Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

US 8,533,457 B2
Filed: 01/11/2011
Issued: 09/10/2013
Est. Priority Date: 02/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A system for encrypted data transmission via a secure connection over a network, the system comprising:

a plurality of client devices, wherein each client device is communicatively coupled to one or more proxy servers;

one or more application servers, wherein each application server is communicatively coupled to a plurality of proxy servers and encrypted data is transmitted between a client device and an application server from the one or more application servers via a proxy server and a secure connection while using an unreliable transport protocol, and wherein each application server simultaneously communicates with the plurality of communicatively coupled proxy servers; and

a plurality of proxy servers, wherein each proxy server includes cache memory that includes a copy of at least a portion of a collection of cached session information from previous secure communication sessions between the plurality of client devices and the plurality of proxy servers, wherein each of the plurality of proxy servers resumes an interrupted secure transmission session with at least a partial security handshake using at least a portion of the collected cached session information, and wherein the collection of cached session information includes information needed for a first proxy server of the plurality of proxy servers in a first secure connection with a second proxy server of the plurality of proxy servers to switch the first secure connection to connect the first proxy server and a third proxy server of the plurality of proxy servers using the cached session information and without having to generate a new secure connection.

View all claims

20 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.

116 Citations

15 Claims

1. A system for encrypted data transmission via a secure connection over a network, the system comprising:
- a plurality of client devices, wherein each client device is communicatively coupled to one or more proxy servers;
  
  one or more application servers, wherein each application server is communicatively coupled to a plurality of proxy servers and encrypted data is transmitted between a client device and an application server from the one or more application servers via a proxy server and a secure connection while using an unreliable transport protocol, and wherein each application server simultaneously communicates with the plurality of communicatively coupled proxy servers; and
  
  a plurality of proxy servers, wherein each proxy server includes cache memory that includes a copy of at least a portion of a collection of cached session information from previous secure communication sessions between the plurality of client devices and the plurality of proxy servers, wherein each of the plurality of proxy servers resumes an interrupted secure transmission session with at least a partial security handshake using at least a portion of the collected cached session information, and wherein the collection of cached session information includes information needed for a first proxy server of the plurality of proxy servers in a first secure connection with a second proxy server of the plurality of proxy servers to switch the first secure connection to connect the first proxy server and a third proxy server of the plurality of proxy servers using the cached session information and without having to generate a new secure connection.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The system of claim 1, wherein the unreliable transport protocol is the User Datagram Protocol.
  - 3. The system of claim 1, further including a cache repository for storing one or more copies of the cache memory.
  - 4. The system of claim 1, wherein each proxy server is capable of implementing a conventional single proxy server protocol function for transmitting the encrypted data via the secure connection, and a modified single proxy server protocol function for transmitting the encrypted data using the unreliable transport protocol.
  - 5. The system of claim 4, wherein the encrypted data includes a nonce value used as part of a record associated with the transmission of the encrypted data, and a special bit embedded into a header of the record to indicate that the record contains encrypted data.
  - 6. The system of claim 4, wherein the proxy server further includes a record detector for routing the encrypted data with respect to the convention single proxy server protocol function or the modified single proxy server protocol function.
  - 7. The system of claim 1, wherein the collection of cache session information includes a master key used to generate a session key associated with encrypting and decrypting data transmitted during the secure connection.
  - 8. The system of claim 1, wherein the collection of cache session information includes a peer certificate used to authenticate the client device.
  - 9. The system of claim 1, further comprising a load balancer for routing the encrypted data, the load balancer communicatively coupled to each client device of the plurality of client devices via a communication medium and a firewall.
  - 10. The system of claim 1, wherein the at least a portion of the cached session information includes a master session key that generates session keys for encrypting and decrypting data exchanged during the session.
  - 11. The system of claim 1, wherein the at least a portion of the cached session information includes a peer certificate that authenticates one or more client computers and one more client computer users.
  - 12. The system of claim 1, wherein the at least a portion of the cached session information includes one or more session identifiers that identify at least one secure transmission session.
  - 13. The system of claim 1, wherein the at least a portion of the cached session information includes an algorithm that compresses data.
  - 14. The system of claim 1, wherein the at least a portion of the cached session information includes a flag indicating that a particular session can be used to initiate new connections.
  - 15. The system of claim 1, wherein at least a portion of the cached session information includes information identifying the technique originally used to generate the session.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Aventail LLC
Original Assignee
Aventail LLC
Inventors
VanHeyningen, Marc D., Erickson, Rodger D.
Primary Examiner(s)
SHAW, YIN CHEN

Application Number

US13/004,812
Publication Number

US 20110173436A1
Time in Patent Office

973 Days
Field of Search

713150-151, 713/153, 713/160, 726/12
US Class Current

713/153
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/12   Applying verification of th...

H04L 63/166   at the transport layer

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/12   Transmitting and receiving ...

H04L 9/32   including means for verifyi...

Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

First Claim

20 Assignments

0 Petitions

Accused Products

Abstract

116 Citations

15 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

First Claim

20 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

15 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others