Systems and methods for bulk encryption and decryption of transmitted data

US 8,838,958 B2
Filed: 12/12/2012
Issued: 09/16/2014
Est. Priority Date: 08/21/2006
Status: Active Grant

First Claim

Patent Images

1. A method for using a device intermediary between a client and a server, to efficiently buffer and encrypt data for transmission, the method comprising:

(a) decrypting, by a hardware cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device;

(b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;

a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;

(c) communicating, by the device responsive to detecting that the predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and

(d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for using a network appliance to efficiently buffer and encrypt data for transmission includes: receiving, by an appliance via a connection, two or more SSL records comprising encrypted messages; decrypting the two or more messages; buffering, by the appliance, the two or more decrypted messages; determining, by the appliance, that a transmittal condition has been satisfied; encrypting, by the appliance in response to the determination, the first decrypted message and a portion of the second decrypted message to produce a third SSL record; and transmitting, by the appliance via a second connection, the third record. Corresponding systems are also described.

23 Citations

View as Search Results

12 Claims

1. A method for using a device intermediary between a client and a server, to efficiently buffer and encrypt data for transmission, the method comprising:
- (a) decrypting, by a hardware cryptographic processor of a device intermediary to a plurality of clients and one or more servers, a plurality of encrypted messages from a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the device;
  
  (b) storing, by the device for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;
  
  a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;
  
  (c) communicating, by the device responsive to detecting that the predetermined transmittal condition has occurred for the first transport layer connection, the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and
  
  (d) transmitting, by the device via a second transport layer connection between the device and the server, the encrypted SSL record to the server.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein step (a) further comprising receiving the plurality of SSL records comprising a first SSL record and a second SSL record, the first SSL record comprising a first encrypted message and the second SSL record comprising a second encrypted message.
  - 3. The method of claim 2, further comprising decrypting, by the cryptographic processor the first encrypted message to provide a first decrypted message and the second encrypted message to produce a second decrypted message.
  - 4. The method of claim 3, wherein step (b) further comprising storing each of the first SSL record and the second SSL record to the buffer for later processing by the cryptographic processor.
  - 5. The method of claim 1, wherein step (c) further comprising instructing, by the device, the cryptographic card to combine stored decrypted messages to produce the SSL record.
  - 6. The method of claim 1, wherein step (d) further comprises transmitting, by the device via the second transport layer connection, the encrypted SSL record to the server upon encryption by the cryptographic processor.

7. A system for efficiently buffering and encrypting data for transmission, the system comprising:
- a computing device intermediary to a plurality of clients and one or more servers, the computing device configured to receive a plurality of Secure Socket Layer (SSL) records received from a client of the plurality of clients via a first transport layer connection between the client and the computing device;
  
  a hardware cryptographic processor of the computing device, the cryptographic processor configured to decrypt the plurality of Secure Socket Layer (SSL) records;
  
  wherein the computing device is configured to store, for later processing by the cryptographic processor, to a buffer each of the decrypted messages received from output of the cryptographic processor, until detection of a predetermined transmittal condition, the predetermined transmittal condition comprising an indicator of an end of an application layer transaction, a transport control protocol (TCP) indicator, an expiration of a timer, or one of the following;
  
  a length of the buffered messages exceeds a given threshold, and a length of the buffered messages exceeds a maximum quantum size of the second transport layer connection;
  
  wherein the computing device is configured to detect that the predetermined transmittal condition has occurred for the first transport layer connection, and to communicate the buffered decrypted messages to the cryptographic processor with an instruction to produce an encrypted SSL record comprising at least a portion of the decrypted messages stored in the buffer; and
  
  wherein the computing device is configured to transmit the encrypted SSL record to the server via a second transport layer connection between the computing device and the server.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein the plurality of SSL records comprises a first SSL record and a second SSL record, the first SSL record comprising a first encrypted message and the second SSL record comprising a second encrypted message.
  - 9. The system of claim 8, wherein cryptographic processor is configured to decrypt the first encrypted message to provide a first decrypted message and to decrypt the second encrypted message to produce a second decrypted message.
  - 10. The system of claim 9, wherein the computing device is configured to store each of the first SSL record and the second SSL record to the buffer for later processing by the cryptographic processor.
  - 11. The system of claim 7, wherein the computing device is configured to instruct the cryptographic card to combine stored decrypted messages to produce the SSL record.
  - 12. The system of claim 7, wherein the computing device is configured to transmit, via the second transport layer connection, the encrypted SSL record to the server upon encryption by the cryptographic processor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Suganthi, Josephine, Kanekar, Tushar, Udupa, Sivaprasad
Primary Examiner(s)
Pham, Luu
Assistant Examiner(s)
OLION, BRIAN L

Application Number

US13/712,658
Publication Number

US 20130145146A1
Time in Patent Office

643 Days
Field of Search

713/153, 713/166, 713/152, 713/168
US Class Current

713/153
CPC Class Codes

H04L 63/0428 wherein the data content is...

Systems and methods for bulk encryption and decryption of transmitted data

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for bulk encryption and decryption of transmitted data

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links