Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2008-04-15
2008-04-15
Zand, Kambiz (Department: 2134)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S160000, C726S012000, C380S262000
Reexamination Certificate
active
07360075
ABSTRACT:
The invention provides a method and apparatus for transmitting data securely using an unreliable communication protocol, such as User Datagram Protocol. In one variation, the invention retains compatibility with conventional Secure Sockets Layer (SSL) and SOCKS protocols, such that secure UDP datagrams can be transmitted between a proxy server and a client computer in a manner analogous to conventional SOCKS processing. In contrast to conventional SSL processing, which relies on a guaranteed delivery service such as TCP and encrypts successive data records with reference to a previously-transmitted data record, encryption is performed using a nonce that is embedded in each transmitted data record. This nonce acts both as an initialization vector for encryption/decryption of the record, and as a unique identifier to authenticate the record. Because decryption of any particular record does not rely on receipt of a previously received data record, the scheme will operate over an unreliable communication protocol. The system and method allows secure packet transmission to be provided with a minimum amount of overhead. Further, the invention provides a network arrangement that employs a cache having copies distributed among a plurality of different locations. SSL/TLS session information for a session with each of the proxy servers is stored in the cache so that it is accessible to at least one other proxy server. Using this arrangement, when a client computer switches from a connection with a first proxy server to a connection with a second proxy server, the second proxy server can retrieve SSL/TLS session information from the cache corresponding to the SSL/TLS communication session between the client device and the first proxy server. The second proxy server can then use the retrieved SSL/TLS session information to accept a session with the client device.
REFERENCES:
patent: 5325433 (1994-06-01), Torii et al.
patent: 5583940 (1996-12-01), Vidrascu et al.
patent: 5657390 (1997-08-01), Elgamal et al.
patent: 5673319 (1997-09-01), Bellare et al.
patent: 5754651 (1998-05-01), Blatter et al.
patent: 5822531 (1998-10-01), Gorczyca et al.
patent: 6006259 (1999-12-01), Adelman et al.
patent: 6029245 (2000-02-01), Scanlan
patent: 6038677 (2000-03-01), Lawlor et al.
patent: 6061796 (2000-05-01), Chen et al.
patent: 6070245 (2000-05-01), Murphy, Jr. et al.
patent: 6078957 (2000-06-01), Adelman et al.
patent: 6094485 (2000-07-01), Weinstein et al.
patent: 6125186 (2000-09-01), Saito et al.
patent: 6141423 (2000-10-01), Fischer
patent: 6148405 (2000-11-01), Liao et al.
patent: 6167438 (2000-12-01), Yates et al.
patent: 6185567 (2001-02-01), Ratnaraj et al.
patent: 6192417 (2001-02-01), Block et al.
patent: 6195366 (2001-02-01), Kayashima et al.
patent: 6288739 (2001-09-01), Hales et al.
patent: 6317729 (2001-11-01), Camp et al.
patent: 6321268 (2001-11-01), Dillon et al.
patent: 6345288 (2002-02-01), Reed et al.
patent: 6351539 (2002-02-01), Djakovic
patent: 6385596 (2002-05-01), Wiser et al.
patent: 6502135 (2002-12-01), Munger et al.
patent: 6505192 (2003-01-01), Godwin et al.
patent: 6606663 (2003-08-01), Liao et al.
patent: 6643260 (2003-11-01), Kloth et al.
patent: 6754832 (2004-06-01), Godwin et al.
patent: 6816968 (2004-11-01), Walmsley
patent: 2002/0023209 (2002-02-01), Domstedt et al.
patent: 2002/0083148 (2002-06-01), Shaw et al.
patent: 2002/0094085 (2002-07-01), Roberts
patent: 2003/0167403 (2003-09-01), McCurley et al.
patent: 2004/0107286 (2004-06-01), Larson et al.
Internet Engineering Task Force(IETF)Request For Comment(RFC) 1928, “SOCKS Protocol V5,” M. Leech et al., Mar. 1996.
Internet Engineering Task Force(IETF)Request For Comment(RFC) 1929, “Username/Password Authentication For SOCKS V5,” M. Leech, Mar. 1996.
Internet Engineering Task Force(IETF)Request For Comment(RFC) 1301, “Multicast Transport Protocol,” by S. Armstrong et al., Feb. 1992.
“Hashing Concepts And The Java Programming Language,” by Robert Uzgalis, 1996.
“HasB.sml—Hashing Functions For Lab 2-B,” by John Hamer, Jun. 2000.
“MTP: Multicast Transport Protocol,” an article posted on the Network And Telecommunications Research Group website address “http:/
trg.cs.tcd.ie/4ba2/multicast/magnus/index.html” on Jan. 24, 2001.
“Nokia VPN Gateways: Patented IP Clustering Technology Provides True Active Session Failover And Dynamic Load Balancing”.
“TIB/Rendevous C Reference,” Tibco Software Inc., Dec. 1999.
“TIB/Rendevous Java Reference,” Tibco Software Inc., Dec. 1999.
“TIB/Rendevous Administration,” Tibco Software Inc., Dec. 1999.
“TIB/Rendevous Installation,” Tibco Software Inc., Dec. 1999.
“TIB/Rendevous Concepts,” Tibco Software Inc., Dec. 1999.
Wireless Application Protocol, Wireless Transport Layer Security Specification, WAP WTLS WAP-199-WTLS, Version 18, Feb. 2000, 99 pages.
D. Simon: Microsoft Corporation, Microsoft Corporation's PCT Protocol, Document version 2.00, Apr. 1996, 38 pages.
E. Rescorla: “SSL and TLS, Designing and Building Secure Systems” Addison Wesley Publishing, pp. 43-45, 57-67, and 88-91.
S. Thomas: “SSL and TLS Essentials, Securing the Web” Wiley Publishing, Table of Contents pp. ix-xiii, pp. 10-11, p. 13, and pp. 118-129 (additional information from this book will be provided upon the Examiner's request).
Information printed from website (www.openssl.org/docs/apps/openssl.html) on Jul. 2, 2001, 7 pages.
Information printed from website (www.openssl.org/docs/ssl/ssl.html) on Jul. 2, 2001, 15 pages.
Information printed from website (www.openssl.org/docs/crypto/crypto.html) on Jul. 2, 2001, 2 pages.
Information printed from website (www.openssl.org/docs/HOWTO/) on Jul. 2, 2001, 1 page.
B. Tung: “KERBEROS A Network Authentication System” Addison Wesley Networking Basics Series, entire book pp. vii-164.
Information printed from website (www.broadcom.com/doc/promo5820.html) on Aug. 15, 2001, 6 pages.
The Authoritative Dictionary of IEEE Standard Terms, 2000 by IEEE, Inc., Seventh Edition, pp. 505-506.
David A. McGrew, Dacid Oran, Cisco Systems et al, “The Secure Real Time Protocol.” Nov. 2000. Cisco Systems IETF Standard-Working-Draft, Internet. Engineering Task Force. CH XPO15032291, ISSN; 000-0004.
Supplementary European Search Report in corresponding European Patent Office application, No. EP 02 71 4859, mailed Aug. 1, 2005.
Erickson Rodger D.
VanHeyningen Marc D.
Aventail Corporation, a wholly owned subsidiary of SonicWALL, In
Brown Christopher J.
Carr & Ferrell LLP
Zand Kambiz
LandOfFree
Method and apparatus for providing secure streaming data... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for providing secure streaming data..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for providing secure streaming data... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2798593