Systems and methods for bulk encryption and decryption of transmitted data
First Claim
1. A method for using a network appliance to efficiently buffer and encrypt data for transmission, the method comprising:
- (a) receiving, by an appliance via a first transport layer connection, a first SSL record, the first SSL record comprising a first encrypted message, the appliance configured with a cryptographic processing card to perform bulk encryption;
(b) decrypting, by the cryptographic processing card, the first encrypted message to produce a first decrypted message at the output;
(c) storing, by the appliance for later processing by the same cryptographic processing card, the first decrypted message from the output of the cryptographic processing card to a buffer until detection of one of a plurality of predetermined transmission conditions monitored by the appliance;
(d) receiving, by the appliance via the first transport layer connection, a second SSL record, the second SSL record comprising a second encrypted message;
(e) decrypting, by the cryptographic processing card, the second encrypted message to produce a second decrypted message at the output;
(e-1) storing, by the appliance for later processing by the same cryptographic processing card, the second decrypted message with the first decrypted message to the buffer until detection of one of the plurality of predetermined transmission conditions, a packet processing engine of the appliance configured to, upon detection of each of the plurality of predetermined transmission conditions, instruct the cryptographic processing card to combine the stored first and second messages to produce a third SSL record, encrypt the third SSL record and upon encryption transmit the encrypted third SSL record;
(f) communicating, by the packet processing engine, responsive to detecting that a transmittal condition of the plurality of predetermined transmittal conditions has occurred for the first transport layer connection, the buffered first decrypted message, the buffered second decrypted message, and the instruction to the same cryptographic processing card;
(g) receiving, by the appliance from the same cryptographic processing card for transmission via a second transport layer connection, an encrypted third SSL record produced from the first decrypted message and a portion of the second decrypted message; and
(h) transmitting, by the appliance via the second transport layer connection, the third SSL record.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two ore more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
26 Citations
20 Claims
-
1. A method for using a network appliance to efficiently buffer and encrypt data for transmission, the method comprising:
-
(a) receiving, by an appliance via a first transport layer connection, a first SSL record, the first SSL record comprising a first encrypted message, the appliance configured with a cryptographic processing card to perform bulk encryption; (b) decrypting, by the cryptographic processing card, the first encrypted message to produce a first decrypted message at the output; (c) storing, by the appliance for later processing by the same cryptographic processing card, the first decrypted message from the output of the cryptographic processing card to a buffer until detection of one of a plurality of predetermined transmission conditions monitored by the appliance; (d) receiving, by the appliance via the first transport layer connection, a second SSL record, the second SSL record comprising a second encrypted message; (e) decrypting, by the cryptographic processing card, the second encrypted message to produce a second decrypted message at the output; (e-1) storing, by the appliance for later processing by the same cryptographic processing card, the second decrypted message with the first decrypted message to the buffer until detection of one of the plurality of predetermined transmission conditions, a packet processing engine of the appliance configured to, upon detection of each of the plurality of predetermined transmission conditions, instruct the cryptographic processing card to combine the stored first and second messages to produce a third SSL record, encrypt the third SSL record and upon encryption transmit the encrypted third SSL record; (f) communicating, by the packet processing engine, responsive to detecting that a transmittal condition of the plurality of predetermined transmittal conditions has occurred for the first transport layer connection, the buffered first decrypted message, the buffered second decrypted message, and the instruction to the same cryptographic processing card; (g) receiving, by the appliance from the same cryptographic processing card for transmission via a second transport layer connection, an encrypted third SSL record produced from the first decrypted message and a portion of the second decrypted message; and (h) transmitting, by the appliance via the second transport layer connection, the third SSL record. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer implemented system for efficiently buffering and encrypting data for transmission, the system comprising:
-
a network appliance which receives, via a first transport layer connection, a first SSL record, the first SSL record comprising a first encrypted message, the network appliance configured with a cryptographic processing card to perform bulk encryption; wherein the cryptographic processing card decrypts the first encrypted message to produce a first decrypted message at the output, and the network appliance stores the first decrypted message from the output of the cryptographic processing card to a buffer for later processing by the same cryptographic processing card, the first decrypted message stored in the buffer until detection of one of a plurality of predetermined transmission conditions monitored by the network appliance; wherein the network appliance receives, via the first transport layer connection, a second SSL record, the second SSL record comprising a second encrypted message, the cryptographic processing card decrypts the second encrypted message to produce a second decrypted message at the output, and the network appliance stores for later processing by the same cryptographic processing card the second decrypted message to the buffer with the first decrypted message, the first decrypted message and second decrypted message stored in the buffer until detection of one of the plurality of predetermined transmission conditions, a packet processing engine of the appliance configured to, upon detection of each of the plurality of predetermined transmission conditions, instruct the cryptographic processing card to combine the stored first and second message to produce a third SSL record, encrypt the third SSL record and upon encryption transmit the encrypted third SSL record; and wherein the packet processing engine communicates, responsive to detecting that a transmittal condition of the plurality of predetermined transmittal conditions has occurred for the first transport layer connection, the first decrypted message, the second decrypted message from the buffer and the instruction to the same cryptographic processing card, the network appliance receiving from the cryptographic processing card for transmission via a second transport layer connection, the encrypted third SSL record produced from the first decrypted message and a portion of the second decrypted message; and
transmits, via the second transport layer connection, the third SSL record. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification