Secure session capability using public-key cryptography without access to the private key

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Sébastien Andreas Henry Pahl · San Francisco, US
• Matthieu Philippe François Tourne · San Francisco, US
• Piotr Sikora · San Francisco, US
• Ray Raymond Bejjani · San Francisco, US
• Dane Orion Knecht · San Francisco, US
• Matthew Browning Prince · San Francisco, US
• John Graham-Cumming · London, GB
• Lee Hahn Holloway · Santa Cruz, US
• Nicholas Thomas Sullivan · Sunnyvale, US
• Albertus Strasheim · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/166
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A first server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different, second, server. The first server transmits messages between the client device and the second server where the second server has access to a private key that is not available on the first server. The first server receives from the second server a set of session key(s) used in the secure session for encrypting/decrypting communication between the client device and the first server. The session key(s) are generated using a master secret that is generated using a premaster secret generated using Diffie-Hellman public values selected by the client device and the second server. The first server uses the session key(s) to encrypt/decrypt communication with the client device.