System and method for innovative management of transport layer security session tickets in a network environment
First Claim
1. A method, comprising:
- parsing a transport layer security (TLS) message to identify a session ticket that identifies a TLS session;
computing a hash value of a portion of the session ticket using a hashing algorithm;
incrementally computing a hash value of another portion of the session ticket when the TLS message is spread across more than one TLS protocol record;
repeating the incrementally computing and processing all portions of the session ticket;
assigning the incrementally computed hash value to a session token;
managing the TLS session using the session token by decrypting TLS traffic using the session token; and
detecting network attacks on the TLS session.
9 Assignments
0 Petitions
Accused Products
Abstract
An example method includes identifying a transport layer security (TLS) session between a client and a server, parsing one or more TLS messages to identify a session ticket associated with the session, transforming the session ticket into a fixed size session token, and managing the session using the session token to identify the session. The transforming may include computing a hash value of the session ticket using a hashing algorithm. If any of the TLS messages is spread across more than one TLS protocol record, the method can include computing a hash value of a portion of the session ticket encountered in a TLS protocol record using a hashing algorithm, incrementally computing another hash value of another portion of the session ticket encountered in a subsequent TLS protocol record from the previously computed hash value, and repeating the incremental computing until portions of the session ticket have been processed.
126 Citations
20 Claims
-
1. A method, comprising:
-
parsing a transport layer security (TLS) message to identify a session ticket that identifies a TLS session; computing a hash value of a portion of the session ticket using a hashing algorithm; incrementally computing a hash value of another portion of the session ticket when the TLS message is spread across more than one TLS protocol record; repeating the incrementally computing and processing all portions of the session ticket; assigning the incrementally computed hash value to a session token; managing the TLS session using the session token by decrypting TLS traffic using the session token; and detecting network attacks on the TLS session. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus, comprising:
-
a memory element that stores instructions; and a processor configured to execute the instructions to parse a transport layer security (TLS) message to identify a session ticket that identifies a TLS session, to compute a hash value of a portion of the session ticket using a hashing algorithm, to perform an incremental computation of a hash value of another portion of the session ticket when the TLS message is spread across more than one TLS protocol record, to repeat the incremental computation and to process all portions of the session ticket, to assign the incrementally computed hash value to a session token, to manage the TLS session using the session token by decrypting TLS traffic using the session token, and to detect network attacks on the TLS session. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. Logic, encoded in non-transitory media, that includes code for execution and, when executed by a processor, is operable to perform operations comprising:
-
parsing a transport layer security (TLS) message to identify a session ticket that identifies a TLS session; computing a hash value of a portion of the session ticket using a hashing algorithm; incrementally computing a hash value of another portion of the session ticket when the TLS message is spread across more than one TLS protocol record; repeating the incrementally computing and processing all portions of the session ticket; assigning the incrementally computed hash value to a session token; and managing the TLS session using the session token by decrypting TLS traffic using the session token; and detecting network attacks on the TLS session. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification