Method and apparatus for providing secure streaming data transmission facilities using unreliable protocols
20 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead. Further, the invention provides a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device.
40 Citations
55 Claims
-
1. (canceled)
-
2-46. -46. (canceled)
-
47. A system for encrypted data transmission via a secure connection over a network, the system comprising:
-
a plurality of client devices, wherein each client device is communicatively coupled to one or more proxy servers; one or more application servers, wherein each application server is communicatively coupled to a plurality of proxy servers and encrypted data is transmitted between a client device and an application server from the one or more application servers via a proxy server and a secure connection while using an unreliable transport protocol, and wherein each application server simultaneously communicates with the plurality of communicatively coupled proxy servers; and a plurality of proxy servers, wherein each proxy server includes cache memory that includes a copy of at least a portion of a collection of cached session information from previous secure communication sessions between the plurality of client devices and the plurality of proxy servers, and wherein the collection of cached session information includes information needed for a first proxy server of the plurality of proxy servers in secure connection with a second proxy server of the plurality of proxy servers to switch the secure connection to a third proxy server of the plurality of proxy servers without having to generate a new secure connection. - View Dependent Claims (48, 49, 50, 51, 52, 53, 54, 55)
-
Specification