Scalable session management using an encrypted session key

Assignee

• Microsoft Corporation · US

Inventors

• Wei Jiang · Redmond, US
• Ismail Cem Paya · Gainesville, US
• John D. Whited · Duvall, US
• Wei Guo · Sammamish, US
• Yordan Rouskov · Kirkland, US
• Adam Back · San Francisco, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/6218
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Scalable session management is achieved by generating a cookie that includes an encrypted session key and encrypted cookie data. The cookie data is encrypted using the session key. The session key is then signed and encrypted using one or more public/private key pairs. The encrypted session key can be decrypted and verified using the same private/public key pair(s). Once verified, the decrypted session key can then be used to decrypt and verify the encrypted cookie data. A first server having the private/public key pair(s) may generate the cookie using a randomly generated session key. A second server having the same private/public key pair(s) may decrypt and verify the cookie even if the session key is not initially installed on the second server. A session key cache may be used to provide session key lookup to save public/private key operations on the servers.