公开(公告)号：US09172545B2

公开(公告)日：2015-10-27

申请号：US14132303

申请日：2013-12-18

Applicant: Citrix Systems, Inc.

Inventor： Christofer Edstrom ,  Tushar Kanekar

IPC: H04L29/06 ,  H04L9/32 ,  H04L29/08

CPC classification number: H04L9/3268 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/166 ,  H04L67/2819 ,  H04L2209/38

Abstract: The present disclosure is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.

Abstract translation: 本公开涉及用于根据在线证书状态协议（OCSP）请求的多个响应来确定客户端证书的状态的系统和方法。 多个客户端和一个或多个服务器之间的中间设备在安全套接层（SSL）握手期间，响应于从客户端接收到客户端证书，识别多个OCSP应答器，用于确定客户端证书的状态。 多个OCSP应答器中的每一个可以向与每个OCSP响应器对应的统一资源定位符发送客户端证书的状态请求。 中介设备可以根据从每个统一资源定位符的响应接收到的客户端证书的多个状态来确定客户端证书的单一状态。

公开(公告)号：US09203627B2

公开(公告)日：2015-12-01

申请号：US14100867

申请日：2013-12-09

Applicant: Citrix Systems, Inc.

Inventor： Christofer Edstrom ,  Tushar Kanekar

IPC: H04L9/32 ,  H04L29/06 ,  H04L29/08

CPC classification number: H04L9/3268 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/166 ,  H04L67/2833 ,  H04L67/2842 ,  H04L67/2852 ,  H04L2209/38

Abstract: The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.

Abstract translation: 本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。 在与第二客户端的第二次SSL握手期间，在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一次SSL握手和第二客户端证书期间接收第一客户端证书。 中间人可能会识别客户端证书的状态不在中介缓存中。 中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。 中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。 响应于从第一客户端接收到客户端证书，中介可以将状态存储到高速缓存以确定是否建立SSL连接。

公开(公告)号：US20140108788A1

公开(公告)日：2014-04-17

申请号：US14132303

申请日：2013-12-18

Applicant: Citrix Systems, Inc.

Inventor： Christofer Edstrom ,  Tushar Kanekar

IPC: H04L29/06

CPC classification number: H04L9/3268 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/166 ,  H04L67/2819 ,  H04L2209/38

Abstract: The present disclosure is directed towards systems and methods for determining a status of a client certificate from a plurality of responses for an Online Certificate Status Protocol (OCSP) request. An intermediary device between a plurality of clients and one or more servers identifies a plurality of OCSP responders for determining a status of a client certificate responsive to receiving the client certificate from a client during a Secure Socket Layer (SSL) handshake. Each of the plurality of OCSP responders may transmit a request for the status of the client certificate to a uniform resource locator corresponding to each OCSP responder. The intermediary device may determine a single status for the client certificate from a plurality of statuses of the client certificate received via responses from each uniform resource locator.

Abstract translation: 本公开涉及用于根据在线证书状态协议（OCSP）请求的多个响应来确定客户端证书的状态的系统和方法。 多个客户端和一个或多个服务器之间的中间设备在安全套接层（SSL）握手期间，响应于从客户端接收到客户端证书，识别多个OCSP应答器，用于确定客户端证书的状态。 多个OCSP应答器中的每一个可以向与每个OCSP响应器对应的统一资源定位符发送客户端证书的状态请求。 中介设备可以根据从每个统一资源定位符的响应接收到的客户端证书的多个状态来确定客户端证书的单一状态。

公开(公告)号：US20140101441A1

公开(公告)日：2014-04-10

申请号：US14100867

申请日：2013-12-09

Applicant: Citrix Systems, Inc.

Inventor： Christofer Edstrom ,  Tushar Kanekar

IPC: H04L9/32

CPC classification number: H04L9/3268 ,  H04L63/0823 ,  H04L63/0884 ,  H04L63/166 ,  H04L67/2833 ,  H04L67/2842 ,  H04L67/2852 ,  H04L2209/38

Abstract: The present invention is directed towards systems and methods for batching OCSP requests and caching corresponding responses. An intermediary between a plurality of clients and one or more servers receives a first client certificate during a first SSL handshake with a first client and a second client certificate during a second SSL handshake with a second client. The intermediary may identify that the statuses of the client certificates are not in a cache of the intermediary. An OCSP responder of the intermediary may transmit a single request to an OCSP server to determine the statuses. The intermediary may determine, from a single response received from the OCSP server, whether to establish SSL connections with the clients based on the statuses. The intermediary may store the statuses to the cache for determining whether to establish a SSL connection in response to receiving a client certificate from the first client.

Abstract translation: 本发明涉及用于批量OCSP请求和缓存相应响应的系统和方法。 在与第二客户端的第二次SSL握手期间，在多个客户端和一个或多个服务器之间的中介在与第一客户端的第一次SSL握手和第二客户端证书期间接收第一客户端证书。 中间人可能会识别客户端证书的状态不在中介缓存中。 中间人的OCSP响应者可以向OCSP服务器发送单个请求以确定状态。 中介可以从OCSP服务器收到的单一响应中确定是否根据状态与客户端建立SSL连接。 响应于从第一客户端接收到客户端证书，中介可以将状态存储到高速缓存以确定是否建立SSL连接。