Unlock instant, AI-driven research and patent intelligence for your innovation.

High-concurrency SSL session management method

A session management and session object technology, applied in electrical components, transmission systems, etc., can solve the problems of SSL server performance degradation, CPU resource consumption, and transmission performance degradation, and achieve the goals of streamlining SSL session structure, reducing search overhead, and flexible management Effect

Active Publication Date: 2017-10-17
MINZU UNIVERSITY OF CHINA
View PDF7 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, with the improvement of security performance comes the decline of transmission performance. A large number of frequent SSL connection access will lead to a sharp decline in the performance of the SSL server under heavy load, and even cause the server to crash.
Since encrypting and decrypting SSL data is a very CPU resource-intensive task, SSL data detection makes the DPI system encounter great performance problems

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • High-concurrency SSL session management method
  • High-concurrency SSL session management method
  • High-concurrency SSL session management method

Examples

Experimental program
Comparison scheme
Effect test

specific Embodiment approach 1

[0024] Specific implementation mode one: combine figure 1 To illustrate, this embodiment is a highly concurrent SSL session management method, comprising the following steps: a step of simplifying the structure of the SSL session object by compressing the data field of the protocol session object; a step of efficiently managing the structure of the SSL session object through a large hash table; Steps to time an SSL session by using a timer trigger mechanism.

specific Embodiment approach 2

[0025] Specific implementation mode two: this implementation mode is a further limitation to specific implementation mode one, and the steps for simplifying the SSL session object structure by compressing the protocol session object data field are as follows:

[0026] Represent each SSL client or server in the network with an SSL session structure;

[0027] Use the standard five-tuple to uniquely represent all sessions;

[0028] To judge the traffic scenario, for the dual-arm traffic scenario, use a pair of session objects to represent the SSL client and server respectively; for the single-arm traffic scenario, use a session object to represent;

[0029] Use ssl_state, tcp_state, type, src_ip, src_port, dst_ip, dst_port, SSL_PCB, TCP_PCB, input and output buffer queue, session timer to represent the basic structure of the session, and the ssl_state and tcp_state are protocol state automata realized based on finite state automata ; The type demarcates the session object class...

specific Embodiment approach 3

[0030] Specific implementation mode three: this implementation mode is a further limitation to specific implementation mode two, and the described steps of efficiently managing the SSL session object structure through a large hash table are:

[0031] Calculate the hash value of the hash table through the five-tuple, and the calculation formula is as follows:

[0032] key=hash(type, src_ip, src_port, dst_ip, dst_port)=(type+src_ip+src_port+dst_ip+dst_port)%

[0033] Locate the hash value to the head of the linked list. If the head of the linked list is empty, it means that there is no corresponding session. If it is not empty, loop through the five-tuple of sessions in the linked list to find the required session.

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a high-concurrency SSL session management method. The method comprises the following steps of simplifying an SSL session object structure through uniquely representing the session structure by adopting a quintuple based on compression protocol session object data fields; efficiently managing the SSL session object structure through a large hash table; and timing SSL sessions by adopting a timer triggering mechanism. According to the invention, massive concurrent SSL sessions can be efficiently managed. Meanwhile, the requirements of the high-concurrency SSL session test can be met.

Description

technical field [0001] The invention relates to the field of performance testing of SSL protocol products, in particular to a high concurrent SSL session management method. Background technique [0002] In recent years, the rapid development of the network has brought convenience to people, but also brought a series of security risks. Since the traditional TCP / IP protocol suite is not designed with security issues in mind, the information in the network is basically transmitted in an unencrypted form, so the information in transmission may be subject to various attacks, such as information theft and information tampering , unauthorized access, etc., the importance and urgency of network information security have become increasingly prominent. [0003] In order to ensure the safe transmission of network information, network security protocols came into being. At present, the network security protocols mainly include SSL, STT and SET. Among them, the SSL protocol is a netwo...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
CPCH04L63/16H04L63/30H04L67/14H04L69/04H04L69/06
Inventor 宋伟张玉军肖冬冬
Owner MINZU UNIVERSITY OF CHINA
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com