Systems and methods for encoding the core identifier in the session identifier

US 9,906,556 B2
Filed: 04/13/2017
Issued: 02/27/2018
Est. Priority Date: 06/22/2009
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a first core of a plurality of cores of a device intermediary to a client and a server, the first core assigned a first core identifier and configured to;

receive a request from the client to establish a session between the client and the server;

receive a first session identifier used by the server to identify the session established between the client and the server;

generate a second session identifier to be used for communications between the device and the client by encoding the first core identifier in the first session identifier;

set an indicator identifying whether the session is resumable;

obtain the first session identifier by decoding the first session identifier from the second session identifier obtained from a second request to access the session; and

determine whether the session is resumable based on the indicator.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.

Citations

20 Claims

1. A system comprising:
- a first core of a plurality of cores of a device intermediary to a client and a server, the first core assigned a first core identifier and configured to;
  
  receive a request from the client to establish a session between the client and the server;
  
  receive a first session identifier used by the server to identify the session established between the client and the server;
  
  generate a second session identifier to be used for communications between the device and the client by encoding the first core identifier in the first session identifier;
  
  set an indicator identifying whether the session is resumable;
  
  obtain the first session identifier by decoding the first session identifier from the second session identifier obtained from a second request to access the session; and
  
  determine whether the session is resumable based on the indicator.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, wherein the first core identifier is based on at least an identifier of a processing unit.
  - 3. The system of claim 1, wherein the first core identifier comprises one byte one byte.
  - 4. The system of claim 1, wherein the session comprises a secure socket layer (SSL) session.
  - 5. The system of claim 1, wherein the first session identifier is generated by the server for the session.
  - 6. The system of claim 1, wherein the first core is configured to encode a byte of the first session identifier with the first core identifier to generate the second session identifier.
  - 7. The system of claim 1, wherein the first core is configured to encode using a block cipher the first core identifier and a validity identifier with the first session identifier to generate the second session identifier.
  - 8. The system of claim 1, wherein the first core is configured to encode the first core identifier into a plurality of bits of the first session identifier to generate the second session identifier.
  - 9. The system of claim 1, wherein the first core is configured to generate at a predetermined frequency a predetermined set of one or more bytes of the first session identifier to encode to generate the second session identifier.
  - 10. The system of claim 1, wherein the second request is received from one of the client or a second client.

11. A system comprising:
- a first core of a plurality of cores of a device comprising a plurality of cores and intermediary to a client and a server;
  
  wherein the first core is assigned a first core identifier and is configured to;
  
  receive a request from the client to establish a session with the server;
  
  identify a first session identifier for the session generated by the server and used by the device to identify the session of the server;
  
  generate a second session identifier for communications between the device and the client by encoding the first core identifier and a validity identifier into the first session identifier,set an indicator identifying whether the session is resumable;
  
  decode the second session identifier identified by a second request to obtain the first session identifier; and
  
  determine the session corresponding to the first session identifier and whether the session is resumable responsive to the indicator.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the validity identifier identifies the session as resumable.
  - 13. The system of claim 11, wherein a second core is configured to receive the second request from the client including the second session identifier.
  - 14. The system of claim 13, wherein the second core is further configured to decode the second session identifier to obtain the first session identifier.
  - 15. The system of claim 14, wherein the second core is further configured to determine that the first core established the session.
  - 16. The system of claim 15, wherein the second core is further configured to send a message to the first core to obtain information about the session.
  - 17. The system of claim 16, wherein the second core is further configured to establish a copy of the session based on the information about the session obtained from the first core.
  - 18. The system of claim 11, wherein the device is further configured to identify the session established with the server using the first session identifier.
  - 19. The system of claim 11, wherein the session comprises a secure socket layer (SSL) session.
  - 20. The system of claim 11, wherein the device is further configured to decode a predetermined byte or plurality of bits of the second session identifier to obtain a second core identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Kanekar, Tushar
Primary Examiner(s)
Davis, Zachary A

Application Number

US15/486,967
Publication Number

US 20170222984A1
Time in Patent Office

320 Days
Field of Search
US Class Current
CPC Class Codes

H04L 2209/043   of tables, e.g. lookup, sub...

H04L 2209/30   Compression, e.g. Merkle-Da...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/60   Digital content management,...

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 2209/80   Wireless

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0471   applying encryption by an i...

H04L 63/0485   Networking architectures fo...

H04L 63/0823   using certificates cryptogr...

H04L 63/0876   based on the identity of th...

H04L 63/101   Access control lists [ACL]

H04L 63/166   at the transport layer

H04L 67/02   based on web technology, e....

H04L 67/1001   for accessing one among a p...

H04L 67/1027   Persistence of sessions dur...

H04L 67/1036   Load balancing of requests ...

H04L 67/146   Markers for unambiguous ide...

H04L 69/162   involving adaptations of so...

H04L 9/3268   using certificate validatio...

H04L 9/3271 : using challenge-response

H04L 9/3297 : involving time stamps, e.g....

View All

Systems and methods for encoding the core identifier in the session identifier

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for encoding the core identifier in the session identifier

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links