System and method for innovative management of transport layer security session tickets in a network environment
First Claim
1. A method, comprising:
- identifying a transport layer security (TLS) session between a client and a server;
parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session;
computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name;
computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket;
assigning the incrementally-produced hash value of the session ticket to a session token; and
managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session.
10 Assignments
0 Petitions
Accused Products
Abstract
An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.
72 Citations
20 Claims
-
1. A method, comprising:
-
identifying a transport layer security (TLS) session between a client and a server; parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session; computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name; computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket; assigning the incrementally-produced hash value of the session ticket to a session token; and managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a memory element configured to store instructions; and at least one processor operable to execute the instructions and configured to identify a transport layer security (TLS) session between a client and a server; parse a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session; compute a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name; compute a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket; assign the incrementally-produced hash value of the session ticket to a session token; and manage the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. Logic, encoded in non-transitory media, that includes code for execution and, when executed by a processor, is operable to perform operations comprising:
-
identifying a transport layer security (TLS) session between a client and a server; parsing a TLS message spread across a plurality of TLS protocol records to identify a session ticket associated with the TLS session; computing a first hash value for a first portion of the session ticket in a first TLS protocol record of the plurality of TLS protocol records, the session ticket including a key name; computing a second hash value for a second portion of the session ticket in a next TLS protocol record of the plurality of TLS protocol records, from the first hash value, to incrementally produce a hash value of the session ticket; assigning the incrementally-produced hash value of the session ticket to a session token; and managing the TLS session using the session token to identify the TLS session and to detect a network attack on the TLS session. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification