What technology area does this patent fall under?

Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Scalable intermediate network device leveraging SSL session ticket extension

US9608963B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9608963-B2
Application number	US-201514695427-A
Country	US
Kind code	B2
Filing date	Apr 24, 2015
Priority date	Apr 24, 2015
Publication date	Mar 28, 2017
Grant date	Mar 28, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the network device and the endpoint client. The network device receives a first session ticket from the endpoint server. A session state of a proxy client in the first session, including the first session ticket, is determined. The network device also determines a session state of a proxy server in the second session. The combination of the session state of the proxy client, including the first session ticket, and the session state of the proxy server are encapsulated as part of a second session ticket.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving at an intermediary network device, a request initiating a handshake exchange for a secure communication session between a first computing device and a second computing device through the intermediary network device; dividing the secure communication session between the first computing device and the second computing device into a first session between the first computing device and the intermediary network device and a second session between the intermediary network device and the second computing device; receiving at the intermediary network device, a first session ticket from the first computing device as part of the handshake exchange, the first session ticket enabling the intermediary device to resume the first session using a first abbreviated handshake; determining a session state of a proxy client in the first session, the session state of the proxy client including the first session ticket; determining a session state of a proxy server in the second session; encapsulating the session state of the proxy client and the session state of the proxy server as part of a second session ticket, the second session ticket enabling the second computing device to resume the second session using a second abbreviated handshake; retrieving from the second session ticket the session state of the proxy client, the session state of the proxy server, and the first session ticket; replicating the session state of the proxy server to resume the second session between the second computing device and the proxy server; replicating the session state of the proxy client to enable the first session between the proxy client and the first computing device to be resumed; and transmitting the first session ticket to the first computing device to initiate the first abbreviated handshake and resume the first session. 2. The method of claim 1 , further comprising responding to the first computing device to complete the handshake exchange and initialize the first session. 3. The method of claim 1 , further comprising transmitting the second session ticket to the second computing device as part of the second session between the intermediary network device and the second computing device. 4. The method of claim 3 , further comprising resuming the second session by: receiving the second session ticket from the second computing device; and responding to the second computing device to resume the second session. 5. The method of claim 1 , further comprising decrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 6. The method of claim 1 , further comprising encrypting at least one of the session state of the proxy client, the session state of the proxy server, or the first session ticket. 7. An apparatus comprising: a network interface unit configured to send and receive communications over a network; and a processor configured to: receive, via the network interface unit, a request initiating a handshake exchange for a secure communication session between a first computing device and a second computing device; divide the secure communication session between the first computing device and the second computing device into a first session between the first computing device and a proxy client module and a second session between a proxy server module and the second computing device; receive, via the network interface unit, a first session ticket from the first computing device as part of the handshake exchange, the first session ticket enabling the intermediary device to resume the first session using a first abbreviated handshake; determine a session state of the proxy client module, the session state of the proxy client module including the first session ticket; determine a session state of the proxy server module for the second session; encapsulate the session state of the proxy client module and the session state of the proxy server module as part of a second session ticket, the second session ticket enabling the second computing device to resume the second session using a second abbreviated handshake; retrieve from the second session ticket the session state of the proxy client module, the session state of the proxy server module, and the first session ticket; replicate the session state of the proxy server module to resume the second session between the second computing device and the proxy server module; replicate the session state of the proxy client module to enable the first session between the proxy client module and the first computing device to be resumed; and cause the network interface unit to transmit the first session ticket to the first computing device to initiate the first abbreviated handshake and resume the first session. 8. The apparatus of claim 7 , wherein the processor is further configured to respond to the first computing device to complete the handshake exchange and initialize the first session. 9. The apparatus of claim 7 , wherein the processor is further configured to transmit the second session ticket to the second computing device, via the network interface unit, as part of the second session between the intermediary network device and the second computing device. 10. The apparatus of claim 9 , wherein the processor is further configured to resume the second session by: receiving the second session ticket from the second computing device; and responding to the second computing device to resume the second session. 11. The apparatus of claim 7 , wherein the processor is further configured to decrypt at least one of the session state of the proxy client module, the session state of the proxy server module, or the first session ticket. 12. The apparatus of claim 7 , wherein the processor if further configured to encrypt at least one of the session state of the proxy client module, the session state of the proxy server module, or the first session ticket. 13. One or more non-transitory computer readable storage media encoded with computer executable instructions configured to cause a processor to: receive a request initiating a handshake exchange for a secure communication session between a first computing device and a second computing device; divide the secure communication session between the first computing device and the second computing device into a first session between the first computing device and a proxy client module and a second session between a proxy server module and the second computing device; receive a first session ticket from the first computing device as part of the handshake exchange, the first session ticket enabling the intermediary device to resume the first session using a first abbreviated handshake; determine a session state of the proxy client module, the session state of the proxy client module including the first session ticket; determine a session state of the proxy server module for the second session; encapsulate the session state of the proxy client and the session state of the proxy server as part of a second session ticket, the second session ticket enabling the second computing device to resume the second session using a second abbreviated handshake; retrieve from the second session ticket the session state of the proxy client module, the session state of the proxy server module, and the first session ticket; replicate the session state of the proxy server module to resume the second session between the second computing device and the proxy server module; replicate the session state of the proxy client module to enable the first session between the proxy clien

Assignees

Cisco Tech Inc

Inventors

Classifications

H04L65/1069
Session establishment or de-establishment · CPC title
H04L63/166
at the transport layer · CPC title
H04L63/0464
using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it · CPC title
H04L63/0281Primary
Proxies · CPC title
H04L67/56
Provisioning of proxy services (store-and-forward switching systems in data switching networks H04L12/54) · CPC title

Patent family

Related publications grouped by family.

View patent family 55910379

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9608963B2 cover?: An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the ne…
Who is the assignee on this patent?: Cisco Tech Inc
What technology area does this patent fall under?: Primary CPC classification H04L63/0281. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Mar 28 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).