the local service, the secure requests are directed to the local service based on an identity for the remote site that is used to determine that the local service is needed to mediate between the client and the remote site, the local service;
  
  acts as a transparent proxy on behalf of the client, processes within a local networking environment of the client, and communicates securely with the client using Secure Socket Layer (SSL) communications via a first secure tunnel established by the proxy for interactions between the local service and the client, the local computing environment within a same physical and geographical location as the client, and the local service interacts securely with the remote site via a second secure tunnel established by the proxy for interactions between the local service and the remote site, communication with the remote site occurring over an external networking environment that is at a different physical and geographical location from that which is associated with the client and the local service, the interactions between the local service and the remote site is to acquire data on behalf of the client, the local service also configured for acting as a reverse proxy on behalf of the remote site and from within the local networking environment of the client, the remote site delegates data vending to the local service for distribution to the client and the local service presents itself to the client as the remote site, and portions or all of the acquired data are cached within the local service and used to service requests made by the client from within the local networking environment of the client.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The data management and acceleration delivery system of claim 13 wherein the local service includes a certificate with the identity of the remote site which is vended to the client.
  - 15. The data management and acceleration delivery system of claim 13 wherein the local service and remote site mutually interact securely with one another by exchanging certificates with one another.
  - 16. The data management and acceleration delivery system of claim 15 wherein the local service and the remote site sign communications occurring between them.
  - 17. The data management and acceleration delivery system of claim 13 wherein the client is a browser application.
  - 18. The data management and acceleration delivery system of claim 17 wherein the browser is configured to contact the proxy when making requests directed to the remote site.
  - 19. The data management and acceleration delivery system of claim 17 wherein the proxy intercepts requests made from the browser which are directed to the remote site and forwards the requests to the local service for handling the requests.

20. A data management and acceleration delivery system implemented in a computer-readable storage medium and to process on one or more devices of a network, the system comprising:
- a proxy; and
  
  one or more local services directly accessible to the proxy, the proxy acts as an intermediary between one or more clients and one or more remote sites, the proxy detects attempts made by the clients for establishing secure communications with the remote sites and based on the identities of a particular client and particular remote site identifies a particular local service and determines based on a particular identity for the particular remote site that the particular local service is needed to mediate between the particular remote site and the particular client, the particular local service;
  
  communicates securely with the particular client via Secure Socket Layer (SSL) communications as a transparent proxy to the particular client and via a first tunnel established by the proxy between the particular local service and the particular client, the particular local service processes within a local networking environment of the particular client and within a same physical and geographical location as that of the particular client, and the particular local service also securely communicates with the particular remote site as a reverse proxy for the particular remote service via a second tunnel established by the proxy between the particular local service and the particular remote site, communication with the particular remote site occurring over a particular external networking environment that is at a different physical and geographical location from that which is associated with the particular client and the particular local service, and the particular local service acts as the reverse proxy for the particular remote service from within the local networking environment of the particular client, and the particular remote site delegates data vending to the particular local service for distribution to the particular client and the particular local service presents itself to the particular client as the particular remote site from within the local networking environment of the particular client and the particular local service caches data received from the particular remote site for purposes of servicing requests for portions of that data requested by the particular client and the cached data resides within the local networking environment of the particular client.
- View Dependent Claims (21, 22, 23, 24)
- - 21. The data management and acceleration delivery system of claim 20 wherein each local service is associated with a unique one of the remote sites.
  - 22. The data management and acceleration delivery system of claim 20 further comprising switching logic that intercepts requests from the clients which are directed to the remote sites and forwards them to the proxy.
  - 23. The data management and acceleration delivery system of claim 20 wherein each of the local services includes a certificate associated with a unique one of the remote sites.
  - 24. The data management and acceleration delivery system of claim 20 wherein a number of the local services communicates securely with a number of the remote sites by initially exchanging mutual certificates.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Novell Incorporated (Open Text Corporation)
Inventors
Oyler, Mel J, Ackerman, Mark D., Ebrahimi, Hashem Mohammad
Primary Examiner(s)
Abrishamkar, Kaveh

Application Number

US10/784,440
Time in Patent Office

2,822 Days
Field of Search

None
US Class Current

726/12
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0884   by delegation of authentica...

H04L 63/162   at the data link layer

Techniques for securely managing and accelerating data delivery

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for securely managing and accelerating data delivery

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links