Methods and systems for managing delivery of email to local recipients using local reputations
US-9258269-B1 · Feb 9, 2016 · US
Dynamic selection of security protocol
US10313399B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10313399-B2 |
| Application number | US-201615392833-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 28, 2016 |
| Priority date | Feb 29, 2012 |
| Publication date | Jun 4, 2019 |
| Grant date | Jun 4, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Techniques described herein enable a client to store information indicating whether various hosts (e.g., servers, web domains) support a preferred security protocol, such as a False Start-modified TLS or SSL protocol. The client may then use this information to dynamically determine whether to use the preferred protocol when connecting to a particular host. When the client attempts a handshake to establish a secure connection with a host for the first time, the client does so using the preferred protocol. If the handshake fails, the client locally stores domain or other identifying information for the host so that the client may employ a non-preferred protocol in subsequent connection attempts. Thus, a client may avoid performance degradation caused by attempting a preferred-protocol connection with a host that does not support the preferred protocol. Stored information may include a time stamp enable periodic checks for host capability updates.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method comprising: attempting to establish a secure connection between a client and a server using a first security protocol; determining whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, storing information on the client identifying the server as not supporting the first security protocol, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting the first security protocol; and attempting to establish the secure connection between the client and the server using a second security protocol. 2. The method of claim 1 , wherein the first security protocol is a Secure Sockets Layer (SSL) that supports False Start or a Transport Layer Security (TLS) protocol that supports False Start, and wherein the second security protocol is a SSL that does not support False Start or a TLS protocol that does not support False Start. 3. The method of claim 1 , wherein the information is stored in temporary storage on the client to optimize establishing secure connections within a same communications session. 4. The method of claim 1 , wherein the information is stored in persistent storage on the client to optimize establishing secure connections across different communications sessions. 5. The method of claim 1 , wherein the information further includes for each of the one or more domains a time stamp indicating a date and a time when the information was stored in the database. 6. The method of claim 1 , further comprising: during a subsequent attempt to establish a subsequent secure connection between the client and the server, accessing the stored information on the client; determining that the stored information indicates that the server does not support the first security protocol; and attempting to establish the subsequent secure connection using the second security protocol. 7. The method of claim 1 , further comprising: during a subsequent attempt to establish a subsequent secure connection between the client and the server, accessing the stored information on the client; determining that the stored information does not include information for the server or that the stored information includes expired information for the server; and attempting to establish the subsequent secure connection using the first security protocol. 8. A client device comprising: a memory; at least one processor; and a component stored in the memory and executing on the at least one processor to: attempt to establish a secure connection between the client device and a server using a first security protocol that supports False Start; determine whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, store information on the client device identifying the server as not supporting False Start, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting False Start; and re-attempt to establish the secure connection between the client device and the server using a second security protocol that does not support False Start. 9. The client device of claim 8 , wherein the information identifying the server as not supporting False Start is stored in the database in the memory of the client device. 10. The client device of claim 8 , further comprising a hard drive, wherein the information identifying the server as not supporting False Start is stored in persistent storage on the hard drive. 11. The client device of claim 8 , wherein the component is included in a web browser application executed by the at least one processor. 12. The client device of claim 8 , wherein the component is further configured to: subsequently receive an indication that a subsequent secure connection is to be established between the client device and the server; access the stored information to determine whether the server does not support False Start; based on a determination that the stored information indicates that the server does not support False Start and that the stored information is not expired, attempt to establish the subsequent secure connection using the second security protocol that does not support False Start. 13. A computer-readable medium storing instructions executable by a client device, comprising at least one instruction for: attempting to establish a secure connection between a client and a server using a first security protocol; determining whether the secure connection was successfully established using the first security protocol; based on a determination that the secure connection was not successfully established using the first security protocol, storing information on the client identifying the server as not supporting the first security protocol, wherein the information is stored on the client in a database that stores one or more domains identified as not supporting the first security protocol; and attempting to establish the secure connection between the client and the server using a second security protocol. 14. The computer-readable medium of claim 13 , wherein the first security protocol is a Secure Sockets Layer (SSL) that supports False Start or a Transport Layer Security (TLS) protocol that supports False Start, and wherein the second security protocol is a SSL that does not support False Start or a TLS protocol that does not support False Start. 15. The computer-readable medium of claim 13 , wherein the information is stored in temporary storage on the client to optimize establishing secure connections within a same communications session. 16. The computer-readable medium of claim 13 , wherein the information is stored in persistent storage on the client to optimize establishing secure connections across different communications sessions. 17. The computer-readable medium of claim 13 , wherein the information further includes for each of the one or more domains a time stamp indicating a date and a time when the information was stored in the database. 18. The computer-readable medium of claim 13 , further comprising at least one instruction for: during a subsequent attempt to establish a subsequent secure connection between the client and the server, accessing the stored information on the client; determining that the stored information indicates that the server does not support the first security protocol; and attempting to establish the subsequent secure connection using the second security protocol. 19. The computer-readable medium of claim 13 , further comprising at least one instruction for: during a subsequent attempt to establish a subsequent secure connection between the client and the server, accessing the stored information on the client; determining that the stored information does not include information for the server or that the stored information includes expired information for the server; and attempting to establish the subsequent secure connection using the first security protocol.
Assignees
Inventors
Classifications
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
at the transport layer · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10313399B2 cover?
- Techniques described herein enable a client to store information indicating whether various hosts (e.g., servers, web domains) support a preferred security protocol, such as a False Start-modified TLS or SSL protocol. The client may then use this information to dynamically determine whether to use the preferred protocol when connecting to a particular host. When the client attempts a handshake …
- Who is the assignee on this patent?
- Microsoft Technology Licensing Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jun 04 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).