NETWORK TRAFFIC MANAGEMENT USING SERVER NAME INDICATION

    公开(公告)号:EP4120626A1

    公开(公告)日:2023-01-18

    申请号:EP22182735.5

    申请日:2022-07-04

    申请人: Cujo LLC

    摘要: A network gateway apparatus monitors (200) Quic user datagram protocol (UDP) Internet Connection (QUIC) packets between a first device and a second device, extracts (202) a version of the QUIC protocol and a connection identification from an unprotected portion of the protected header in response to detecting (201-YES) a QUIC packet having a protected header in use, determines (203) a salt used in encryption of the protected header based on the version of the QUIC protocol, calculates (204) a client initial secret based on the salt and the connection identification, determines (205) an unprotected payload of the QUIC packet based on the client initial secret, a protected payload of the QUIC packet and the unprotected portion of the protected header, and extracts (206) a server name indication (SNI) from the unprotected payload.

    CRYPTOGRAPHIC BINDING OF DATA TO NETWORK TRANSPORT

    公开(公告)号:EP4228208A1

    公开(公告)日:2023-08-16

    申请号:EP22210347.5

    申请日:2022-11-29

    IPC分类号: H04L9/40 H04L69/164

    摘要: According to one embodiment, a method of cryptographically binding content to a QUIC connection is performed by a first device. The method includes: generating a key based on at least one identifier corresponding to the QUIC connection; encrypting the content using the key based on the at least one identifier corresponding to the QUIC connection; and providing the encrypted content for transmission to a second device over the QUIC connection.

    SCALABLE SOCKETS FOR QUIC
    8.
    发明公开

    公开(公告)号:EP4120665A1

    公开(公告)日:2023-01-18

    申请号:EP22195015.7

    申请日:2019-06-18

    IPC分类号: H04L69/16 H04L69/164

    摘要: A system having scalable sockets to support User Datagram Protocol (UDP) connections identifies a plurality of UDP connections, wherein a plurality of remote clients connect to corresponding ones of the plurality of UDP connections. Each one of a plurality of UDP sockets is associated with a corresponding one of the plurality of UDP connections. A network stack lookup for UDP packets in network traffic is performed using a network stack to identify the UDP socket corresponding to the remote client associated with each of the UDP packet. The UDP packets are buffered with a send buffer and a receive buffer for the UDP socket corresponding to the remote client associated with the UDP packets as determined by the network stack lookup to support communication over the plurality of UDP connections using the plurality of UDP sockets. The system thereby operates more efficiently and/or is more scalable.

    NETWORK CONNECTION MANAGEMENT
    9.
    发明公开

    公开(公告)号:EP4117231A1

    公开(公告)日:2023-01-11

    申请号:EP22182649.8

    申请日:2022-07-01

    申请人: Cujo LLC

    摘要: A network apparatus receives (200) a first message relating to a transport layer security (TLS) handshake process for an initialization phase of a Quic user datagram protocol (UDP) Internet Connection (QUIC) connection from a client computing device toward a target computing device, wherein the first message of the TLS handshake process comprises at least a connection identifier. The network apparatus generates (205) a second message relating to the TLS handshake process in response to the first message, wherein a cipher suite value of the second message is set to an invalid cipher suite value for the client computing device and wherein the invalid cipher suite value is unsupported by the client computing device, and sends (206) the second message to the client computing device to cause the client computer device to close the QUIC connection.