Supporting secure layer extensions for communication protocols
Gespeichert in:
| Titel: | Supporting secure layer extensions for communication protocols |
|---|---|
| Patent Number: | 10970,264 |
| Publikationsdatum: | April 06, 2021 |
| Appl. No: | 16/773170 |
| Application Filed: | January 27, 2020 |
| Abstract: | A secure layer extensions unit identifies a secure layer extension identifier associated with a communication protocol supported by a client device; receives, from a secure sockets layer (SSL) engine, a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generates a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forwards the modified handshake communication to the client device. |
| Inventors: | RED HAT, INC. (Raleigh, NC, US) |
| Assignees: | Red Hat, Inc. (Raleigh, NC, US) |
| Claim: | 1. A method comprising: identifying, by a processor executing a secure layer extensions unit, a secure layer extension identifier associated with a communication protocol supported by a client device; receiving from a secure sockets layer (SSL) engine a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generating, by the processor executing the secure layer extensions unit, a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forwarding the modified handshake communication to the client device. |
| Claim: | 2. The method of claim 1 , further comprising: updating, by the secure layer extension unit, a memory space with information associated with the modified handshake communication, wherein the memory space is associated with an internal memory location of the SSL engine. |
| Claim: | 3. The method of claim 2 , wherein updating the memory space further comprises: updating, by the secure layer extensions unit, a data structure with a hash value generated in view of the modified handshake communication, the hash value to verify subsequent communications from the client device; and forwarding the hash value to the client device. |
| Claim: | 4. The method of claim 3 , further comprising: identifying a hash function associated with the client device; and generating the hash value for the modified handshake communication using the hash function. |
| Claim: | 5. The method of claim 4 , further comprising: replacing a hash value in the data structure with the generated hash value for the modified handshake communication. |
| Claim: | 6. The method of claim 1 , further comprising: identifying, in view of the secure layer extension identifier, an application-layer protocol negotiation (APLN) extension for the communication protocol. |
| Claim: | 7. The method of claim 6 , further comprising: updating a field in the handshake communication in view of the APLN extension. |
| Claim: | 8. The method of claim 7 , further comprising: appending the APLN extension to the handshake communication. |
| Claim: | 9. An apparatus comprising: a memory to store handshake communication data to authenticate client communications; and a processor, operatively coupled to the memory, to execute a secure layer extensions unit to: identify a secure layer extension identifier associated with a communication protocol supported by a client device; receive from a secure sockets layer (SSL) engine a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generate a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forward the modified handshake communication to the client device. |
| Claim: | 10. The apparatus of claim 9 , wherein the processor is further to: update, by the secure layer extension unit, a memory space with information associated with the modified handshake communication, wherein the memory space is associated with an internal memory location of the SSL engine. |
| Claim: | 11. The apparatus of claim 10 , wherein to update the memory space, the processor is further to: update a data structure with a hash value generated in view of the modified handshake communication, the hash value to verify subsequent communications from the client device; and forward the hash value to the client device. |
| Claim: | 12. The apparatus of claim 11 , wherein the processor is further to: identify a hash function associated with the client device; and generate the hash value for the modified handshake communication using the hash function. |
| Claim: | 13. The apparatus of claim 12 , wherein the processor is further to: replace a hash value in the data structure with the generated hash value for the modified handshake communication. |
| Claim: | 14. The apparatus of claim 9 , wherein the processor is further to: identify, in view of the secure layer extension identifier, an application-layer protocol negotiation (APLN) extension for the communication protocol. |
| Claim: | 15. The apparatus of claim 14 , wherein the processor is further to: update a field in the handshake communication in view of the APLN extension. |
| Claim: | 16. The apparatus of claim 15 , wherein the processor is further to: append the APLN extension to the handshake communication. |
| Claim: | 17. A non-transitory computer-readable storage medium comprising instructions that, when executed by a processing device, cause the processing device to execute a secure layer extensions unit to: identify a secure layer extension identifier associated with a communication protocol supported by a client device; receive from a secure sockets layer (SSL) engine a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generate a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forward the modified handshake communication to the client device. |
| Claim: | 18. The non-transitory computer-readable storage medium of claim 17 , wherein the processing device is further to: update, by the secure layer extension unit, a memory space with information associated with the modified handshake communication, wherein the memory space is associated with an internal memory location of the SSL engine. |
| Claim: | 19. The non-transitory computer-readable storage medium of claim 18 , wherein the processing device is further to: update a data structure with a hash value generated in view of the modified handshake communication, the hash value to verify subsequent communications from the client device; and forward the hash value to the client device. |
| Claim: | 20. The non-transitory computer-readable storage medium of claim 19 , wherein the processing device is further to: identify a hash function associated with the client device; and generate the hash value for the modified handshake communication using the hash function. |
| Patent References Cited: | 5657390 August 1997 Elgamal 5696599 December 1997 Tiso 6931528 August 2005 Immonen 7509425 March 2009 Rosenberg 8069469 November 2011 Atieh 8095787 January 2012 Kanekar 8707027 April 2014 Naik 8738902 May 2014 Yoo 9077754 July 2015 Gonuguntla 9531691 December 2016 Gero 9614772 April 2017 Bradfield 9825911 November 2017 Brandwine 9893883 February 2018 Chaubey 10091247 October 2018 Kumar 10545940 January 2020 Clere 2001/0016907 August 2001 Kang 2003/0069852 April 2003 Martin 2003/0135625 July 2003 Fontes 2003/0177358 September 2003 Martin 2006/0041938 February 2006 Ali 2006/0116148 June 2006 Bahl 2006/0161975 July 2006 Diez 2006/0294366 December 2006 Nadalin 2007/0239886 October 2007 Montemayor 2008/0022085 January 2008 Hiltgen 2008/0046727 February 2008 Kanekar 2008/0161114 July 2008 Wang et al. 2009/0083372 March 2009 Teppler 2010/0034384 February 2010 Bucker et al. 2010/0216430 August 2010 Brown 2010/0228968 September 2010 Wason 2010/0272030 October 2010 Babbar 2012/0307801 December 2012 Olsson 2013/0198511 August 2013 Yoo 2013/0297814 November 2013 Annamalaisami 2013/0346957 December 2013 Khandelwal 2014/0280791 September 2014 DeCusatis 2014/0304498 October 2014 Gonuguntla 2014/0337614 November 2014 Kelson 2014/0376384 December 2014 Bandyopadhyay 2015/0106624 April 2015 Gero 2016/0094602 March 2016 Hsiehyu 2016/0094686 March 2016 Yasuma 2016/0182232 June 2016 Roche 2016/0277446 September 2016 Kumar 2016/0308935 October 2016 Sakai 2016/0315913 October 2016 Lu 2016/0330095 November 2016 Numakami 2016/0330269 November 2016 Alstad 2017/0026481 January 2017 Stephan 2017/0054764 February 2017 Sharma 2017/0111334 April 2017 Gero 2017/0214660 July 2017 Shah 2018/0007172 January 2018 Wang 2018/0145950 May 2018 Tabares 2018/0167401 June 2018 Lin 2014067850 May 2014 WO-2014067850 May 2014 2015080661 June 2015 WO-2015080661 June 2015 2016111914 July 2016 WO-2016111914 July 2016 |
| Other References: | Friedl et al., Transport Layer Security (TLS)—Application-Layer Protocol Negotiation Extension, Internet Engineering Task Force (IETF) (Year: 2014). cited by examiner “HTTP/2 Java 8, Jetty and ALPN”, Oct. 2016, 2 pages http://stackoverflow.com/questions/39856972/http-2-java-8-jetty-and-alpn. cited by applicant Eric Costlow, “Diagnosing TLS, SSL, and HTTPS”, Java Platform Group, Product Management blog, Jul. 2, 2014 1 pages. cited by applicant “JDK 8 Security Enhancements”, Copyright 1993, 2016, Oracle and/or its affiliates, 3 pages https://doc.oracle.com/lavase/8/docs/technotes/guides/security/enhancements-8.html. cited by applicant Simon, “Last NPN & ALPN Update for JDK 7”, Webtide, Apr. 15, 2015, 2 pages https://webtide.com. cited by applicant Ali Abdulqader Bin-Salem et al., Survey of Cross-layer Designs for Video Transmission Over Wireless Networks, IETE Technical Review | vol. 29 | Issue 3 | May-Jun. 2012 (Year: 2012). cited by applicant Lee Breslau et al., Advancves in Network Simulations, 2000 IEEE (Year: 2000). cited by applicant Weilian Su et al., Cross-Layer Design and Optimization forWireless Sensor Networks, Artificial Intelligence, Networking, and Parallel/Distributed Computing (SNPD'06) (Year: 2006). cited by applicant Document from Goole Search, NPN and ALPN (Mar. 20, 2013) (Year: 2013. cited by applicant S. Friedl et al., Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension, Internet Engineering Task Force ( IETF), 2014 (Year: 2014). cited by applicant |
| Assistant Examiner: | Ahmed, Mahabub S |
| Primary Examiner: | Zand, Kambiz |
| Attorney, Agent or Firm: | Lowenstein Sandler LLP |
| Dokumentencode: | edspgr.10970264 |
| Datenbank: | USPTO Patent Grants |
| Abstract: | A secure layer extensions unit identifies a secure layer extension identifier associated with a communication protocol supported by a client device; receives, from a secure sockets layer (SSL) engine, a handshake communication in view of the communication protocol, wherein the handshake communication excludes the secure layer extension identifier; generates a modified handshake communication for the client device that includes the secure layer extension identifier in view of the communication protocol; and forwards the modified handshake communication to the client device. |
|---|