(12)
`
`United States Patent
`Ellis
`
`(10) Patent N0.:
`(45) Date of Patent:
`
`US 6,484,257 B1
`Nov. 19, 2002
`
`US006484257B1
`
`(54) SYSTEM AND METHOD FOR MAINTAINING
`N NUMBER OF SIMULTANEOUS
`CRYPTOGRAPHIC SESSIONS USINGA
`DISTRIBUTED COMPUTING
`ENVIRONMENT
`
`(76) Inventor: Alonzo Ellis, 335 Elan Village La., San
`Jose, CA (US) 95134
`
`( * ) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U‘SC' 154(k)) by 0 days‘
`
`(21) APPL N05 09/259,885
`(22) Filed:
`Feb 27’ 1999
`
`(51) Int. Cl.7 .......................... .. H04K 1/ 10; H04L 9/08;
`H04L 9/12; H04L 5/20
`(52) US. Cl. ....................... .. 713/153; 713/201; 380/33;
`380/34; 380/279
`(58) Field of Search ............................... .. 713/ 153, 201;
`380/33, 34, 37, 38, 279; 370/325, 326,
`343, 480; 375/240; 455 /59, 61
`
`(56)
`
`References Cited
`
`Us‘ PATENT DOCUMENTS
`
`6,195,751 B1 * 2/2001 Caronni et al. ........... .. 713/163
`* Cited by examiner
`
`Primary Examiner—Justin T. Darrow
`(74) Attorney, Agent, or Firm—Michael Hetherington;
`Woodside Intellectual Property LaW Group
`
`(57)
`
`ABSTRACT
`
`sefslcgtrll dlsmbuted arihit-ecmlre hprlclwldes E1 sojtwgi?
`Arll
`0 6 major compu a-lonaAc a -enge-S ace -W1
`so u
`PIOVI' mg secure communication.
`registration entity is
`identi?ed as the session arbitrator through Which N devices
`on a netWork dynamically participate in establishing, main
`taining and destroying cryptographic sessions. Session keys
`are generated by one or more devices registered With the
`registration server. Multiparty key agreement is used to pass
`session keys to all parties involved in the encrypted session.
`All sessions appear to be local to the arbitration server,
`hoWever individual session are maintained by several
`devices operating as a collective. Encrypted stream parti
`tiOning and Computational resource allocation to decrypt the
`individual partitions in such Way as to ensure system sta
`bility With increasing session demands is introduced in the
`architecture. This provides a cryptographic system architec
`ture With encryption/decryption processing poWer limited
`only by the number of participants in the collective and
`netWork bandWidth or latency.
`
`5,966,442 A * 10/1999 Sachdev .................... .. 380/10
`6,134,225 A * 10/2000 Pham et a1. .............. .. 370/316
`
`10 Claims, 15 Drawing Sheets
`
`Bandwidth Slicing Block Diagram
`Client/Server
`Point to Multi-Point to Point Model
`8 agent model shown (can be extended to N agents)
`ISTARTILAN/MOBILE/EXTRANETI WAN/INTERNET l GATEWAY ‘INTRANET/CORPORATE NETWORKI END >
`
`Client
`sends/
`ernege'vtgzl Packets
`crypted ~1'2'3'4‘
`eparggets
`5.6.1.8
`
`m
`
`Packets
`1,2,3,4
`
`Packets
`5‘6’7’8
`(
`720
`
`1
`
`Packetsl
`
`1
`
`Packets
`1,2
`
`Packets
`3'4
`
`Packets
`5,6
`
`P
`ackets
`7,8
`k
`730
`
`2
`
`3
`
`4
`
`5
`6
`
`7
`
`8
`
`Packets 2
`
`Packets 3
`
`Packets4
`Packets5
`
`Packets6
`
`Packets?
`
`packetsg
`
`740
`
`2
`
`3
`
`4
`
`5
`6
`
`7
`
`8
`
`Packets
`,2,3,4
`
`Packets
`1,2
`
`Packets
`3,4
`
`Pacléets
`5‘
`
`S
`regeligs
`/$ends
`Packets
`11213147 decrypted
`5.6.1.8 m pted
`pac ets
`L70
`
`Paézk7egs
`5’ '
`’ L
`760 Q
`Agent
`*Packets 9-N
`follow round
`robin algorithm
`
`Packets
`7,8 \
`750
`
`IBM / Softlayer v. ZitoVault
`Ex. 1001 / Page 1 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 1 0f 15
`
`US 6,484,257 B1
`
`Test 1 Configuration
`
`125
`
`130
`
`Destination C|ient2
`
`Destination C|ient1
`
`N0 AGENTS/2 HOSTS
`
`Bot?eNeCk '
`
`>
`
`@>
`
`GATEWAY SERVER
`(Decrypts Traf?c then
`forwards to client)
`
`Main Server
`
`110
`
`Client2
`
`115
`
`C|ient1
`
`2 CLIENTS
`
`Fig. 1
`(PriorArt)
`
`Ex. 1001 / Page 2 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 2 0f 15
`
`US 6,484,257 B1
`
`CryptoScaie Test
`
`225 Q
`
`230 Q
`
`Q Agent
`
`2 AGENTS! 2CL|ENTS
`
`Destination Ciient2
`
`Destination Clienti
`
`220
`
`No BottleNeck
`
`Main Server
`
`210
`
`C|ient2
`
`215
`
`Ciienti
`
`2 CLIENTS
`
`Fig. 2
`
`Ex. 1001 / Page 3 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 3 of 15
`
`US 6,484,257 B1
`
`Agenti interface and environment
`
`Incoming packet (input)
`
`Outgoing packet
`or
`discarded packet (decision)
`
`Outgoing control request (send)
`
`4__________________
`
`Incoming control response ( receive)
`
`A
`I
`l
`I
`l
`|
`l
`l
`I
`|
`l
`I
`l
`l
`l
`I
`l
`I
`I
`
`Fig. 3
`
`Ex. 1001 / Page 4 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 4 of 15
`
`US 6,484,257 B1
`
`.
`4022 "'3'" Serve’
`Initialize
`405‘\
`
`Entit IEventDia ram
`y
`g
`Agen?s)
`Initialize
`
`‘
`
`Authenticate
`
`410 "
`Control/Setup information
`415 \
`
`Client(s)
`
`j initializationAcknowledgment
`420
`Ready
`A
`
`-- -
`Initialize
`
`‘
`Authenticate
`Agent Notification of new Client _/425
`
`A
`
`Time
`
`Accept or deny client based
`on avai'able resources
`
`435-
`
`_
`Control/Setup !nformat|on
`Agents Assignment ’
`
`AL
`
`Initialization Acknowledgment
`“5-x
`I Ready
`A
`
`Control Message/Begin
`
`450
`
`=\
`Tunnels encrypted packets
`to Main Server
`455'\ Fonivards packets to Agents
`
`f\
`
`2
`
`465
`
`Processes packets
`460—\
`Tunnels encrypted packets
`to Main Server
`Forwards packets to Agents'
`
`‘\
`
`Processes packets
`470 —\
`f\
`Control/Comp etion Message Sent/Connection Closed
`475\_€>2r1tr9l/9J9§9.9Lisntspmsqtqn,
`480 j Ack/ Connection Closed
`
`i
`
`V
`
`v
`
`V
`
`4
`
`Ex. 1001 / Page 5 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 5 0f 15
`
`US 6,484,257 B1
`
`Ex. 1001 / Page 6 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 6 0f 15
`
`US 6,484,257 B1
`
`mm .5
`
`3mm /\
`
`mg.
`
`ESE;
`
`96%? 2 e 858 t @258;
`
`cozméwwu E5 6: E Em? 2&5 .:
`
`
`
`f 222 \L
`
`EH55?
`S35v8
`
`Q96
`
`Ex. 1001 / Page 7 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 7 0f 15
`
`US 6,484,257 B1
`
`CRYPTOSCALE
`
`MasterAgent
`
`agegtl'igntgble
`630
`
`tlNctient traffittz on each
`agen
`
`1.5 MBPS DES
`
`ll
`
`NAT
`g1!
`
`Round
`Robin
`
`Backbone Router 1GBPS DES % lPSec Tunnel
`agent ip table
`I
`|
`Mode
`620
`
`mm
`: unnrm :
`
`Gateway Server
`Master ip table
`640
`
`100 MBPS DES
`
`I
`Agent 2
`{
`
`Agent 3
`
`II]
`
`0 O 0 O O 0 0 IE
`
`Intelligént Hub
`agent ip table
`610
`
`Agent N
`
`- Frg. 6
`
`Ex. 1001 / Page 8 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 8 of 15
`
`US 6,484,257 B1
`
`
`
`swaysEm9._o__m,%_;Emm_
`
`_ozmw\Em__o
`
`
`
`3.5%29umucmca8cmovEsocm_%oEEmmam_%o_>_
`E_on_2E_om._.._:_>_9.E_on_
`
`
`
`
`
`v_m_o>>._.m_zm:<~_on_mo2Ez<Ez_><2m:<oEz«m:z_\z<>>Ez$Em_m_.__mo_>_\zfi._.m_<._.w
`
`
`
`
`
`
`
`NE
`
`
`
`E£:om_m:52
`
`9.9_omn_FF£$_omn_F2$_omn_
`
`m§_omn_NN£$_omn_
`Ea.33
`
`$282wav"mmmav“mm8>_82
`EammHxn_mmgv_Qmacawm29.08Eo__o
`m.§omn_mmEoxommmfloxomamm_$_omn__wx.om8323
`
`
`.vvm9_omn_v_m_wVm.w._omm,_u_Bmaaoco
`
`9.9_omn_oom..9_omn_IMQmo29_omn.ow2,
`
`
` z-m293%02wm/E?J3w293$20%QRx29_omn_NNmmxomm/.J3.3Ze_om.n_w.$.m
`E59>>o__o._oiJ.om»
`
`
`Ex. 1001 / Page 9 of 24
`
`Ex. 1001 / Page 9 of 24
`
`
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 9 0f 15
`
`US 6,484,257 B1
`
`DISTRIBUTED ENCRYPTION ENVIRONMENT MAIN PROCESS
`
`No—>
`
`812
`
`810
`
`Yes
`
`AGENT
`AUTHENTICATION
`AND REGISTRATION
`PROCESS
`
`Q4
`
`_
`
`PREDEFINED PROCESS
`FOR STARTINGAGENT
`SERVICES SEE FIG. 9
`—
`
`SERVER 816
`CIICEJXSTANSU
`DECIDES T0
`
`828
`/
`‘,
`sTEgIégTII?IzETs N ADMINISTRATOR
`AGENT
`ALERTED
`
`0*
`
`Y
`
`8S—>
`
`TO CONTACT
`OTHER AGENTS
`
`/ 96 LTYP s30
`3” ‘é‘EASESL'?S
`N0- IvIETHODS <
`SERVESFINAITS
`SERVER T“
`INVOKED
`CONNECTION
`NOTIFIED
`I
`Yes
`820
`I
`/
`CLIENT
`CONNECTS ‘
`
`—
`
`Yes
`
`N°
`
`Yes
`
`No
`
`NO
`
`822
`/
`CLIENTTHREAD
`CREATED ON
`SERvER
`
`NO
`
`Yes
`
`_
`
`PREDEFINED
`FOPRFICN’SEEISNG
`AGENT
`MEglHxgglaéND
`CONNECTIONS
`BETWEEN
`AGENTS
`__§EE FIG- 10
`
`£32
`
`SUCCESSFUL
`CLIENT
`REDIRECTION?
`I
`Y% 834
`I /
`CONNECTION
`PASSEDAND
`SERvER
`THREAD FREED
`
`840
`Yes 824
`/
`‘I /
`SECURITY
`CLIENT
`AUTHENTIC- _No+ vIOLATION
`ATION
`LOGGEDAND H
`PROCESS
`CONNECTION
`N0
`|
`CLOSED
`Y T
`@~842
`SECURE
`PREDEFINED PROCESS
`COMIEQEQI?QT'ON
`FORAUTHENTICATING
`AND REGISTERING
`CLIENTS FIG.9
`
`Yes
`
`838
`
`SECURE
`COMIIIBIIEIEJgIISQTION
`
`Fig 8
`
`Ex. 1001 / Page 10 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 10 0f 15
`
`US 6,484,257 B1
`
`AUTHENTICATIONAND REGISTRATION PREDEFINED PROCESS
`
`1110
`
`No
`
`905
`MULTIPARTY J
`KEY
`AGREEMENT
`|
`Yes
`1
`SECURE
`MESSAGING
`BEGINS
`1
`Yes
`l
`525 NO
`CLIENT/AGENT
`SUPPLIESAUTH _J
`CREDENTIALS
`I
`Yes
`l
`SERVER
`REGISTERS
`CLIENT/AGENT
`
`910
`J
`
`NO
`
`920
`
`v
`915
`SECURITY J
`VIOLATION
`= LOGGEDAND —»
`CONNECTION
`CLOSED
`“
`
`No
`
`930
`J
`
`|
`Yes
`
`Fig. 9
`
`Ex. 1001 / Page 11 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 11 0f 15
`
`US 6,484,257 B1
`
`CLIENT PROCESS
`
`824
`
`CLIENT
`STARTS
`
`— No——>
`
`1010
`
`I
`N0
`
`Yes
`1015
`‘I
`CLIENT /
`CONNECTS
`T0 SERVER
`
`e14
`/
`
`Y'es
`‘
`CLIENT
`AUTHENTICATION
`PROCESS
`
`N0
`
`PREDEFINED PROCESS
`FORAUTHENTICATING
`AND REGISTERING
`CLIENTS SEE FIG. 9
`
`1025
`LOGS /
`FAILUREAND
`NOTIFIES
`SERVER
`
`Ygs
`1030
`‘
`CLIENT PASSES /
`INFOTO
`SERvER
`
`YIG‘S
`
`N0
`
`,
`
`1035
`/
`
`LOGS
`FAILURE
`AND RETRIES
`
`1040
`/
`
`No
`
`1050
`
`1055
`
`‘
`CLIENT
`REQUESTS
`UPDATES FROM
`SERVER
`I
`Y$S
`REE'EEIQ‘IES
`N ---Ye3-——> REDIRECTIO
`
`REQUEST FROM
`SERVER?
`No
`SECURE
`COMMUNICATION
`BEGINS WITH
`SERVER
`
`1045
`
`L
`
`LOGS
`FAILURE
`AND RETRIES
`
`1055
`/
`
`SUCCESSFULLY
`
`
`
`TO _ No" AGENTS?
`
`lYes
`SECURE
`COMMUNICATION
`BEGINS WITH
`A ENT
`
`1070
`
`1060
`FAILLSFEESAND
`SERVER
`
`Fig. 10
`
`No
`
`Ex. 1001 / Page 12 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 12 0f 15
`
`US 6,484,257 B1
`
`INVOKING AGENT METHODS CONNECTIONS PREDEFINED PROCESS
`s30
`
`1105
`
`CLIENT
`STARTS
`
`N° —’
`
`1125
`1110
`YQS
`PREDEFINED
`LoGS FAILURE "“
`PROCESS
`AND RETRIES
`PASS ‘éB'EQECmN ”’
`TO DETERMINE IF
`EXISTING CLIENTS
`\
`SHOULD BE
`1115
`W
`PASSED TO
`NEW AGENT
`SEE FIG. 12
`
`N0 __+
`
`AGENT
`NOTIFIES
`SERVER
`
`1120
`
`AGENT
`
`1130
`Ygs
`AGENT WAITS FOR
`CONNECTION
`T
`114
`SERVER CONNECTS ~ 0
`T0 THIS AGENT
`
`AGENT SLEEPS 1135
`
`_,
`
`Yes
`
`1170
`
`SECURITY i165
`vIoLATIoN
`LOGGED
`SERVER »
`NOTIFIED AND
`CoNNECTIoN
`CLOSED
`
`Now
`
`>
`
`I
`N0
`
`N°
`
`NO
`
`N _
`O
`PREDEFINED PROCESS
`F‘ZIFIE’S‘QEHGEIQ‘TECAT'IE‘G
`\\ CLIENTS SEE FIG. 9
`*MKA- MULTIPARTY KEY
`AGREEMENT
`
`P1155
`
`1145
`Y‘?
`SERvER THREAD ~
`CREATED ON
`AGENT
`Yés
`——+
`Yes
`SERVER BEGINS MKA*
`1150
`WITH THIS AGENT
`INSTEAD OF LOCAL
`AGENT
`Y-
`*
`‘A cL'ENT’é‘ég'éEE'éTs'cAT'oN
`YéS
`'
`SERvER REDIRECTS
`CLIENT TO AGENT
`yés
`v
`CLIENT THREAD
`CREATED ON AGENT
`I
`
`1160
`
`SECURE
`COMMUNICATIONS
`BEGIN
`M
`
`1175
`
`H 1 1
`g I
`
`Ex. 1001 / Page 13 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 13 0f 15
`
`US 6,484,257 B1
`
`PREDEFINED PROCESS FOR PASSING CONNECTIONS
`1110
`1205
`
`AGENT
`
`I
`
`V
`
`AGENT
`CHECKS CPU LOAD AND
`DECIDES IF IT CAN ACCEPT
`NEW CLIENT
`
`1215
`Yes
`l /
`AGENT NOTIFIES
`No
`SERVER
`
`L068 FAILURE
`AND RETRIES
`
`1220
`
`I
`Y?
`1225
`/
`SERVERANDAGENT
`EXCHANGE CONNECTION ——-Noj
`A IN INFO
`P SS G
`Yés
`l
`
`1230
`/"’/
`
`1240
`
`->
`
`SECURWY
`VIOLATION
`LOGGED
`SERVER
`NOTIFIEDAND
`CONNECTION
`CLOSED
`
`1235 No
`/__/
`SERVER SENDS CLIENT
`REDIRECTION
`INFO
`I
`Yes
`I
`CLIENT REDIRECTS
`SUCCESSFULLY?
`
`1245
`/,/
`
`No
`
`Yes
`
`AGENT THREAD "/
`FREED
`
`Fig. 12
`
`Ex. 1001 / Page 14 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 14 0f 15
`
`US 6,484,257 B1
`
`A Composition Restrictions
`at
`5 Agenti
`
`1310
`
`_‘ '
`
`\ @ Agents int n fun '
`don't rely
`ach
`
`Agentk
`
`‘ '
`
`_
`
`OutputAgent1
`
`OutputAgentk
`InputAgentk
`
`1330
`
`\
`
`System Behavior Cannot Be
`Measured/Characterized
`
`Internal Trace
`@
`
`9
`h
`
`re
`ent
`
`Outputsfromo
`neverinputsfor
`OutputAgentk
`KA OutputAgentk
`:l —>
`
`‘k'
`
`Agentk
`
`lnputTrace
`
`@ & Q9
`
`l
`
`/\ OutputTrace
`
`Ex. 1001 / Page 15 of 24
`
`

`
`U.S. Patent
`
`Nov. 19, 2002
`
`Sheet 15 0f 15
`
`US 6,484,257 B1
`
`COMPOSITION
`
`A A TO TA
`AHTOgéTA @493)
`
`A
`A‘EITOEEQTA
`
`HQ @
`
`@ ATO “‘
`
`.
`
`‘*7
`
`ATO TA
`ATO TA
`
`\'
`AAAIAA
`1 ‘EA “"
`
`A,
`
`uTo ‘
`
`Fig. 14
`
`Ex. 1001 / Page 16 of 24
`
`

`
`US 6,484,257 B1
`
`1
`SYSTEM AND METHOD FOR MAINTAINING
`N NUMBER OF SIMULTANEOUS
`CRYPTOGRAPHIC SESSIONS USING A
`DISTRIBUTED COMPUTING
`ENVIRONMENT
`
`FIELD OF THE INVENTION
`
`The ?eld of the present invention relates generally to the
`encryption and decryption of data conducted over a distrib
`uted computer netWork. In particular, the ?eld of the inven
`tion relates to a softWare architecture for conducting a
`plurality of cryptographic sessions managed over a distrib
`uted computing environment.
`An N session distributed architecture is described Which
`solves the problems encountered With providing a secure
`netWork. The present softWare solution boosts performance
`to previously unattainably high levels and provides a prac
`tical security solution capable of servicing N simultaneous
`cryptographic session using a distributed computing envi
`ronment Without additional encryption decryption hardWare
`at Wire-speed levels. An aspect of the invention provides a
`solution, Which overcomes the netWork bandWidth latency
`barriers to secure encryption. Another aspect of the inven
`tion provides a scalability solution to the problem of pro
`cessor saturation due to encryption decryption loads.
`
`BACKGROUND
`
`There is a groWing need to provide for secure commerce
`on computer networks, Which does not require costly non
`scalable computational resources. Corporations noW have
`critical needs for ensuring the security of data that traverses
`their netWorks. Information Systems (IS) managers have
`attempted to cope With those needs by installing and man
`aging expensive hardWare to provide protection of data. In
`the case Where data must be transferred betWeen sites, IS
`managers can dictate their security needs to the telephone
`companies Who manage the transfer of data betWeen mul
`tiple sites. HoWever, there are several problems limiting the
`transfer of data networking. Such concerns are as folloWs:
`NetWork Availability (also knoWn as uptime);
`NetWork bandWidth (the amount of data that the overall
`netWork can handle over a particular time slice);
`Quality of Service: ensuring that pre-determined service
`levels, such as bandWidth congestion alloWances and
`netWork latency, are consistently met for all hosts
`connected to the netWork;
`Security: ensuring that sensitive data are protected as it
`traverses the netWork and those unauthoriZed parties do
`not compromise that data or the netWork itself.
`Monitoring/Auditing (the capability to verify that the
`above needs are being met and the ability to instantly detect
`and react to any deviation from preset expectations).
`When considering a neW technology that Will impact a
`netWork, an IS manager must address the foregoing issues.
`After these requirements are met, factors of cost and scal
`ability must be considered. IS managers are constantly
`looking for Ways to meet the above requirements While
`reducing the cost of supporting their netWork. Managing the
`cost of expanding a netWork to address increased bandWidth
`requirements of users is a major problem for IS managers
`today.
`Point-to-Point Encryption
`Point-to-point link level encryption has a disadvantage in
`that it is not scaleable. For example, there is a dramatic and
`
`2
`non-linear cost difference in installing and maintaining a 128
`k Frame Relay link versus a 1.544M Frame Relay link. The
`cost problem is not limited to bandWidth, but rather is also
`greatly affected by the addition of neW groups of hosts as
`additional connection points. Related equipment also must
`be installed and maintained. Point-to-point encryption also
`has cost disadvantages. Point-to-point link level encryption
`is usually all or none meaning that all data both public and
`private are encrypted over this link. This additional overhead
`is acceptable in some cases but undesirable in others.
`Since link level encryption requires static routes to be
`created it does not integrate easily into the Internet
`paradigm, Which requires packets to be dynamically routed
`from point to point. A netWork layer (or higher) encryption
`solution is required in order to ?t easily into the frameWork
`of routable IP packets. Currently there exists a transport
`level security mechanism for application programs using
`SSLv3 (secure sockets layer). SSL Was developed in 1995
`When a universally recogniZed security mechanism at the IP
`layer did not exist. This has been the most commonly used
`protocol for providing secure applications.
`The three protocol capabilities of SSL include
`authentication, encryption and key exchange. In IPSec these
`are provided as separate protocols (AH, ESP and IKE).
`In SSL most of the communications protocol data is
`passed in plaintext, only the application header and actual
`data sent to the application is cryptographically protected.
`The encryption and integrity protection for the data and not
`the communications as in IPSec, Which protects both, are
`handled by the record protocol. The negotiation of neW
`crypto algorithms and keys is handled by the handshake
`protocol. Finally, any errors that have occurred are handled
`by the alert protocol. SSL maintains its security state based
`on the session associated With a particular set of host
`addresses and ports.
`SSL sessions are established in four steps. In Step 1 the
`sender sends a hello message to the receiver containing
`random data. In Step 2 the receiver sends the sender his/her
`public key embedded in a signed certi?cate. In step 3 the
`sender encrypts a shared secret key and a change cipher spec
`sWitch (to determine the proper cipher to use) With the
`receiver’s public key and sends it to the receiver. In step 4
`the receiver sends a reply using the shared secret key (after
`decrypting the info in step 3 With his private key) and a
`“?nished” message. Both sides noW can begin communica
`tions. Using the record protocol, all data that passes betWeen
`the tWo parties are encrypted and hashed and the recipient
`checks this hash upon decryption to make sure that the data
`have not been modi?ed in transit.
`The neWest version of SSL (3.0) supports RSA key
`exchange, Dif?e-Hellman anonymous or signed (the most
`common implementation is SKIP) and ForteZZa using SKIP
`JACK. TLS (Transport Level Security) and PCT (Private
`Communication Technology) by Microsoft are both varia
`tions on SSL that are vying for standards approval by the
`IETF. A major disadvantage of all versions of SSL is that
`SSL is ineffective against many of the neWer communica
`tions level (beloW transport level) attacks, Which are tech
`nically called SYN Flooding, Buffer Overruns and Traf?c
`Analysis.
`IPSec
`IPSec is a conventional protocol for securing IP traffic as
`it traverses the Internet, an Extranet or any IP based local,
`metropolitan or Wide area netWork. IPSec can be incorpo
`rated With Ipv4 to provide security for host to host, host to
`subnet and subnet to subnet communications, Which are not
`available With SSL.
`
`10
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`Ex. 1001 / Page 17 of 24
`
`

`
`US 6,484,257 B1
`
`3
`The objective for securing large corporate networks is to
`allow the proper insiders or outsiders to access corporate
`data transparently While keeping unintended parties from
`accessing the same data or denying service to those Who
`should be accessing the data. In the past, FireWalls have been
`used as a means for ?ltering incoming and outgoing traf?c.
`FireWalls have been combined With access servers to authen
`ticate parties before they are alloWed access to any resource
`inside or outside the ?reWall.
`FireWalls have evolved to include neW protocols that
`alloW them to safely transfer data betWeen themselves and
`another party over the Internet. This function is knoWn as
`creating a virtual private netWork (a private netWork over the
`public Internet).
`The IPSec protocol uses tWo underlying protocols to send
`data securely. IPSec adds tWo additional packet headers to a
`packet to handle each of the tWo protocols. The headers both
`contain a numerical value knoWn as the SPI (security
`parameters index) to identify the crypto keys and procedures
`to use With it. The ?rst header, AH (authentication header),
`provides integrity checking and keying information to keep
`attackers from computing alternate checksums that check
`correctly. The second header, ESP, encrypts the contents of
`the remainder of the packet.
`IPSec supports a number of algorithms for authentication
`and encryption. Examples are KeyedMD5 and SHA-l (for
`AH), DES, Triple DES, and RC4 (for ESP). In addition to
`this, IPSec automatically handles the creation of security
`associations betWeen hosts through key management.
`Manual keys can be used Which alloW hosts to be con
`?gured manually With the proper shared secret keys. More
`common is the use of Simple Key Interchange Protocol
`(SKIP) Which negotiates and exchanges session keys
`betWeen IPSec hosts. ISKAMP (Internet Security Associa
`tion and Key Management Protocol) is a general purpose
`protocol intended to manage security associations and man
`age key exchanges using Oakley or IKE. Tunneling is also
`used. In tunnel mode the ?nal destination IP header is
`encrypted and a gateWay IP header is added to alloW router
`to route the packet to the gateWay server. In transport mode
`the IP header is not encrypted.
`IPSec is meant to protect traf?c betWeen hosts. HoWever,
`With the Wide range of applications currently in use (email,
`broWsers, ?le transfer, remote terminal access, multimedia,
`database and so on) it becomes cumbersome to implement.
`IPSec provides an advantage over SSL because it can
`protect against the neWer protocol attacks such as SYN
`?ooding and buffer overruns. In the SYN ?ooding attack
`mentioned above IPSec Would block illegitimate SYN mes
`sages because they require a valid AH With a valid crypto
`graphic checksum. Attackers cannot generate numerous
`requests from random hosts because they cannot generate a
`valid AH for every such host. In the buffer overrun attack,
`the destination host Will discard any IP packets Which are not
`properly formatted for IPSec. That is, packets must come
`from a valid host and be properly formatted for TCP before
`TCP processes them, thereby protecting the host from this
`type of attack.
`Although SSL and IPSec can be combined to gain added
`protection and ?exibility, these systems fail to address the
`problems of increased cost of implementation and scalabil
`ity. Another major problem not addressed by SSL and IPSec
`is managing the cost of expanding a netWork to address
`increased bandWidth requirements of users.
`The introduction of constantly changing standards and
`encryption/decryption schemes has greatly increased the
`burden on computer resources to provide secure communi
`
`15
`
`25
`
`35
`
`45
`
`55
`
`65
`
`4
`cation. The computational demands are currently being
`addressed With the addition of special encryption/decryption
`ASICs (Application Speci?c Integrated Circuits) or hard
`Ware. HoWever, as hosts are called, a doubling of hardWare
`must be added to meet demands from both source and sink
`ends.
`A conventional attempt to address the above de?ciencies
`includes the use of hardWare to handle encryption and
`decryption of data traffic. HoWever, this is expensive and
`sloW in that it increases the computational burden on the
`CPU When encrypting and decrypting data. The hardWare
`approach also has a disadvantage in that it is not scaleable.
`Alternative softWare architectures have been tried and
`discarded. The conventional softWare point to point client
`server model cannot scale adequately. Increased demand for
`secure sessions can lead to system failure as processing
`resources become unavailable on either side. Employing a
`central server model has been tried and found inadequate.
`The central gateWay server in a distributed system environ
`ment becomes saturated With increased demand for decryp
`tion services. Tests Were done to compare the performance
`of a conventional centraliZed server architecture model, as in
`FIG. 1, against an invention architecture topology in FIG. 2.
`These con?guration performance tests and results are dis
`cussed infra
`Conventional distributed architecture is unable to manage
`the increase in secure session demand due to instability
`arising from uneven processor computational loads, propa
`gation delays and computer or netWork latency, all of Which
`cause loss in synchronicity With collective processors. For
`these reasons current solutions are inadequate to overcome
`the barriers mentioned above.
`Therefore, What is needed is a neW method for encryption/
`decryption Which is in?nitely scaleable in the number of
`simultaneous sessions capable of being processed by a
`server.
`What is also needed is an encryption/decryption system
`Which is in?nitely scaleable in terms of bandWidth betWeen
`clients and servers.
`What is also needed is an easily implemented softWare
`solution Which provides end-to-end encryption/decryption
`in a distributed netWork While increasing processing poWer
`Which eliminating latency as bandWidth increases.
`
`SUMMARY
`In accordance With the foregoing and other objectives, an
`aspect of the invention provides a distributed softWare
`solution for encryption/decryption Which is in?nitely scale
`able in the number of simultaneous sessions capable of
`being processed by a server and in terms of bandWidth
`betWeen clients and servers. Another aspect of the invention
`provides end-to-end encryption in a distributed netWork and
`combines the processing poWer of all computers connected
`to the system to enable bandWidth to be in?nitely scaleable
`and to reduce latency substantially to Zero.
`Another aspect of the invention provides a softWare
`architecture for encryption/decryption by partitioning the
`client traffic into units Which can be processed across a
`distributed netWork of hosts Without introducing netWork
`instabilities. A further aspect of the invention increases
`packets per second throughput and overcomes latency.
`Another aspect of the invention implements a mathematical
`method ensuring a stable partitioning and processing of
`encrypted traf?c to meet the increase in secure session
`demand.
`In accordance With another aspect of the invention, the
`softWare architecture has three primary components:
`
`Ex. 1001 / Page 18 of 24
`
`

`
`US 6,484,257 B1
`
`5
`Manager, Client and Agent. The manager software resides
`on a gateWay server and manages all aspects of controlling
`the system. Client, server, and agents are created on the
`manager. The manager controls client access levels. Certi?
`cate information is imported and stored by the manager or
`optionally generated by the manager. The manager does
`performance monitoring. The manger performs auditing.
`Network address translation is handled by the manager for
`tunneled traf?c from the client
`The client softWare resides on the desktop of internal
`hosts, the desktop/laptop of remote users and the desktops of
`remote of?ces. The Client softWare provides a simple GUI
`interface for clients to con?gure dial-up information and use
`either a dial-up connection or a netWork connection to the
`local VPN server.
`The agent softWare handles the negotiation of security
`keys, security associations and establishes the IPSec link
`betWeen itself and the server. Agent softWare can run as a
`stand alone process or exist as part of the client softWare.
`The agent softWare is responsible for encrypting and
`decrypting communication traffic as it arrives from the
`clients via the server. All of the agents operate as distributed
`system to share the load of the encryption and decryption
`over all of the agent CPUs.
`
`10
`
`15
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`These and other aspects and advantages of the invention
`may be appreciated from the folloWing detailed description
`together With the draWings in Which:
`FIG. 1 shoWs a test con?guration for performance mea
`surements for a conventional netWork architecture;
`FIG. 2 shoWs a CryptoScale test con?guration for perfor
`mance measurements in accordance With an aspect of the
`invention;
`FIG. 3 shoWs an agent interface and environment in
`accordance With an aspect of the invention;
`FIG. 4 shoWs an abbreviated entity/event diagram in
`accordance With an aspect of the invention;
`FIG. 5A shoWs a tunneling packet NetWork Layer Model
`decomposition in accordance With an aspect of the inven
`tion;
`FIG. 5B shoWs a ?nal destination packet NetWork Layer
`Model decomposition in accordance With an aspect of the
`invention;
`FIG. 6 shoWs a distributed netWork topology for the
`invention architecture in accordance With an aspect of the
`invention;
`FIG. 7 shoWs discrete packet transport across a netWork
`in accordance With an aspect of the invention;
`FIG. 8 shoWs a ?oWchart of the invention main process in
`accordance With an aspect of the invention;
`FIG. 9 shoWs a ?oWchart of the authentication and
`registration process in accordance With an aspect of the
`invention;
`FIG. 10 shoWs a ?oWchart of the client process in
`accordance With an aspect of the invention;
`FIG. 11 shoWs a ?oWchart of invoking agent methods
`connections process in accordance With an aspect of the
`invention;
`FIG. 12 shoWs a ?oWchart for passing session connec
`tions in accordance With an aspect of the invention;
`FIG. 13 shoWs the automata composition restrictions in
`accordance With an aspect of the invention;
`FIG. 14 shoWs the overall relationship betWeen automata
`and the automaton in accordance With an aspect of the
`invention.
`
`25
`
`35
`
`45
`
`55
`
`65
`
`6
`DETAILED DESCRIPTION
`In accordance With an aspect of invention, the manager or
`main server, agent and client are all designed to operate
`transparently Within any distributed netWork Which uses an
`internet protocol (IP). Examples of such distributed net
`Works may employ Ethernet, Token Ring, Synchronous
`Optical NetWork (SONET), ATM, Gigabit Ethernet
`netWorks, or the like. They Will not disrupt netWork traf?c
`?oWing on the host machines or on the Wire. The invention
`uses client server and agent technology to establish end to
`end or “?nal mile” security links to the ?nal destination
`inside the business netWork.
`Manager InitialiZation
`Referring to FIG. 4, the manager Will load the policy ?le
`(or read it from the database) upon initialiZation. The IKE
`engine Will start on the server and receive setting informa
`tion from the server daemon based on What it has loaded
`from the policy ?le. Encryption/decryption settings Will be
`set, integrity checking settings Will be set, re-keying settings
`Will be set and access time information Will be set on the
`manager. At this point, the server (and IKE engine) Will
`establish a connection With the agents listed in the policy ?le
`and (after establishing a secure session) upload VPN rules
`(security associations, netWork address translation tables,
`etc) to the agent.
`Agent InitialiZation
`Referring to the event diagram in FIG. 4, upon initialiZa
`tion the agent performs an authenticated DH key exchange
`in order to establish a session key With the Manager. To
`prevent “man in the middle” attacks the agent’s and server’s
`certi?cates are attached to the messages exchanged (along
`With signatures and message digests to verify the certi?cates
`and to make sure the message is not modi?ed in transit) for
`session key negotiation. After a session key is established
`the manager sends the SA and vpn policy information to the
`agent and the IKE engines on the manager and agent
`exchanging keying information.
`Client InitialiZation/Authentication
`Upon initialiZation the client contacts the gateWay server
`and authenticates using RADIUS, TACACS+, a pre-shared
`passWord or X509 certi?cate. Once the client is
`authenticated, it negotiates the session key With the gateWay
`server. After the session key is established, the client doWn
`loads the VPN policy information from the server (security
`associations, netWork address translation tables, etc). With
`the VPN policy information established, the client’s IPSec
`engine begins communication With the gateWay server and
`ultimately With the ?nal destination.
`CryptoScale
`Cryptoscale is the invention architecture comprised of
`manager or main server, agents and clients to boost perfor
`mance to exceptional levels Without the use of additional
`hardWare. This technology alloWs softWare-based VPN
`solutions to perform at Wire-speed levels. The architecture is
`based on an asynchronous distributed model but provides
`critical key synchroniZation Within some components of the
`architecture. The system consists of separate components,
`agents that exist as atomic objects With Zero Wait states, that
`process data in an arbitrary order and at arbitrary relative
`speeds. Speci?c timing considerations are ignored With the
`exception of re-keying time constraints and IP time-to-live.
`The entire system is modeled as a ?nite state machine.
`Transitions in state are caused by an encryption/decryption
`computation (a DES CBC block for example) on an agent.
`There is a synchroni