System and method for maintaining N number of simultaneous cryptographic sessions using a distributed computing environment
DC CAFCFirst Claim
1. A software architecture for conducting a plurality of cryptographic sessions over a distributed computing environment, comprising:
- a registration entity or registry residing within a main server entity;
an agent server entity communicating with said main server;
a client entity communicating with said main server and agent server;
a plurality of distributed networked computers providing a mechanism for executing said main server entity, agent server entity, and client entity;
a defined protocol for initiating secure communication between the main server and agent server;
over said network; and
a system for providing one or more communication sessions among the main server, agent server and client entity for implementing a client decrypted bandwidth reconstitution which enables the recombination of individual parts of the decrypted client bandwidth among N agents processing in parallel.
4 Assignments
Litigations
3 Petitions
Accused Products
Abstract
An N session distributed architecture provides a software solution to the major computational challenges faced with providing secure communication. A registration entity is identified as the session arbitrator through which N devices on a network dynamically participate in establishing, maintaining and destroying cryptographic sessions. Session keys are generated by one or more devices registered with the registration server. Multiparty key agreement is used to pass session keys to all parties involved in the encrypted session. All sessions appear to be local to the arbitration server, however individual session are maintained by several devices operating as a collective. Encrypted stream partitioning and computational resource allocation to decrypt the individual partitions in such way as to ensure system stability with increasing session demands is introduced in the architecture. This provides a cryptographic system architecture with encryption/decryption processing power limited only by the number of participants in the collective and network bandwidth or latency.
175 Citations
10 Claims
-
1. A software architecture for conducting a plurality of cryptographic sessions over a distributed computing environment, comprising:
-
a registration entity or registry residing within a main server entity;
an agent server entity communicating with said main server;
a client entity communicating with said main server and agent server;
a plurality of distributed networked computers providing a mechanism for executing said main server entity, agent server entity, and client entity;
a defined protocol for initiating secure communication between the main server and agent server;
over said network; and
a system for providing one or more communication sessions among the main server, agent server and client entity for implementing a client decrypted bandwidth reconstitution which enables the recombination of individual parts of the decrypted client bandwidth among N agents processing in parallel. - View Dependent Claims (2, 3, 4)
means for discovering said agent servers;
means for determining an available processing bandwidth of the main server and agent servers means for registering said main server and available agent server with said registration entity.
-
-
3. A system according to claim 1 wherein said system for providing one or more communication sessions among the main server, agent server and client entity comprises partitioning the client bandwidth among N agents such that every agent receives 1/N of the encrypted bandwidth.
-
4. A system according to claim 1, wherein the system for establishing communication sessions among the main server agent and client comprises automata composed according to the restrictions of:
-
limiting control communication between the agent and server only;
accepting input/output from a gateway server only; and
requiring a finite number of automata to exist.
-
-
5. An end to end encryption/decryption system implementable in software for a distributed network comprising:
-
one or more networked computers;
a main server communicating with said networked computers, said main server including a registration entity;
one or more agent servers communicating with said main server for defining one or more session keys for establishing secure connections with said networked computers such that when the main server receives notification that an agent server is saturated, the main server finds an alternate agent server and passes the session key to the alternate agent server and notifies a corresponding networked computer to redirect the secure session to the alternate agent server.
-
-
6. A method for implementing a scaleable software crypto system between a main server and one or more agent servers communicating with one or more clients such that performance of the crypto system is increased to meet any demand comprising providing a secure communication between the main server, agent server, and one or more clients such that communication between the main server and agent server automatically enlists additional agent servers to support incremental secure sessions so as to maintain performance at a desired level.
-
7. A method for conducting a plurality of cryptographic sessions in parallel over a distributed computing environment including one or more agents, a server and one or more clients comprising:
-
establishing a secure cryptographic session environment;
initiating secure communication with a main server and define one or more session keys with which to establish secure sessions; and
transferring secure sessions, such that the main server and one or more agent servers become enabled to receive secure sessions from clients;
such that establishing, initiating, and transferring secure cryptographic sessions provide N simultaneous scalable secure cryptographic sessions among agents, server and clients. - View Dependent Claims (8, 9)
registering one or more agent servers with the main server;
defining one or more session keys,such that the main server and agent servers become enabled to receive secure connections with the clients.
-
-
9. The method of claim 7 wherein initiating secure communication comprises;
-
connecting one or more clients to the Main Server for authenticating; and
determining if the Main Server can accept a new session based on current available processor bandwidth of said main server; and
agreeing on a secret session key with the one or more clients; and
enabling one or more available Agent Servers to become unblocked and participate in a multiparty key exchange between a Client, Main Server and Agent Server when the Main Server has insufficient resources to service the session; and
denying a client connection when main server and agent servers are unavailable; and
maintaining a list of connections or sessions and associated session information and session keys; and
terminating encrypted session communication upon successfully transferring a session from main server to one or more agents.
-
-
10. A method for distributed encryption/decryption implemented in software across a computer network employing a distributed automaton comprising M automata for servicing a plurality of N simultaneous crypto sessions which provides bandwidth scalability limited only by the M automata comprising:
sharing spare CPU cycles of the computer network for encrypting and decrypting communication to provide N simultaneous secure session among said network of computers.
Specification