Systems and methods for bulk encryption and decryption of transmitted data
First Claim
1. A method for using a device intermediary between a client and a server, to efficiently buffer and encrypt data for transmission, the method comprising:
- (a) decrypting, by a hardware cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device;
(b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;
a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;
(c) communicating, by the device responsive to detecting that the predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and
(d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server.
7 Assignments
0 Petitions
Accused Products
Abstract
A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.
23 Citations
12 Claims
-
1. A method for using a device intermediary between a client and a server, to efficiently buffer and encrypt data for transmission, the method comprising:
-
(a) decrypting, by a hardware cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device; (b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;
a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;(c) communicating, by the device responsive to detecting that the predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and (d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for efficiently buffering and encrypting data for transmission, the system comprising:
-
a computing device intermediary to a plurality of clients and one or more servers, the computing device configured to receive a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the computing device; a hardware cryptographic processor of the computing device, the cryptographic processor configured to decrypt the plurality of Secure Socket Layer (SSL) records; wherein the computing device is configured to store, for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;
a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;wherein the computing device is configured to detect that the predetermined transmittal condition has occurred for the first transport layer connection, and to communicate the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and wherein the computing device is configured to transmit the encrypted SSL record to the server via a second transport layer connection between the computing device and the server. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification