专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

21. 发明申请

US20080046717A1 SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING 有权
标题翻译：用于优化SSL HANDSHAKE处理的系统和方法
公开(公告)号：US20080046717A1
公开(公告)日：2008-02-21
申请号：US11466014
申请日：2006-08-21
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L9/00
CPC分类号： H04L9/3263 , H04L63/166 , H04L2209/80
摘要： A method for enabling efficient SSL handshakes through precomputing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译：一种用于通过预先计算握手消息来实现有效的SSL握手的方法，所述方法包括：由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个：（i）包括所接收的服务器证书的SSL服务器证书消息，（ii）SSL客户端证书请求消息，以及（iii）SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。还描述了相应的系统。

22. 发明申请

US20080034410A1 Systems and Methods for Policy Based Triggering of Client-Authentication at Directory Level Granularity 有权
标题翻译：基于策略的系统和方法触发客户端认证在目录级别的粒度
公开(公告)号：US20080034410A1
公开(公告)日：2008-02-07
申请号：US11462350
申请日：2006-08-03
申请人： Sivaprasad Udupa , Tushar Kanekar , Tejus Ag
发明人： Sivaprasad Udupa , Tushar Kanekar , Tejus Ag
IPC分类号： H04L9/32 , G06K9/00 , H04L9/00 , G06F17/30 , H04K1/00 , G06F15/16 , G06F7/04 , G06F7/58 , G06K19/00
CPC分类号： H04L63/10 , H04L63/0272 , H04L63/0428 , H04L63/0823 , H04L63/166 , H04L63/20 , H04L2463/144
摘要： Systems and methods are disclosed for an appliance to authenticate access of a client to a protected directory on a server via a connection, such as a secure SSL connection, established by the appliance. A method comprises the steps of: receiving, by an appliance, a first request from a client on a first network to access a server on a second network, the appliance providing the client a virtual private network connection from the first network to the second network; determining, by the appliance, the first request comprises access to a protected directory of the server; associating, by the appliance, an authentication policy with the protected directory, the authentication policy specifying an action to authenticate the client's access to the protected directory; and transmitting, by the appliance in response to the authentication policy, a second request to the client for an authentication certificate. Corresponding systems are also disclosed.
摘要翻译：公开的系统和方法用于通过由设备建立的连接（例如安全SSL连接）来认证客户端访问服务器上的受保护目录的系统和方法。一种方法包括以下步骤：由设备从第一网络的客户端接收访问第二网络上的服务器的第一请求，所述设备向客户端提供从第一网络到第二网络的虚拟专用网络连接 ; 由设备确定第一请求包括访问服务器的受保护目录; 该设备将认证策略与受保护目录相关联，认证策略指定用于认证客户端对受保护目录的访问的动作; 以及响应于所述认证策略，所述设备向所述客户端发送用于认证证书的第二请求。还公开了相应的系统。

23. 发明授权

US08811223B2 Systems and methods for distributing crypto cards to multiple cores 有权
标题翻译：将密码卡分配到多个核心的系统和方法
公开(公告)号：US08811223B2
公开(公告)日：2014-08-19
申请号：US12489161
申请日：2009-06-22
申请人： Tushar Kanekar , Swarupa Gonuguntla
发明人： Tushar Kanekar , Swarupa Gonuguntla
IPC分类号： H04L12/28
CPC分类号： H04L63/0272 , G06F2221/2149 , H04L63/166
摘要： The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. The packet processing engines can be configured to operate in user space of a system, and can access cryptographic resources via memory allocations mapped from kernel space to user space. A method for use with the multi-card/multi-core system can comprise detecting, by a kernel of the multi-core system, a plurality of cryptographic cards available to the system, identifying, by a configurator of the multi-core system, a plurality of packet processing engines configured to operate in user space on a plurality of cores of the multi-core system, and determining, by a card distribution manager, a distribution layout that identifies an assignment of the plurality of cryptographic cards to the plurality of packet processing engines.
摘要翻译：本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。在各种实施例中，向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。分组处理引擎可以被配置为在系统的用户空间中操作，并且可以经由从内核空间映射到用户空间的存储器分配来访问加密资源。与多卡/多核系统一起使用的方法可以包括由多核系统的内核检测可用于系统的多个密码卡，由多核系统的配置者识别，多个分组处理引擎，被配置为在所述多核系统的多个核上的用户空间中操作，以及由卡分发管理器确定识别所述多个密码卡到所述多核系统的分配的分布布局数据包处理引擎

24. 发明授权

US08793486B2 Systems and methods for optimizing SSL handshake processing 有权
标题翻译：优化SSL握手处理的系统和方法
公开(公告)号：US08793486B2
公开(公告)日：2014-07-29
申请号：US13346314
申请日：2012-01-09
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L63/166
摘要： A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.
摘要翻译：用于在计算用于SSL握手的消息摘要之前缓存SSL握手消息的方法包括：由具有客户端的设备进行SSL握手，所述SSL握手包括多个SSL握手消息; 由设备存储多个SSL握手消息; 响应于接收到与所述SSL握手相对应的客户端完成消息，所述设备向消息摘要计算设备提供所述多个SSL握手消息; 由所述设备从所述消息摘要计算设备接收与所提供的消息相对应的消息摘要; 由设备确定消息摘要与SSL客户端完成消息中包含的消息摘要相匹配; 并由用户与客户完成SSL握手。还描述了相应的系统。

25. 发明授权

US08230214B2 Systems and methods for optimizing SSL handshake processing 有权
标题翻译：优化SSL握手处理的系统和方法
公开(公告)号：US08230214B2
公开(公告)日：2012-07-24
申请号：US11466014
申请日：2006-08-21
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L29/06
CPC分类号： H04L9/3263 , H04L63/166 , H04L2209/80
摘要： A method for enabling efficient SSL handshakes through precomputing of handshake messages, the method includes: receiving, by an appliance, a server certificate identifying a server; generating, by the appliance, at least one of: (i) an SSL server certificate message comprising the received server certificate, (ii) an SSL client certificate request message, and (iii) an SSL hello done message; storing, by the appliance, the generated messages; receiving, by the appliance from a client, an SSL client hello message identifying the server; and transmitting, by the appliance to the client, an SSL server hello message and at least one of the stored messages. Corresponding systems are also described.
摘要翻译：一种用于通过预先计算握手消息来实现有效的SSL握手的方法，所述方法包括：由设备接收识别服务器的服务器证书; 由所述设备生成以下至少一个：（i）包括所接收的服务器证书的SSL服务器证书消息，（ii）SSL客户端证书请求消息，以及（iii）SSL hello完成消息; 由设备存储生成的消息; 用户从客户端接收标识服务器的SSL客户端hello消息; 以及由所述设备向所述客户端发送SSL服务器呼叫消息和所存储的消息中的至少一个。还描述了相应的系统。

26. 发明申请

US20110154018A1 SYSTEMS AND METHODS FOR FLASH CROWD CONTROL AND BATCHING OCSP REQUESTS VIA ONLINE CERTIFICATE STATUS PROTOCOL 有权
标题翻译：通过在线证书状态协议对闪存卡控制和批处理OCSP要求的系统和方法
公开(公告)号：US20110154018A1
公开(公告)日：2011-06-23
申请号：US12645907
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , G06F15/16
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2833 , H04L67/2842 , H04L67/2852 , H04L2209/38
摘要： The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.
摘要翻译：本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。在与第二客户端的第二次SSL握手期间，在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一SSL握手和第二客户端证书期间接收第一客户端证书。中间人可能会识别客户端证书的状态不在中介缓存中。中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。响应于从第一客户端接收到客户端证书，中介可以将状态存储到高速缓存以确定是否建立SSL连接。

27. 发明申请

US20100325420A1 SYSTEMS AND METHODS FOR HANDLING SSL SESSION NOT REUSABLE ACROSS MULTIPLE CORES 有权
标题翻译：用于处理SSL会话的系统和方法在多个CORES之间不可重复使用
公开(公告)号：US20100325420A1
公开(公告)日：2010-12-23
申请号：US12489333
申请日：2009-06-22
申请人： Tushar Kanekar
发明人： Tushar Kanekar
IPC分类号： H04L9/00 , G06F15/16
CPC分类号： H04L63/166 , H04L9/3268 , H04L9/3271 , H04L9/3297 , H04L63/0471 , H04L63/0485 , H04L63/0823 , H04L63/0876 , H04L67/1027 , H04L67/1036 , H04L2209/043 , H04L2209/30 , H04L2209/56 , H04L2209/60 , H04L2209/76 , H04L2209/80
摘要： The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
摘要翻译：本发明涉及用于在多核系统中管理SSL会话持久性和重用的系统和方法。第一核心可以指示由第一核心建立的SSL会话是不可恢复的。响应于指示，核心可以在由多核系统的每个核心访问的存储器中的位置处设置指示符，该指示符指示SSL会话不可恢复。多核系统的第二核心可以接收重新使用SSL会话的请求。请求可以包括SSL会话的会话标识符。此外，会话标识符可以将第一核心识别为SSL会话的建立者。第二核心可以从会话标识符的编码中识别第二核心是否不是SSL会话的建立者。响应于识别，第二个核心可能决定是否恢复SSL会话。

28. 发明申请

US20100325419A1 SYSTEMS AND METHODS FOR ENCODING THE CORE IDENTIFIER IN THE SESSION IDENTIFIER 有权
标题翻译：在会议标识符中编码核心标识符的系统和方法
公开(公告)号：US20100325419A1
公开(公告)日：2010-12-23
申请号：US12489325
申请日：2009-06-22
申请人： Tushar Kanekar
发明人： Tushar Kanekar
IPC分类号： H04L9/00 , H04L29/06
CPC分类号： H04L63/166 , H04L9/3268 , H04L9/3271 , H04L9/3297 , H04L63/0464 , H04L63/0471 , H04L63/0485 , H04L63/0823 , H04L63/0876 , H04L63/101 , H04L67/02 , H04L67/1002 , H04L67/1027 , H04L67/1036 , H04L67/146 , H04L69/162 , H04L2209/043 , H04L2209/30 , H04L2209/56 , H04L2209/60 , H04L2209/76 , H04L2209/80
摘要： The present invention is directed towards systems and methods for managing SSL session persistence and reuse in a multi-core system. A first core may indicate that an SSL session established by the first core is non-resumable. Responsive to the indication, the core may set an indicator at a location in memory accessible by each core of the multi-core system, the indicator indicating that the SSL session is non-resumable. A second core of the multi-core system may receive a request to reuse the SSL session. The request may include a session identifier of the SSL session. In addition, the session identifier may identify the first core as an establisher of the SSL session. The second core can identify from encoding of the session identifier whether the second core is not the establisher of the SSL session. Responsive to the identification, the second core may determine whether to resume the SSL session.
摘要翻译：本发明涉及用于在多核系统中管理SSL会话持久性和重用的系统和方法。第一核心可以指示由第一核心建立的SSL会话是不可恢复的。响应于指示，核心可以在由多核系统的每个核心访问的存储器中的位置处设置指示符，该指示符指示SSL会话不可恢复。多核系统的第二核心可以接收重新使用SSL会话的请求。请求可以包括SSL会话的会话标识符。此外，会话标识符可以将第一核心识别为SSL会话的建立者。第二核心可以从会话标识符的编码中识别第二核心是否不是SSL会话的建立者。响应于识别，第二个核心可能决定是否恢复SSL会话。

29. 发明申请

US20100322104A1 SYSTEMS AND METHODS FOR DISTRIBUTING CRYPTO CARDS TO MULTIPLE CORES 有权
标题翻译：将卡片分配到多个线的系统和方法
公开(公告)号：US20100322104A1
公开(公告)日：2010-12-23
申请号：US12489161
申请日：2009-06-22
申请人： Tushar Kanekar , Swarupa Gonuguntla
发明人： Tushar Kanekar , Swarupa Gonuguntla
IPC分类号： H04L12/28
CPC分类号： H04L63/0272 , G06F2221/2149 , H04L63/166
摘要： The present invention is directed towards systems and methods for distributed operation of a plurality of cryptographic cards in a multi-core system. In various embodiments, a plurality of cryptographic cards providing encryption/decryption resources are assigned to a plurality of packet processing engines in operation on a multi-core processing system. The packet processing engines can be configured to operate in user space of a system, and can access cryptographic resources via memory allocations mapped from kernel space to user space. A method for use with the multi-card/multi-core system can comprise detecting, by a kernel of the multi-core system, a plurality of cryptographic cards available to the system, identifying, by a configurator of the multi-core system, a plurality of packet processing engines configured to operate in user space on a plurality of cores of the multi-core system, and determining, by a card distribution manager, a distribution layout that identifies an assignment of the plurality of cryptographic cards to the plurality of packet processing engines.
摘要翻译：本发明涉及用于在多核系统中分布式操作多个加密卡的系统和方法。在各种实施例中，向多核处理系统运行的多个分组处理引擎分配了提供加密/解密资源的多个密码卡。分组处理引擎可以被配置为在系统的用户空间中操作，并且可以经由从内核空间映射到用户空间的存储器分配来访问加密资源。与多卡/多核系统一起使用的方法可以包括由多核系统的内核检测可用于系统的多个密码卡，由多核系统的配置者识别，多个分组处理引擎，被配置为在所述多核系统的多个核上的用户空间中操作，以及由卡分发管理器确定识别所述多个密码卡到所述多核系统的分配的分布布局数据包处理引擎

30. 发明申请

US20080046727A1 SYSTEMS AND METHODS FOR OPTIMIZING SSL HANDSHAKE PROCESSING 有权
标题翻译：用于优化SSL HANDSHAKE处理的系统和方法
公开(公告)号：US20080046727A1
公开(公告)日：2008-02-21
申请号：US11466030
申请日：2006-08-21
申请人： Tushar Kanekar , Sivaprasad Udupa
发明人： Tushar Kanekar , Sivaprasad Udupa
IPC分类号： H04L9/00
CPC分类号： H04L63/166
摘要： A method for buffering SSL handshake messages prior to computing a message digest for the SSL handshake includes: conducting, by an appliance with a client, an SSL handshake, the SSL handshake comprising a plurality of SSL handshake messages; storing, by the appliance, the plurality of SSL handshake messages; providing, by the appliance to a message digest computing device in response to receiving a client finish message corresponding to the SSL handshake, the plurality of SSL handshake messages; receiving, by the appliance from the message digest computing device, a message digest corresponding to the provided messages; determining by the appliance, the message digest matches a message digest included in the SSL client finish message; and completing, by the appliance with the client, the SSL handshake. Corresponding systems are also described.
摘要翻译：用于在计算用于SSL握手的消息摘要之前缓存SSL握手消息的方法包括：由具有客户端的设备进行SSL握手，所述SSL握手包括多个SSL握手消息; 由设备存储多个SSL握手消息; 响应于接收到与所述SSL握手相对应的客户端完成消息，所述设备向消息摘要计算设备提供所述多个SSL握手消息; 由所述设备从所述消息摘要计算设备接收与所提供的消息相对应的消息摘要; 由设备确定消息摘要与SSL客户端完成消息中包含的消息摘要相匹配; 并由用户与客户端完成SSL握手。还描述了相应的系统。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式