DE112018001559B4 - Cachespeicherlose sitzungsticket-unterstützung bei tls-prüfung - Google Patents

Cachespeicherlose sitzungsticket-unterstützung bei tls-prüfung Download PDF

Info

Publication number
DE112018001559B4
DE112018001559B4 DE112018001559.9T DE112018001559T DE112018001559B4 DE 112018001559 B4 DE112018001559 B4 DE 112018001559B4 DE 112018001559 T DE112018001559 T DE 112018001559T DE 112018001559 B4 DE112018001559 B4 DE 112018001559B4
Authority
DE
Germany
Prior art keywords
session
tls
ticket
client
session ticket
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
DE112018001559.9T
Other languages
German (de)
English (en)
Other versions
DE112018001559T5 (de
Inventor
Cheng-Ta Lee
Wei-Hsiang Hsiung
Wei-Shiau Suen
Ming-Hsun Wu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of DE112018001559T5 publication Critical patent/DE112018001559T5/de
Application granted granted Critical
Publication of DE112018001559B4 publication Critical patent/DE112018001559B4/de
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
DE112018001559.9T 2017-06-01 2018-05-31 Cachespeicherlose sitzungsticket-unterstützung bei tls-prüfung Active DE112018001559B4 (de)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US15/611,229 2017-06-01
US15/611,229 US10542041B2 (en) 2017-06-01 2017-06-01 Cacheless session ticket support in TLS inspection
PCT/IB2018/053877 WO2018220570A1 (en) 2017-06-01 2018-05-31 Cacheless session ticket support in tls inspection

Publications (2)

Publication Number Publication Date
DE112018001559T5 DE112018001559T5 (de) 2019-12-05
DE112018001559B4 true DE112018001559B4 (de) 2023-09-07

Family

ID=64456398

Family Applications (1)

Application Number Title Priority Date Filing Date
DE112018001559.9T Active DE112018001559B4 (de) 2017-06-01 2018-05-31 Cachespeicherlose sitzungsticket-unterstützung bei tls-prüfung

Country Status (6)

Country Link
US (1) US10542041B2 (enExample)
JP (1) JP7436210B2 (enExample)
CN (1) CN110622482B (enExample)
DE (1) DE112018001559B4 (enExample)
GB (1) GB2577230B (enExample)
WO (1) WO2018220570A1 (enExample)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10812468B2 (en) * 2017-12-07 2020-10-20 Sonicwall Inc. Dynamic bypass
US10581948B2 (en) 2017-12-07 2020-03-03 Akamai Technologies, Inc. Client side cache visibility with TLS session tickets
US11019034B2 (en) 2018-11-16 2021-05-25 Akamai Technologies, Inc. Systems and methods for proxying encrypted traffic to protect origin servers from internet threats
US11233859B2 (en) * 2019-10-31 2022-01-25 Arm Ip Limited Machine-to-machine communications
CN111866172A (zh) * 2020-07-30 2020-10-30 北京金山云网络技术有限公司 会话票证的处理方法、装置及电子设备
CN113014454B (zh) * 2021-03-05 2022-06-14 中电积至(海南)信息技术有限公司 一种基于ssl、tls协议的用户代理标识及数量检测方法
WO2023148803A1 (ja) * 2022-02-01 2023-08-10 三菱電機株式会社 動的認可システムおよび動的認可方法
CN115296847B (zh) * 2022-07-06 2024-02-13 杭州涂鸦信息技术有限公司 流量控制方法、装置、计算机设备和存储介质

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160315913A1 (en) 2015-04-24 2016-10-27 Cisco Technology, Inc. Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension

Family Cites Families (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050050316A1 (en) 2003-08-25 2005-03-03 Amir Peles Passive SSL decryption
US20060294366A1 (en) * 2005-06-23 2006-12-28 International Business Machines Corp. Method and system for establishing a secure connection based on an attribute certificate having user credentials
US7953861B2 (en) 2006-08-10 2011-05-31 International Business Machines Corporation Managing session state for web applications
US8190875B2 (en) 2007-03-22 2012-05-29 Cisco Technology, Inc. Reducing processing load in proxies for secure communications
JP5039146B2 (ja) * 2007-11-07 2012-10-03 日本電信電話株式会社 共通鍵設定方法、中継装置、及びプログラム
CN102026185B (zh) * 2009-09-18 2014-04-09 中兴通讯股份有限公司 票据的有效性检验方法及网络信令节点
WO2013110857A1 (en) * 2012-01-24 2013-08-01 Ssh Communications Security Oyj Privileged access auditing
US9026784B2 (en) 2012-01-26 2015-05-05 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
US9176838B2 (en) * 2012-10-19 2015-11-03 Intel Corporation Encrypted data inspection in a network environment
US9124629B1 (en) * 2013-02-11 2015-09-01 Amazon Technologies, Inc. Using secure connections to identify systems
US10178181B2 (en) * 2014-04-02 2019-01-08 Cisco Technology, Inc. Interposer with security assistant key escrow
US9336391B2 (en) * 2014-06-17 2016-05-10 International Business Machines Corporation Verification of intellectual property core trusted state
US9499297B2 (en) * 2014-07-29 2016-11-22 Mott's Llp Carton blank, carton and container package
US10452850B2 (en) 2014-08-18 2019-10-22 International Business Machines Corporation Protected shell for risk validation
US9641590B2 (en) 2014-08-27 2017-05-02 Google Inc. Resuming session states
CN104702611B (zh) * 2015-03-15 2018-05-25 西安电子科技大学 一种保护安全套接层会话密钥的设备及方法
JP2017046179A (ja) * 2015-08-26 2017-03-02 日本電信電話株式会社 端末支援システム、及び端末支援方法
US10887291B2 (en) * 2016-12-16 2021-01-05 Amazon Technologies, Inc. Secure data distribution of sensitive data across content delivery networks
CN106790285B (zh) * 2017-02-27 2019-09-06 杭州迪普科技股份有限公司 一种会话重用方法及装置

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160315913A1 (en) 2015-04-24 2016-10-27 Cisco Technology, Inc. Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension

Also Published As

Publication number Publication date
CN110622482A (zh) 2019-12-27
GB2577230B (en) 2022-04-13
JP7436210B2 (ja) 2024-02-21
JP2020522164A (ja) 2020-07-27
WO2018220570A1 (en) 2018-12-06
DE112018001559T5 (de) 2019-12-05
GB201918298D0 (en) 2020-01-29
CN110622482B (zh) 2022-02-22
US20180351998A1 (en) 2018-12-06
US10542041B2 (en) 2020-01-21
GB2577230A (en) 2020-03-18

Similar Documents

Publication Publication Date Title
DE112018001559B4 (de) Cachespeicherlose sitzungsticket-unterstützung bei tls-prüfung
DE112020004236B4 (de) Vorwärts gerichtete sicherheit in der transport layer security unter verwendung von ephemeren schlüsseln
US11483292B2 (en) Engagement and disengagement of transport layer security proxy services with encrypted handshaking
US9961103B2 (en) Intercepting, decrypting and inspecting traffic over an encrypted channel
US11146588B2 (en) Context-based adaptive encryption
DE112011101729B4 (de) Verwaltung von Ressourcenzugriff
DE602005001613T2 (de) Einrichten eines sicheren kontexts zur übermittlung von nachrichten zwischen computersystemen
US10298615B2 (en) Splicing into an active TLS session without a certificate or private key
US9774631B2 (en) TLS connection abandoning
US8707026B2 (en) Apparatus for certificate-based cookie security
US9286465B1 (en) Method and apparatus for federated single sign on using authentication broker
US10547641B2 (en) Transparently converting a TLS session connection to facilitate session resumption
CH709936B1 (de) System und Verfahren für das kryptographische Suite-Management.
US9800568B1 (en) Methods for client certificate delegation and devices thereof
Jain et al. Cryptographic Assessment of SSL/TLS Servers Popular in India
Simpson et al. Security Issues in Content Modification Processes
Simpson Distributed Protection for the Enterprise
Anderson Aisha Ijaz 10056967

Legal Events

Date Code Title Description
R012 Request for examination validly filed
R079 Amendment of ipc main class

Free format text: PREVIOUS MAIN CLASS: H04L0029060000

Ipc: H04L0065000000

R016 Response to examination communication
R018 Grant decision by examination section/examining division
R084 Declaration of willingness to licence
R020 Patent grant now final