This invention relates to distributed computations.
A Web server is a program that, using the client/server model and the World Wide Web""s Hypertext Transfer Protocol (HTTP), serves the files that form Web pages to Web users (whose computers contain HTTP clients that forward their requests).
HTTPS (Hypertext Transfer Protocol over Secure Socket Layer, or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape""s Secure Socket Layer (SSL) as a sublayer under its regular HTTP application layering
SSL requires a huge amount of memory and is CPU-bound. Some low-cost embedded system processors have recorded the most rigorous SSL computations on the order of ten""s of seconds, and worst case, several minutes. This performance makes SSL infeasible on some low-cost embedded systems.
In an aspect, the invention features a method including receiving a secure Hypertext Transfer Protocol request over SSL, and routing the request to an SSL handler that is distributed on a network of computer systems. SSL front end processing is performed on the first server, which then sends SSL big number requests to a second server over a secure channel. The second server performs public key computations using a SSL big number library, and returns the replies to the first server, which completes the SSL processing and routes the request to a web server.
In another aspect, the invention features a network including a user system linked to group of globally connected computer systems, a first server, the first server including an SLL layer for performing SSL front end processing, a second server linked to the first server via a secure communication channel, the second server including an SSL big number library, and a web server residing in the first server.
The painstaking computations required by SSL are due to the public key cryptography requirements, which involve computing modular multiplications and/or exponentiations on numbers exceeding 1000 or more bits. The present invention is the distribution of this problem, such that an embedded system (for instance, the first SSL server) can save memory, and importantly, CPU-cycles. More importantly, transferring these computations to more powerful machines (for instance, the second SSL server containing the big number library) reduces the unacceptable latency due to these computations.
Other features, objects, and advantages of the invention will be apparent from the description and drawings, and from the claims.