Secure data transfer in a virtual environment
First Claim
Patent Images
1. A method comprising:
- receiving at one of a plurality of servers, a request from a client for a secure communication session comprising a Secure Socket Layer (SSL) or Transport Layer Security (TLS) session;
establishing said secure communication session directly between one of said plurality of servers and the client;
sharing context information associated with said secure communication session with a virtual context server in communication with said plurality of servers and operable to store said context information, said context information comprising a session identifier, a secret, and a session state, wherein said context information stored at the virtual context server is available to said plurality of servers to allow said secure communication session to move between said plurality of servers; and
moving said secure communication session with said client from one of said plurality of servers to another of said plurality of servers;
wherein said plurality of servers belong to a trusted group configured to have access to said secure communication session and said secret, said secret used in said secure communication session to provide data integrity and confidentiality.
1 Assignment
0 Petitions
Accused Products
Abstract
In one embodiment, a method includes receiving at one of a plurality of servers, a request from a client for a secure communication session, storing context information associated with the secure communication session at a virtual context server in communication with the servers, and establishing the secure communication session between one of the servers and the client. The context information includes a session identifier, a secret, and a session state. The stored context information is available to the servers to allow the secure communication session to move between the servers. An apparatus for secure data transfer in a virtual environment is also disclosed.
7 Citations
17 Claims
-
1. A method comprising:
-
receiving at one of a plurality of servers, a request from a client for a secure communication session comprising a Secure Socket Layer (SSL) or Transport Layer Security (TLS) session; establishing said secure communication session directly between one of said plurality of servers and the client; sharing context information associated with said secure communication session with a virtual context server in communication with said plurality of servers and operable to store said context information, said context information comprising a session identifier, a secret, and a session state, wherein said context information stored at the virtual context server is available to said plurality of servers to allow said secure communication session to move between said plurality of servers; and moving said secure communication session with said client from one of said plurality of servers to another of said plurality of servers; wherein said plurality of servers belong to a trusted group configured to have access to said secure communication session and said secret, said secret used in said secure communication session to provide data integrity and confidentiality. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a processor for receiving at one of a plurality of servers, a request from a client for a secure communication session comprising a Secure Socket Layer (SSL) or Transport Layer Security (TLS) session, establishing said secure communication session directly between one of said plurality of servers and the client, and sharing context information associated with said secure communication session with a virtual context server in communication with said plurality of servers and operable to store said context information, said context information comprising a session identifier, a secret, and a session state; and memory for at least temporarily storing said context information; wherein the virtual context server shares said context information with said plurality of servers to allow said secure communication session to move between said plurality of servers; and wherein the apparatus is operable to belong to a trusted group comprising said plurality of servers and configured to have access to said secure communication session and said secret, said secret configured for use in said secure communication session to provide data integrity and confidentiality. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. Logic encoded in one or more non-transitory media for execution and when executed operable to:
-
receive at one of a plurality of servers, a request from a client for a secure communication session comprising a Secure Socket Layer (SSL) or Transport Layer Security (TLS) session; establish said secure communication session directly between the client and the server receiving said request; and share context information associated with said secure communication session with a virtual context server in communication with said plurality of servers and operable to store said context information, said context information comprising a session identifier, a secret, and a session state, wherein said context information stored at the virtual context server is available to said plurality of servers to allow said secure communication session to move between said plurality of servers; wherein said plurality of servers are operable to belong to a trusted group configured to have access to said secure communication session and said secret, said secret configured for use in said secure communication session to provide data integrity and confidentiality. - View Dependent Claims (15, 16, 17)
-
Specification