Secure session capability using public-key cryptography without access to the private key

Assignee

• CLOUDFLARE, INC. · US

Inventors

• Sébastien Andreas Henry Pahl · San Francisco, US
• Matthieu Phillippe François Tourne · San Francisco, US
• Piotr Sikora · San Francisco, US
• Ray Raymond Bejjani · San Francisco, US
• Dane Orion Knecht · San Francisco, US
• Matthew Browning Prince · San Francisco, US
• John Graham-Cumming · London, GB
• Lee Hahn Holloway · Santa Cruz, US
• Nicholas Thomas Sullivan · Sunnyvale, US
• Albertus Strasheim · San Francisco, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/164
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.