Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols
First Claim
1. A method of securely transmitting a data record to or from a client computer, the method comprising:
- establishing a connection between the client computer and a proxy server;
exchanging encryption credentials between the client computer and the proxy server over the connection;
agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement;
agreeing between the client computer and the proxy server that the encrypted data record will be transmitted using a particular port;
generating a nonce for the data record before the data record is encrypted;
encrypting the data record using the nonce;
appending the nonce the encrypted data record; and
transmitting the encrypted data record to or from the client computer using the unreliable transport protocol.
19 Assignments
0 Petitions
Accused Products
Abstract
The disclosure provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the disclosure describes retaining compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. Further, the disclosure describes a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, cached SSL/TLS communication session information may be retrieved and used by a second proxy server to accept a session with the client device when the client device switches proxy servers.
125 Citations
18 Claims
-
1. A method of securely transmitting a data record to or from a client computer, the method comprising:
-
establishing a connection between the client computer and a proxy server; exchanging encryption credentials between the client computer and the proxy server over the connection; agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement; agreeing between the client computer and the proxy server that the encrypted data record will be transmitted using a particular port; generating a nonce for the data record before the data record is encrypted; encrypting the data record using the nonce; appending the nonce the encrypted data record; and transmitting the encrypted data record to or from the client computer using the unreliable transport protocol. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory computer readable storage medium having embodied thereon a program executable by a processor to perform a method for securely transmitting a data record to or from a client computer, the method comprising:
-
establishing a connection between the client computer and a proxy server; exchanging encryption credentials between the client computer and the proxy server over the connection; agreeing between the client computer and the proxy server to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement; agreeing between the client computer and the proxy server that a data record will be transmitted using a particular port; generating a nonce for the data record before the data record is encrypted; encrypting the data record using the nonce; appending the nonce the encrypted data record; and transmitting the encrypted data record to or from the client computer using the unreliable transport protocol. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for securely transmitting a data record to or from a client computer, the system comprising:
-
a client computer; a memory in the client computer; a proxy server; and a memory in the proxy server, wherein; a connection between the client computer and the proxy server is established, encryption credentials between the client computer and the proxy server are exchanged over the connection, the client computer and the proxy server agree to use an unreliable transport protocol to transmit an encrypted data record from a sender to a receiver, wherein the receiver sends a message to the sender relating the receipt of the encrypted data record only after identifying that the encrypted data record received has a missing portion, the message sent to the sender in the form of a negative acknowledgement; the client computer and the proxy server agree that the data record will be transmitted using a particular port, a nonce for the data record is generated, the data record is encrypted using the nonce, the nonce is appended to the encrypted data record, and the encrypted data record is transmitted to or from the client computer using the protocol. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification