Securely sharing a transport layer security session with one or more trusted devices
First Claim
1. A computer-implemented method for securely sharing a Transport Layer Security (TLS) session with a chain of trusted devices, the method comprising:
- establishing a TLS session between a client device and a server device, the establishing of the TLS session comprising;
negotiating a master secret for the TLS session that is known to both the client device and the server device,establishing a chain of secure channels between a chain of trusted devices and the client device or the server device, the chain of trusted devices being communicatively positioned between the client device and the server device,sending, from the client device or the server device, the master secret to the chain of trusted devices over the chain of secure channels, andemploying the master secret at the client device, at the server device, and at the chain of trusted devices to generate, for the TLS session, encryption keys;
after establishment of the TLS session, communicating encrypted messages, that are encrypted using the encryption keys, between the client device and the server device; and
during the communicating of the encrypted messages, intercepting and decrypting one or more of the encrypted messages at one or more of the trusted devices in the chain of trusted devices using the encryption keys.
2 Assignments
0 Petitions
Accused Products
Abstract
Securely sharing a Transport Layer Security (TLS) session with one or more trusted devices. In one embodiment, a method may include establishing a TLS session between a client device and a server device, communicating encrypted messages that are encrypted using encryption keys between the client device and the server device, and intercepting and decrypting one or more of the encrypted messages at a trusted device using the encryption keys. In this embodiment, the establishing of the TLS session may include negotiating a master secret, establishing a secure channel between the trusted device and the client device or the server device, sending, from the client device or the server device, the master secret to the trusted device over the secure channel, and employing the master secret at the client device, at the server device, and at the trusted device to generate, for the TLS session, the encryption keys.
-
Citations
13 Claims
-
1. A computer-implemented method for securely sharing a Transport Layer Security (TLS) session with a chain of trusted devices, the method comprising:
-
establishing a TLS session between a client device and a server device, the establishing of the TLS session comprising; negotiating a master secret for the TLS session that is known to both the client device and the server device, establishing a chain of secure channels between a chain of trusted devices and the client device or the server device, the chain of trusted devices being communicatively positioned between the client device and the server device, sending, from the client device or the server device, the master secret to the chain of trusted devices over the chain of secure channels, and employing the master secret at the client device, at the server device, and at the chain of trusted devices to generate, for the TLS session, encryption keys; after establishment of the TLS session, communicating encrypted messages, that are encrypted using the encryption keys, between the client device and the server device; and during the communicating of the encrypted messages, intercepting and decrypting one or more of the encrypted messages at one or more of the trusted devices in the chain of trusted devices using the encryption keys. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more non-transitory computer-readable media comprising one or more computer-readable instructions that, when executed by one or more processors of one or more computing devices, cause the one or more computing devices to:
-
establish a Transport Layer Security (TLS) session between a client device and a server device, the establishing of the TLS session comprising; negotiating a master secret for the TLS session that is known to both the client device and the server device, establishing a chain of secure channels between a chain of trusted devices and the client device or the server device, the chain of trusted devices being communicatively positioned between the client device and the server device, sending, from the client device or the server device, the master secret to the chain of trusted devices over the chain of secure channels, and employing the master secret at the client device, at the server device, and at the chain of trusted devices to generate, for the TLS session, encryption keys; after establishment of the TLS session, communicate encrypted messages, that are encrypted using the encryption keys, between the client device and the server device; and during the communicating of the encrypted messages, intercept and decrypt one or more of the encrypted messages at one or more of the trusted devices in the chain of trusted devices using the encryption keys. - View Dependent Claims (9, 10, 11, 12, 13)
-
Specification