Using secure connections to identify systems
US-9124629-B1 · Sep 1, 2015 · US
Scalable intermediate network device leveraging SSL session ticket extension
US10069800B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10069800-B2 |
| Application number | US-201715432548-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 14, 2017 |
| Priority date | Apr 24, 2015 |
| Publication date | Sep 4, 2018 |
| Grant date | Sep 4, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An intermediary network device participates in a secure communication session between a server and a client through a proxy client and a proxy server. The proxy client receives a first session ticket from the server that enables the proxy client to resume communications with the server in the secure communication session. The intermediary network device determines a session state of the proxy client and the proxy server. The intermediary network device encapsulates the session state of the proxy client, the session state of the proxy server, and the first session ticket as part of a second session ticket. The second session ticket enables the client to resume communications with the proxy server in the secure communication session. The intermediary network device sends the second session ticket to the client and deletes the first session ticket.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: receiving at a proxy client in an intermediary network device, a first session ticket from a server in a secure communication session between the server and a client, the first session ticket enabling the proxy client to resume communications with the server in the secure communication session; determining a session state of the proxy client; determining a session state of a proxy server in the intermediary network device, the proxy server communicating with the client in the secure communication session; encapsulating the session state of the proxy client, the session state of the proxy server, and the first session ticket as part of a second session ticket, the second session ticket enabling the client to resume communications with the proxy server in the secure communication session; sending the second session ticket to the client; deleting the first session ticket; receiving the second session ticket from the client; retrieving from the second session ticket the session state of the proxy client and the session state of the proxy server; replicating the session state of the proxy client; and replicating the session state of the proxy server. 2. The method of claim 1 , wherein the encapsulating further comprises encrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 3. The method of claim 2 , wherein the encrypting comprises encrypting the session state of the proxy client, the session state of the proxy server, and the first session ticket as a single blob input. 4. The method of claim 3 , wherein the second session ticket includes the encrypted single blob input. 5. The method of claim 1 , further comprising responding to the server to initialize a first portion of the secure communication session. 6. The method of claim 5 , further comprising receiving a response from the client to initialize a second portion of the secure communication session. 7. The method of claim 1 , further comprising: retrieving the first session ticket from the second session ticket; and sending the first session ticket to the server to resume the secure communication session. 8. The method of claim 1 , further comprising decrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 9. An apparatus comprising: a proxy client configured to receive a first session ticket from a server in a secure communication session between the server and a client, the first session ticket enabling the proxy client to resume communications with the server in the secure communication session; a proxy server configured to communicate with the client in the secure communication session; and a processor configured to: determine a session state of the proxy client; determine a session state of the proxy server; encapsulate the session state of the proxy client, the session state of the proxy server, and the first session ticket as part of a second session ticket, the second session ticket enabling the client to resume communications with the proxy server in the secure communication session; cause the proxy server to send the second session ticket to the client; delete the first session ticket; receive the second session ticket from the client via the proxy server; retrieve from the second session ticket the session state of the proxy client and the session state of the proxy server; replicate the session state of the proxy client; and replicate the session state of the proxy server. 10. The apparatus of claim 9 , wherein the processor is configured to encapsulate by encrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 11. The apparatus of claim 9 , wherein the proxy client is further configured to respond to the server to initialize a first portion of the secure communication session. 12. The apparatus of claim 11 , wherein the proxy server is further configured to receive a response from the client to initialize a second portion of the secure communication session. 13. The apparatus of claim 9 , wherein the processor is further configured to retrieve the first session ticket from the second session ticket, and wherein the proxy client is further configured to send the first session ticket to the server to resume the secure communication session. 14. The apparatus of claim 9 , wherein the processor is further configured to decrypt at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 15. One or more non-transitory computer readable storage media encoded with computer executable instructions configured to cause a processor of an intermediary network device to: receive at a proxy client, a first session ticket from a server in a secure communication session between the server and a client, the first session ticket enabling the proxy client to resume communications with the server in the secure communication session; determine a session state of the proxy client; determine a session state of a proxy server in the intermediary network device, the proxy server communicating with the client in the secure communication session; encapsulate the session state of the proxy client, the session state of the proxy server, and the first session ticket as part of a second session ticket, the second session ticket enabling the client to resume communications with the proxy server in the secure communication session; send the second session ticket to the client; delete the first session ticket; receive the second session ticket from the client; retrieve from the second session ticket the session state of the proxy client and the session state of the proxy server; replicate the session state of the proxy client; and replicate the session state of the proxy server. 16. The non-transitory computer readable storage media of claim 15 , further comprising instructions configured to cause the processor to respond to the server to initialize a first portion of the secure communication session. 17. The non-transitory computer readable storage media of claim 16 , further comprising instructions configured to cause the processor to receive a response from the client to initialize a second portion of the secure communication session. 18. The non-transitory computer readable storage media of claim 15 , further comprising instructions configured to cause the processor to: retrieve the first session ticket from the second session ticket; and send the first session ticket to the server to resume the secure communication session. 19. The non-transitory computer readable storage media of claim 15 , further comprising instructions configured to cause the processor to decrypt at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 20. The non-transitory computer readable storage media of claim 15 , further comprising instructions configured to cause the processor to encapsulate by encrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket.
Assignees
Inventors
Classifications
at the transport layer · CPC title
Session management (for real-time applications in data packet communications networks H04L65/1066) · CPC title
Session establishment or de-establishment · CPC title
- H04L63/0281Primary
Proxies · CPC title
using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10069800B2 cover?
- An intermediary network device participates in a secure communication session between a server and a client through a proxy client and a proxy server. The proxy client receives a first session ticket from the server that enables the proxy client to resume communications with the server in the secure communication session. The intermediary network device determines a session state of the proxy c…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Sep 04 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).