Secure session capability using public-key cryptography without access to the private key

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Sébastien Andreas Henry Pahl · San Francisco, US
• Matthieu Philippe François Tourne · San Francisco, US
• Piotr Sikora · San Francisco, US
• Ray Raymond Bejjani · San Francisco, US
• Dane Orion Knecht · San Francisco, US
• Matthew Browning Prince · San Francisco, US
• John Graham-Cumming · London, GB
• Lee Hahn Holloway · Santa Cruz, US
• Albertus Strasheim · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2463/061
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A server establishes a secure session with a client device where a private key used in the handshake is stored in a different server. An encrypted connection is established between the first server and the second server. A message is received from the client device that initiates a procedure to establish the secure session between the client device and the first server. As part of this procedure, the first server transmits over the encrypted connection a request to the second server to use the private key. The first server receives, over the encrypted connection, a response to the request that includes a result of the use of the private key. The first server uses the result during the procedure to establish the secure session.