GB2577230B - Cacheless session ticket support in TLS inspection - Google Patents

Cacheless session ticket support in TLS inspection Download PDF

Info

Publication number
GB2577230B
GB2577230B GB1918298.9A GB201918298A GB2577230B GB 2577230 B GB2577230 B GB 2577230B GB 201918298 A GB201918298 A GB 201918298A GB 2577230 B GB2577230 B GB 2577230B
Authority
GB
United Kingdom
Prior art keywords
cacheless
session ticket
ticket support
tls
inspection
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
GB1918298.9A
Other languages
English (en)
Other versions
GB2577230A (en
GB201918298D0 (en
Inventor
Lee Cheng-Ta
Hsiung Wei-Hsiang
Suen Wei-Shiau
Wu Ming-Hsun
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
International Business Machines Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Publication of GB201918298D0 publication Critical patent/GB201918298D0/en
Publication of GB2577230A publication Critical patent/GB2577230A/en
Application granted granted Critical
Publication of GB2577230B publication Critical patent/GB2577230B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/166Implementing security features at a particular protocol layer at the transport layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • H04L67/146Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/302Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3271Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response
    • H04L9/3273Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using challenge-response for mutual authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer And Data Communications (AREA)
GB1918298.9A 2017-06-01 2018-05-31 Cacheless session ticket support in TLS inspection Active GB2577230B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US15/611,229 US10542041B2 (en) 2017-06-01 2017-06-01 Cacheless session ticket support in TLS inspection
PCT/IB2018/053877 WO2018220570A1 (en) 2017-06-01 2018-05-31 Cacheless session ticket support in tls inspection

Publications (3)

Publication Number Publication Date
GB201918298D0 GB201918298D0 (en) 2020-01-29
GB2577230A GB2577230A (en) 2020-03-18
GB2577230B true GB2577230B (en) 2022-04-13

Family

ID=64456398

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1918298.9A Active GB2577230B (en) 2017-06-01 2018-05-31 Cacheless session ticket support in TLS inspection

Country Status (6)

Country Link
US (1) US10542041B2 (enExample)
JP (1) JP7436210B2 (enExample)
CN (1) CN110622482B (enExample)
DE (1) DE112018001559B4 (enExample)
GB (1) GB2577230B (enExample)
WO (1) WO2018220570A1 (enExample)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10812468B2 (en) * 2017-12-07 2020-10-20 Sonicwall Inc. Dynamic bypass
US10581948B2 (en) 2017-12-07 2020-03-03 Akamai Technologies, Inc. Client side cache visibility with TLS session tickets
US11019034B2 (en) 2018-11-16 2021-05-25 Akamai Technologies, Inc. Systems and methods for proxying encrypted traffic to protect origin servers from internet threats
US11233859B2 (en) * 2019-10-31 2022-01-25 Arm Ip Limited Machine-to-machine communications
CN111866172A (zh) * 2020-07-30 2020-10-30 北京金山云网络技术有限公司 会话票证的处理方法、装置及电子设备
CN113014454B (zh) * 2021-03-05 2022-06-14 中电积至(海南)信息技术有限公司 一种基于ssl、tls协议的用户代理标识及数量检测方法
CN118614036A (zh) * 2022-02-01 2024-09-06 三菱电机株式会社 动态授权系统和动态授权方法
CN115296847B (zh) * 2022-07-06 2024-02-13 杭州涂鸦信息技术有限公司 流量控制方法、装置、计算机设备和存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013112816A1 (en) * 2012-01-26 2013-08-01 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
US20160004865A1 (en) * 2014-06-17 2016-01-07 International Business Machines Corporation Verification of intellectual property core trusted state
US20160315913A1 (en) * 2015-04-24 2016-10-27 Cisco Technology, Inc. Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050050316A1 (en) 2003-08-25 2005-03-03 Amir Peles Passive SSL decryption
US20060294366A1 (en) * 2005-06-23 2006-12-28 International Business Machines Corp. Method and system for establishing a secure connection based on an attribute certificate having user credentials
US7953861B2 (en) 2006-08-10 2011-05-31 International Business Machines Corporation Managing session state for web applications
US8190875B2 (en) 2007-03-22 2012-05-29 Cisco Technology, Inc. Reducing processing load in proxies for secure communications
WO2009060899A1 (ja) * 2007-11-07 2009-05-14 Nippon Telegraph And Telephone Corporation 共通鍵設定方法、中継装置、及びプログラム
CN102026185B (zh) * 2009-09-18 2014-04-09 中兴通讯股份有限公司 票据的有效性检验方法及网络信令节点
EP3629181B1 (en) * 2012-01-24 2022-10-05 SSH Communications Security Oyj Privileged access auditing
US9176838B2 (en) * 2012-10-19 2015-11-03 Intel Corporation Encrypted data inspection in a network environment
US9124629B1 (en) * 2013-02-11 2015-09-01 Amazon Technologies, Inc. Using secure connections to identify systems
US10178181B2 (en) * 2014-04-02 2019-01-08 Cisco Technology, Inc. Interposer with security assistant key escrow
US9499297B2 (en) * 2014-07-29 2016-11-22 Mott's Llp Carton blank, carton and container package
US10452850B2 (en) 2014-08-18 2019-10-22 International Business Machines Corporation Protected shell for risk validation
US9641590B2 (en) 2014-08-27 2017-05-02 Google Inc. Resuming session states
CN104702611B (zh) * 2015-03-15 2018-05-25 西安电子科技大学 一种保护安全套接层会话密钥的设备及方法
JP2017046179A (ja) * 2015-08-26 2017-03-02 日本電信電話株式会社 端末支援システム、及び端末支援方法
US10887291B2 (en) * 2016-12-16 2021-01-05 Amazon Technologies, Inc. Secure data distribution of sensitive data across content delivery networks
CN106790285B (zh) * 2017-02-27 2019-09-06 杭州迪普科技股份有限公司 一种会话重用方法及装置

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013112816A1 (en) * 2012-01-26 2013-08-01 Mcafee, Inc. System and method for innovative management of transport layer security session tickets in a network environment
US20160004865A1 (en) * 2014-06-17 2016-01-07 International Business Machines Corporation Verification of intellectual property core trusted state
US20160315913A1 (en) * 2015-04-24 2016-10-27 Cisco Technology, Inc. Scalable Intermediate Network Device Leveraging SSL Session Ticket Extension

Also Published As

Publication number Publication date
GB2577230A (en) 2020-03-18
JP2020522164A (ja) 2020-07-27
US20180351998A1 (en) 2018-12-06
DE112018001559B4 (de) 2023-09-07
CN110622482A (zh) 2019-12-27
DE112018001559T5 (de) 2019-12-05
US10542041B2 (en) 2020-01-21
CN110622482B (zh) 2022-02-22
JP7436210B2 (ja) 2024-02-21
GB201918298D0 (en) 2020-01-29
WO2018220570A1 (en) 2018-12-06

Similar Documents

Publication Publication Date Title
GB2577230B (en) Cacheless session ticket support in TLS inspection
IL253640B (en) Support device and method
GB2531683B (en) Arrangement in catapult
PL3270104T3 (pl) Urządzenie do pomiaru kształtu i sposób pomiaru kształtu
GB201522381D0 (en) Display device and apparatus
GB201510758D0 (en) Novel TNFa structure for use in therapy
SG11201901202UA (en) Inspection device and inspection methods
ZA201803051B (en) Support apparatus and its components
GB2536418B (en) Improvements in light testing
GB201518615D0 (en) Test methods and apparatus
EP3250020A4 (en) Inspection support device and inspection support method
PL3433350T3 (pl) Lipazy do zastosowania w środkach piorących i czyszczących
GB201501148D0 (en) Cut-flower display apparatus
IL282983B (en) Compatible imaging device and imaging method
PL3525128T3 (pl) Sposób i urządzenie do realizowania funkcji pomocniczej w aplikacji
GB201612453D0 (en) Methods and apparatus for measuring deformation
TWI562127B (en) Displaying method and displaying device
EP3128331A4 (en) Supporting device and inspection method
PT3545109T (pt) Método in vitro para identificar adenomas colorretais ou cancro colorretal
GB201520488D0 (en) Inspection device and method
GB201717512D0 (en) Imporovements in testing
GB201709360D0 (en) Improvements in testing
GB201707547D0 (en) Improvements in testing
GB201707863D0 (en) Methods for improving mitophagy in subjects
GB201707861D0 (en) Methods for improving mitophagy in subjects

Legal Events

Date Code Title Description
746 Register noted 'licences of right' (sect. 46/1977)

Effective date: 20220505