Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

System and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol

A technology for data transmission system and protocol implementation, applied in the field of SSL offloading session multiplexing based on the TLS1.3 protocol, can solve the problems of low system efficiency, time-consuming, and inability to store PSK values, etc. Speed, the effect of reducing three operations

Active Publication Date: 2021-06-22
ARRAY NETWORKS BEIJING
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, because the PSK identity of the TLS1.3 protocol needs to contain the PSK value, not only the data transmission system of NewSessionTicket in RFC5077 cannot store the PSK value, but also if image 3 As shown, the session logic commonly used in the existing technology is that when the client wants to use a certain ticket for session multiplexing, it encapsulates the ticket in the pre_shared_key extension and sends it to the server. After receiving the extension, the server sends the pre_shared_key parses out the PSK value, then derives the Early Secret, then derives the binder_key through the Early Secret, and then calculates the hmac_key to verify the PSKidentity value through the binder_key, and then uses the hmac_key to perform HMAC (hash message authentication) on the message between clienthello and binder Code) operation, the calculated value is compared with the binder value corresponding to the PSKidentity, if they are the same, the verification succeeds, otherwise the verification fails
This method requires more than three logical operations, which takes a long time and the system efficiency is low

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol
  • System and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol
  • System and method for realizing SSL unloading session multiplexing based on TLS1.3 protocol

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0039] In the following description, many techniques are proposed in order to make the reader better understand the present application. However, one of ordinary skill in the art will appreciate that even without these techniques and various changes and modifications based on the following embodiments, it is also the technical solution as claimed in the claims.

[0040] In order to make the object of the present invention, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.

[0041] A data transmission system based on TLS1.3 protocol to implement SSL uninstall session, then figure 1 As shown: including the client 100, the ciphertext module 200, the load balancing device (referred to as an APV) 300, the apparent module 400 is established by the client 500, the client based on the TLS1.3 protocol and the APV device as a TLS1.3 protocol server. SSL / TLS connection, transfer ciphertext module data; APV device...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a system and a method for realizing SSL unloading session multiplexing based on a TLS1.3 protocol, the system comprises a client, a ciphertext module, a load balancing device, a plaintext module and a server, the ciphertext module comprises a NewSession Ticket data transmission system based on the TLS1.3 protocol, and Ticket data in the data transmission system comprises the following parts: key_name, IV, encrypted_state, HMAC value and the like. According to the NewSession Ticket data transmission system disclosed by the invention, the safety and the integrity of the data are ensured and enhanced; compared with common session multiplexing logic, the session multiplexing provided by the invention has the advantages that three times of operation are reduced, so that the session multiplexing speed is increased.

Description

Technical field [0001] The present invention relates to the field of network application delivery control, and in particular, to a system and method for implementing SSL uninstall session based on TLS1.3 protocol. Background technique [0002] The TLS1.3 protocol is the strengthening version of the SSL / TLS protocol, similar to the SSL / TLS protocol on the entire protocol format. Such as figure 1 As shown, the SSL / TLS protocol provides the following two functions for network communication: a. Create a secure connection, that is, the data transmitted is encrypted, preventing it from being sniffed by the middleman, and provides a complete artificial school for data. The data to prevent transmission is modified by the middleman. b. Establish a trusted connection, that is, providing identity authentication on the entity connected to both sides. The present invention relates to the latest version of the TLS1.3 protocol, which is discarded the previous RSA key negotiation algorithm...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/08H04L9/08H04L9/06
CPCH04L67/145H04L9/0631H04L9/0637H04L9/0643H04L9/0838H04L9/085H04L67/02H04L67/1001
Inventor 吴东升刘勤何箫楠
Owner ARRAY NETWORKS BEIJING
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com