Systems and methods for encoding the core identifier in the session identifier
First Claim
Patent Images
1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:
- a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server via the multi-core system, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server;
b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system;
c) encoding, by the packet engine, the core identifier in the first session identifier to form a second session identifier, the second session identifier included in communications between the multi-core system and the client;
d) setting, by the packet engine, an indicator of the multi-core system specifying whether the SSL session is resumable;
e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session;
f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and
g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system.
8 Assignments
0 Petitions
Accused Products
Abstract
The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
-
Citations
11 Claims
-
1. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an SSL identifier, the method comprising:
-
a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server via the multi-core system, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server; b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system; c) encoding, by the packet engine, the core identifier in the first session identifier to form a second session identifier, the second session identifier included in communications between the multi-core system and the client; d) setting, by the packet engine, an indicator of the multi-core system specifying whether the SSL session is resumable; e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session; f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of identifying a core establishing a secure socket layer (SSL) connection in a multi-core system via an identifier, the method comprising:
-
a) receiving, by a packet engine executing on a first core of a multi-core system, a request from a client to establish a secure socket layer (SSL) session with a server, the first core assigned a core identifier, the multi-core system deployed as an intermediary between the client and the server; b) determining, by the packet engine executing on the first core, a first session identifier for the SSL session, the first session identifier generated by the server and used by the server and the multi-core system to identify the SSL session established by the multi-core system between the client and the server, the first session identifier communicated from the server to the multi-core system; c) encoding, by the packet engine, the core identifier and a validity identifier in the first session identifier to form a second session identifier, the validity identifier identifying the SSL session as comprising a session for reuse upon establishment of the SSL session, the second session identifier included in communications between the multi-core system and the client; d) setting, by the packet engine, an indicator of the multi-core system specifying whether the session is resumable; e) receiving, by the multi-core system, a second request from the client including the second session identifier to access the SSL session; f) decoding, by the multi-core system, the second session identifier of the second request to obtain the first session identifier; and g) identifying, by the multi-core system, the SSL session according to the first session identifier decoded from the second session identifier, and determining whether the identified SSL session is resumable based on the indicator of the multi-core system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
Original AssigneeCitrix Systems, Inc. (Cloud Software Group)
-
InventorsKanekar, Tushar
-
Primary Examiner(s)Davis, Zachary A
-
Application NumberUS12/489,325Publication NumberTime in Patent Office2,885 DaysField of Search713151, 713160, 713164, 726 3- 7, 726 10, 709227, 709228, 709230, 709237US Class CurrentCPC Class CodesH04L 2209/043 of tables, e.g. lookup, sub...H04L 2209/30 Compression, e.g. Merkle-Da...H04L 2209/56 Financial cryptography, e.g...H04L 2209/60 Digital content management,...H04L 2209/76 Proxy, i.e. using intermedi...H04L 2209/80 WirelessH04L 63/0464 using hop-by-hop encryption...H04L 63/0471 applying encryption by an i...H04L 63/0485 Networking architectures fo...H04L 63/0823 using certificates cryptogr...H04L 63/0876 based on the identity of th...H04L 63/101 Access control lists [ACL]H04L 63/166 at the transport layerH04L 67/02 based on web technology, e....H04L 67/1001 for accessing one among a p...H04L 67/1027 Persistence of sessions dur...H04L 67/1036 Load balancing of requests ...H04L 67/146 Markers for unambiguous ide...H04L 69/162 involving adaptations of so...H04L 9/3268 using certificate validatio...View All
