Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols
First Claim
1. A system for encrypted data transmission via a secure connection over a network, the system comprising:
- a plurality of client devices, wherein each client device is communicatively coupled to one or more proxy servers;
one or more application servers, wherein each application server is communicatively coupled to a plurality of proxy servers and encrypted data is transmitted between a client device and an application server from the one or more application servers via a proxy server and a secure connection while using an unreliable transport protocol, and wherein each application server simultaneously communicates with the plurality of communicatively coupled proxy servers; and
a plurality of proxy servers, wherein each proxy server includes cache memory that includes a copy of at least a portion of a collection of cached session information from previous secure communication sessions between the plurality of client devices and the plurality of proxy servers, wherein each of the plurality of proxy servers resumes an interrupted secure transmission session with at least a partial security handshake using at least a portion of the collected cached session information, and wherein the collection of cached session information includes information needed for a first proxy server of the plurality of proxy servers in a first secure connection with a second proxy server of the plurality of proxy servers to switch the first secure connection to connect the first proxy server and a third proxy server of the plurality of proxy servers using the cached session information and without having to generate a new secure connection.
20 Assignments
0 Petitions
Accused Products
Abstract
The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.
116 Citations
15 Claims
-
1. A system for encrypted data transmission via a secure connection over a network, the system comprising:
-
a plurality of client devices, wherein each client device is communicatively coupled to one or more proxy servers; one or more application servers, wherein each application server is communicatively coupled to a plurality of proxy servers and encrypted data is transmitted between a client device and an application server from the one or more application servers via a proxy server and a secure connection while using an unreliable transport protocol, and wherein each application server simultaneously communicates with the plurality of communicatively coupled proxy servers; and a plurality of proxy servers, wherein each proxy server includes cache memory that includes a copy of at least a portion of a collection of cached session information from previous secure communication sessions between the plurality of client devices and the plurality of proxy servers, wherein each of the plurality of proxy servers resumes an interrupted secure transmission session with at least a partial security handshake using at least a portion of the collected cached session information, and wherein the collection of cached session information includes information needed for a first proxy server of the plurality of proxy servers in a first secure connection with a second proxy server of the plurality of proxy servers to switch the first secure connection to connect the first proxy server and a third proxy server of the plurality of proxy servers using the cached session information and without having to generate a new secure connection. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
Specification