Secure session capability using public-key cryptography without access to the private key

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Sébastien Andreas Henry Pahl · San Francisco, US
• Matthieu Philippe François Tourne · San Francisco, US
• Piotr Sikora · San Francisco, US
• Ray Raymond Bejjani · San Francisco, US
• Dane Orion Knecht · San Francisco, US
• Matthew Browning Prince · San Francisco, US
• John Graham-Cumming · London, GB
• Lee Hahn Holloway · Santa Cruz, US
• Albertus Strasheim · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/061
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A first server receives a set of cryptographic parameters from a second server. The set of cryptographic parameters is received from the second server as part of a secure session establishment between a client device and the second server. The first server accesses a private key that is not stored on the second server. The first server signs the set of cryptographic parameters using the private key. The first server transmits the signed set of cryptographic parameters to the second server. The first server receives, from the second server, a request to generate a premaster secret using a value generated by the second server that is included in the request and generates the premaster secret. The first server transmits the premaster secret to the second server for use in the secure session establishment between the client device and the second server.