Providing forward secrecy in a terminating TLS connection proxy
US9531691B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Dec 17, 2014 |
| Grant date | Dec 27, 2016 |
| Priority date | — |
| Expiry date | Dec 17, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L2209/76
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.