The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Many service providers and corporates have policies to govern the use of computers and digital computing devices over their data networks, particularly policies created for security and fraud usage reasons. It is not uncommon that these business entities inspect data communication sessions used by a client device or a server device in their data network. The service providers and business entities often deploy security gateways such as Secure Socket Layer (SSL) proxy gateways, SSL interception proxy gateways, firewalls or other security proxy appliances to inspect communication sessions even when the sessions are encrypted. These security gateways, when applied to encrypted or secure communication session, intercept security certificates issued by servers and web servers, generate or forge temporary security certificates, and send the forged certificates to client devices. The security gateways then proceed to receive secure content from the client devices, decrypt and inspect the secure content using the forged security certificates, while on the other communication direction, receive secure content from the server device, decrypt and inspect the secure content using the intercepted server security certificates. Upon inspection, the security gateways can enforce applicable security policies set by the service providers or business entities (e.g., corporations).
However, generating or forging temporary security certificates is a computationally intensive process requiring high performance computation capability. The security session interception process works well when the number of intercepted secure sessions is reasonably small but the performance may decrease considerably for a large number of actively inspected secure sessions.
While service providers and business entities are concerned over security and fraud issues, consumers, users, and software vendors are becoming more aware of fraud and identity theft activities leveraging on unsecure content sent or received by users' computing devices. The users' computing device can be instructed to use secure session with strong encryption in communications with servers.
The sudden increase of secure sessions impacts the performance of these security gateways deployed in the data networks, which in turn can affect the user experience associated with services offered by the data networks and the servers, as well as performance of enterprise applications.