Protocols that use either or both public-key cryptographic techniques and symmetric-key cryptographic techniques are often used to establish secure communications across an untrusted network or other communication link. Typically, public-key cryptography has better security properties but is more expensive computationally than symmetric-key cryptography. Thus, the two types of cryptography may be combined to use public-key techniques to negotiate a symmetric cipher between two entities. The symmetric-key cipher may then be used for bulk data transfer between the entities. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are widely-used examples of secure communication protocols that have this form, as well as IPSec (Internet Protocol Security) when security associations are negotiated using RSA-based (Rivest, Shamir & Adleman) mechanisms for IKE (Internet (or IPsec) Key Exchange).
Secure communication protocols often add a computational cost to each secured connection. For server computers providing many simultaneous secure connections to client computers, the additional computational overhead imposed by secure communication protocols can be significant. To decrease the computational overhead of secure communication protocols for computers providing large numbers of secure connections, there are various devices that specialize in terminating secure connections. These secure connection termination devices manage the cryptographic and other security related aspects of the connection, thereby relieving server systems providing services to client systems of the additional overhead imposed by the secure connection. In general, these secure connection termination devices appear to client systems as servers providing secure connections.
A secure connection termination device is configured in much the same way as a server that supports secure communication protocols, including, for example, private keys, public keys and security certificates. From a security perspective, a secure connection termination device is identical to a server and therefore should be protected identically. If the security of a secure connection termination device is compromised, for example by the loss of a server's private key, attackers would be able to set up a fake server that would be trusted by client systems that use the secure communication protocol.
A transaction accelerator such as that described in U.S. Pat. No. 7,120,666 (McCanne) can offer performance improvement for operations across a wide-area network (WAN), but only when the data being communicated is either intelligible (i.e., the transaction accelerator can interpret at least parts of the protocol) or repeating (i.e., identical data crosses the network in identical format). The use of secure communication protocols such as SSL and TLS thus typically frustrates transaction acceleration, because cryptography (by design) renders encrypted data unintelligible and non-repeating.
A method of securing end-to-end communications between a client and a server separated by transaction accelerators is described in U.S. Patent Publication No. US2007/0038853 (application Ser. No. 11/489,414), and involves the use of separate split-terminated secure protocol sessions between a transaction accelerator and the client and the server.
However, before a fully secured path can be established between the client and the server, even using split-terminated sessions, security protocols such as SSL or TLS require handshaking negotiations that involve multiple round-trip communications. Because some of these communications must traverse a WAN, the combined latency of the round-trips can delay the satisfaction of a data request from the client.