Transport layer security latency mitigation
First Claim
Patent Images
1. A computer-implemented method of operating a client proxy, comprising:
- sending a client hello message from the client proxy to initiate an authentication protocol handshake with a server device on behalf of a client device;
receiving, at the client proxy, a server hello message and a server certificate from the server device;
in response to receiving the server hello message, forwarding, from the client proxy to the client device, the server hello message and the server certificate; and
in response to receiving the server hello message, generating, at the client proxy, a client key exchange message and a client finished message to send to the server device on behalf of the client device to perform the authentication protocol handshake; and
establishing, based on at least the client key exchange message, a secured network session between the client device and the server device to transport computer network data;
wherein the client proxy connects with the client device at a higher latency delay than with the server device.
2 Assignments
0 Petitions
Accused Products
Abstract
Some embodiments include a method of utilizing a proxy device to mitigate latency related to a transport layer security (TLS) handshake protocol. The proxy device can be an untrusted proxy of a server or a client. The proxy device can negotiate cipher suites on behalf of its principal (e.g., the server or the server) without storing private keys of its principal. The use of the proxy device can reduce a typical two round-trips taken between the server and the client into a single round-trip.
5 Citations
19 Claims
-
1. A computer-implemented method of operating a client proxy, comprising:
-
sending a client hello message from the client proxy to initiate an authentication protocol handshake with a server device on behalf of a client device; receiving, at the client proxy, a server hello message and a server certificate from the server device; in response to receiving the server hello message, forwarding, from the client proxy to the client device, the server hello message and the server certificate; and in response to receiving the server hello message, generating, at the client proxy, a client key exchange message and a client finished message to send to the server device on behalf of the client device to perform the authentication protocol handshake; and establishing, based on at least the client key exchange message, a secured network session between the client device and the server device to transport computer network data; wherein the client proxy connects with the client device at a higher latency delay than with the server device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A server proxy comprising:
a physical processor configured to execute instructions to implement a process, wherein the process includes; pre-populating a server random number and a server cipher suite parameter from a server device to the server proxy; receiving, at the server proxy, a client hello message from a client device to initiate an authentication protocol handshake with the server device; in response to receiving the client hello message, generating, at the server proxy, a server hello message and a server certificate message based on the server random number and the server cipher suite parameter to send to the client device; and in response to receiving the client hello message, forwarding the client hello message from the server proxy to the server device; and establishing, based on at least the client hello message, a secured network session between the client device and the server device to transport computer network data; wherein the client device is oblivious that the server proxy is proxying for the server device and wherein the server device is oblivious of existence of the client device. - View Dependent Claims (12, 13, 14, 15, 16)
-
17. A non-transitory computer-readable storage memory storing computer-executable instructions comprising:
-
instructions for tracking a prediction of a cipher suite having a set of cipher suite parameters associated with a server device; instructions for sending the set of cipher suite parameters to a client proxy serving on behalf of a client device; instructions for initiating an authentication protocol handshake with the server device via the client proxy; instructions for receiving a server hello message and a server certificate from the client proxy; instructions for generating a set of session keys based on the server hello message and the server certificate in response to receiving the server hello message; and instructions for establishing, based on at least the set of session keys, a secured network session between the client device and the server device to transport computer network data, wherein the client proxy connects with the client device at a higher latency delay than with the server device. - View Dependent Claims (18, 19)
-
Specification