Secure session capability using public-key cryptography without access to the private key

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Sébastien Andreas Henry Pahl · San Francisco, US
• Matthieu Philippe François Tourne · San Francisco, US
• Piotr Sikora · San Francisco, US
• Ray Raymond Bejjani · San Francisco, US
• Dane Orion Knecht · San Francisco, US
• Matthew Browning Prince · San Francisco, US
• John Graham-Cumming · London, GB
• Lee Hahn Holloway · Santa Cruz, US
• Nicholas Thomas Sullivan · Sunnyvale, US
• Albertus Strasheim · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L67/141
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.