专利快速检索-快速检索全球专利，免费商用专利数据库-IPRDB

1. 发明申请

US20110154026A1 SYSTEMS AND METHODS FOR PARALLEL PROCESSING OF OCSP REQUESTS DURING SSL HANDSHAKE 审中-公开
标题翻译： SSL HANDSHAKE期间OCSP要求并行处理的系统和方法
公开(公告)号：US20110154026A1
公开(公告)日：2011-06-23
申请号：US12645893
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/166 , H04L67/2833 , H04L67/2842 , H04L2209/043 , H04L2209/30 , H04L2209/60 , H04L2209/76 , H04L2209/80
摘要： The present invention is directed towards systems and methods for processing an Online Certificate Status Protocol (OCSP) request in parallel to processing a Secure Socket Layer (SSL) handshake. The method includes transmitting, by an OCSP responder of an intermediary device between a plurality of clients and one or more servers, an OCSP request to a OCSP server for a status of a client certificate responsive to receiving the client certificate from a client during a SSL handshake. The intermediary device may continue to perform remaining portions of the SSL handshake while the OCSP request to the OCSP server is outstanding. The intermediary device may establish an SSL connection for the SSL handshake. The intermediary device may determine whether to terminate or maintain the established SSL connection based on the status of the client certificate received via a response from the OCSP server.
摘要翻译：本发明涉及用于处理在线证书状态协议（OCSP）请求并行处理安全套接层（SSL）握手的系统和方法。该方法包括在多个客户端和一个或多个服务器之间由中间设备的OCSP应答器向OCSP服务器发送响应于在SSL期间从客户端接收客户端证书的客户端证书的状态的OCSP请求握手当向OCSP服务器的OCSP请求未完成时，中间设备可以继续执行SSL握手的剩余部分。中间设备可以建立用于SSL握手的SSL连接。中介设备可以基于经由OCSP服务器的响应接收到的客户端证书的状态来确定是否终止或维护已建立的SSL连接。

2. 发明授权

US08621204B2 Systems and methods for evaluating and prioritizing responses from multiple OCSP responders 有权
标题翻译：用于评估和优先考虑多个OCSP响应者的响应的系统和方法
公开(公告)号：US08621204B2
公开(公告)日：2013-12-31
申请号：US12645664
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2819 , H04L2209/38
摘要： The present invention is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.
摘要翻译：本发明涉及用于根据在线证书状态协议（OCSP）请求的多个响应来确定客户端证书的状态的系统和方法。多个客户端和一个或多个服务器之间的中间设备在安全套接层（SSL）握手期间，响应于从客户端接收到客户端证书，识别多个OCSP应答器，用于确定客户端证书的状态。多个OCSP应答器中的每一个可以向与每个OCSP响应器对应的统一资源定位符发送客户端证书的状态请求。中介设备可以根据从每个统一资源定位符的响应接收到的客户端证书的多个状态来确定客户端证书的单一状态。

3. 发明申请

US20110154018A1 SYSTEMS AND METHODS FOR FLASH CROWD CONTROL AND BATCHING OCSP REQUESTS VIA ONLINE CERTIFICATE STATUS PROTOCOL 有权
标题翻译：通过在线证书状态协议对闪存卡控制和批处理OCSP要求的系统和方法
公开(公告)号：US20110154018A1
公开(公告)日：2011-06-23
申请号：US12645907
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , G06F15/16
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2833 , H04L67/2842 , H04L67/2852 , H04L2209/38
摘要： The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.
摘要翻译：本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。在与第二客户端的第二次SSL握手期间，在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一SSL握手和第二客户端证书期间接收第一客户端证书。中间人可能会识别客户端证书的状态不在中介缓存中。中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。响应于从第一客户端接收到客户端证书，中介可以将状态存储到高速缓存以确定是否建立SSL连接。

4. 发明申请

US20110154017A1 SYSTEMS AND METHODS FOR EVALUATING AND PRIORITIZING RESPONSES FROM MULTIPLE OCSP RESPONDERS 有权
标题翻译：用于从多个OCSP响应者评估和优化响应的系统和方法
公开(公告)号：US20110154017A1
公开(公告)日：2011-06-23
申请号：US12645664
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2819 , H04L2209/38
摘要： The present invention is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.
摘要翻译：本发明涉及用于根据在线证书状态协议（OCSP）请求的多个响应来确定客户端证书的状态的系统和方法。多个客户端和一个或多个服务器之间的中间设备在安全套接层（SSL）握手期间，响应于从客户端接收到客户端证书，识别多个OCSP应答器，用于确定客户端证书的状态。多个OCSP应答器中的每一个可以向与每个OCSP响应器对应的统一资源定位符发送客户端证书的状态请求。中介设备可以根据从每个统一资源定位符的响应接收到的客户端证书的多个状态来确定客户端证书的单一状态。

5. 发明授权

US08627063B2 Systems and methods for flash crowd control and batching OCSP requests via online certificate status protocol 有权
标题翻译：通过在线证书状态协议，闪存人群控制和批处理OCSP请求的系统和方法
公开(公告)号：US08627063B2
公开(公告)日：2014-01-07
申请号：US12645907
申请日：2009-12-23
申请人： Christofer Edstrom , Tushar Kanekar
发明人： Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , H04L9/32
CPC分类号： H04L9/3268 , H04L63/0823 , H04L63/0884 , H04L63/166 , H04L67/2833 , H04L67/2842 , H04L67/2852 , H04L2209/38
摘要： The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.
摘要翻译：本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。在与第二客户端的第二次SSL握手期间，在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一次SSL握手和第二客户端证书期间接收第一客户端证书。中间人可能会识别客户端证书的状态不在中介缓存中。中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。响应于从第一客户端接收到客户端证书，中介可以将状态存储到高速缓存以确定是否建立SSL连接。

6. 发明授权

US08181019B2 Systems and methods for managing CRLS for a multi-core system 有权
标题翻译：用于管理多核系统的CRLS的系统和方法
公开(公告)号：US08181019B2
公开(公告)日：2012-05-15
申请号：US12489331
申请日：2009-06-22
申请人： Ashoke Saha , Christofer Edstrom , Tushar Kanekar
发明人： Ashoke Saha , Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L29/06 , H04L9/32 , G06F7/04
CPC分类号： H04L63/0823 , H04L9/3268 , H04L63/166
摘要： The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.
摘要翻译：本发明涉及用于在多核系统中维护用于客户端访问的证书吊销列表（CRL）的系统和方法。第一核心可以产生对应于由第一核心维护的主CRL的次级CRL。 CRL可以识别要撤销的证书。第一个核心可以将次级CRL存储到可由内核访问的内存元素。第二个核心可能会收到验证证书的请求。第二个核心可以通过访问次级CRL临时确定证书是否被撤销。第二核心也可能决定不撤销证书。响应确定，第二个核心可能要求第一个核心验证证书。第一个核心可以确定是否根据主CRL撤销证书。基于确定，第一核心可以向第二核心发送消息。

7. 发明申请

US20100325429A1 SYSTEMS AND METHODS FOR MANAGING CRLS FOR A MULTI-CORE SYSTEM 有权
标题翻译：用于管理多核系统的CRLS的系统和方法
公开(公告)号：US20100325429A1
公开(公告)日：2010-12-23
申请号：US12489331
申请日：2009-06-22
申请人： Ashoke Saha , Christofer Edstrom , Tushar Kanekar
发明人： Ashoke Saha , Christofer Edstrom , Tushar Kanekar
IPC分类号： H04L9/00
CPC分类号： H04L63/0823 , H04L9/3268 , H04L63/166
摘要： The present invention is directed towards systems and methods for maintaining Certificate Revocation Lists (CRLs) for client access in a multi-core system. A first core may generate a secondary CRL corresponding to a master CRL maintained by the first core. The CRLs may identify certificates to revoke. The first core can store the secondary CRL to a memory element accessible by the cores. A second core may receive a request to validate a certificate. The second core can provisionally determine, via access to the secondary CRL, whether the certificate is revoked. The second core may also determine not to revoke the certificate. Responsive to the determination, the second core may request the first core to validate the certificate. The first core can determine whether to revoke the certificate based on the master CRL. The first core may send a message to the second core based on the determination.
摘要翻译：本发明涉及用于在多核系统中维护用于客户端访问的证书吊销列表（CRL）的系统和方法。第一核心可以产生对应于由第一核心维护的主CRL的次级CRL。 CRL可以识别要撤销的证书。第一个核心可以将次级CRL存储到可由内核访问的内存元素。第二个核心可能会收到验证证书的请求。第二个核心可以通过访问次级CRL临时确定证书是否被撤销。第二核心也可能决定不撤销证书。响应确定，第二个核心可能要求第一个核心验证证书。第一个核心可以确定是否根据主CRL撤销证书。基于确定，第一核心可以向第二核心发送消息。

你已经成功收藏专利！

检索式保存成功!

IPRDB

热门服务

关于我们

友情链接

联系方式