Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

US 9,467,290 B2
Filed: 08/19/2013
Issued: 10/11/2016
Est. Priority Date: 02/12/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of securely transmitting a data record to or from a client computer, the method comprising:

establishing a connection between the client computer and a proxy server;

exchanging encryption credentials between the client computer and the proxy server over the connection;

agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement;

agreeing between the client computer and the proxy server that the encrypted data record will be transmitted using a particular port;

generating a nonce for the data record before the data record is encrypted;

encrypting the data record using the nonce;

appending the nonce the encrypted data record; and

transmitting the encrypted data record to or from the client computer using the unreliable transport protocol.

View all claims

19 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.

125 Citations

18 Claims

1. A method of securely transmitting a data record to or from a client computer, the method comprising:
- establishing a connection between the client computer and a proxy server;
  
  exchanging encryption credentials between the client computer and the proxy server over the connection;
  
  agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement;
  
  agreeing between the client computer and the proxy server that the encrypted data record will be transmitted using a particular port;
  
  generating a nonce for the data record before the data record is encrypted;
  
  encrypting the data record using the nonce;
  
  appending the nonce the encrypted data record; and
  
  transmitting the encrypted data record to or from the client computer using the unreliable transport protocol.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising:
    - identifying of a second server by the client computer;
      
      identifying data residing on the second server by the client computer;
      
      transmitting of the identified data from the second server to the proxy server; and
      
      transmitting of the identified data from the proxy server to the client computer, wherein the identified data transmitted from the proxy server to the client computer includes the encrypted data record.
  - 3. The method of claim 2, further comprising sending information by the client computer to the proxy server regarding the second server.
  - 4. The method of claim 3, wherein the information sent includes the internet protocol address of the second server.
  - 5. The method of claim 3, wherein the information sent identifies a port on the second sever through which the identified data is sent from the second server to the proxy server.
  - 6. The method of claim 1, further comprising attaching a header to the transmitted data that includes an encrypted bit, wherein the encrypted bit is set when the transmitted data includes encrypted data.

7. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor to perform a method for securely transmitting a data record to or from a client computer, the method comprising:
- establishing a connection between the client computer and a proxy server;
  
  exchanging encryption credentials between the client computer and the proxy server over the connection;
  
  agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement;
  
  agreeing between the client computer and the proxy server that a data record will be transmitted using a particular port;
  
  generating a nonce for the data record before the data record is encrypted;
  
  encrypting the data record using the nonce;
  
  appending the nonce the encrypted data record; and
  
  transmitting the encrypted data record to or from the client computer using the unreliable transport protocol.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The non-transitory computer readable storage medium of claim 7, the program further executable to:
    - identify a second server by the client computer;
      
      identify data residing on the second server by the client computer to be transmitted to the client computer;
      
      transmit the identified data from the second server to the proxy server; and
      
      transmit the identified data from the proxy server to the client computer, wherein the identified data transmitted from the proxy server to the client computer includes the encrypted data record.
  - 9. The non-transitory computer readable storage medium of claim 8, the program further executable to send information by the client computer to the proxy server regarding the second server.
  - 10. The non-transitory computer readable storage medium of claim 9, wherein the information sent includes the internet protocol address of the second server.
  - 11. The non-transitory computer readable storage medium of claim 9, wherein the information sent identifies a port on the second sever through which the identified data is sent from the second server to the proxy server.
  - 12. The non-transitory computer readable storage medium of claim 7, the program further executable to attach a header to the transmitted data that includes an encrypted bit, wherein the encrypted bit is set when the transmitted data includes encrypted data.

13. A system for securely transmitting a data record to or from a client computer, the system comprising:
- a client computer;
  
  a memory in the client computer;
  
  a proxy server; and
  
  a memory in the proxy server, wherein;
  
  a connection between the client computer and the proxy server is established,encryption credentials between the client computer and the proxy server are exchanged over the connection,the client computer and the proxy server agree to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement;
  
  the client computer and the proxy server agree that the data record will be transmitted using a particular port,a nonce for the data record is generated,the data record is encrypted using the nonce,the nonce is appended to the encrypted data record, andthe encrypted data record is transmitted to or from the client computer using the protocol.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system of claim 13, further comprising:
    - a second server; and
      
      a memory in the second server, wherein;
      
      the second server is identified by the client computer,data residing on the second server being is identified by the client computer,the second server transmits the identified data to the proxy server, the proxy server securely transmits the identified data to the client computer, andthe identified data transmitted from the proxy server to the client computer include the encrypted data record.
  - 15. The system of claim 14, wherein information is sent by the client computer to the proxy server regarding the second server.
  - 16. The system of claim 15, wherein the information sent includes the internet protocol address of the second server.
  - 17. The system of claim 15, wherein the information sent identifies a port on the second sever through which the identified data is sent from the second server to the proxy server.
  - 18. The system of claim 13, wherein a header is attached to the transmitted data that includes an encrypted bit and the encrypted bit is set when the transmitted data includes encrypted data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SonicWALL US Holdings, Inc. (SonicWall Holdings Ltd.)
Original Assignee
Aventail LLC
Inventors
VanHeyningen, Marc D., Erickson, Rodger D.
Primary Examiner(s)
Wang, Harris C

Application Number

US13/970,550
Publication Number

US 20130346739A1
Time in Patent Office

1,149 Days
Field of Search

713/153
US Class Current

1/1
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0428   wherein the data content is...

H04L 63/0457   wherein the sending and rec...

H04L 63/12   Applying verification of th...

H04L 63/166   at the transport layer

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/12   Transmitting and receiving ...

H04L 9/32   including means for verifyi...

Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

First Claim

19 Assignments

0 Petitions

Accused Products

Abstract

125 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols

First Claim

19 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

125 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links