SSL gateway with integrated hardware security module
First Claim
1. A security network system for providing secure data communication, the system comprising:
- a security gateway operable to;
establish a client session between the security gateway and a client device, wherein the client session is an unencrypted session;
receive client session information from the client session, wherein the client session information includes an identification of a server with which the client device needs to exchange data; and
a hardware security module (HSM) being a stand-alone hardware device in communication with the security gateway, wherein the HSM is operable to;
store a public key received by the security gateway from the server based on the identification of the server;
upon the storing of the public key, create a secret for encryption and decryption;
encrypt the secret using the public key of the server; and
provide the secret encrypted by the HSM to the security gateway;
wherein the security gateway is further configured to establish a secure session between the security gateway and the server based on client session data, the secure session being encrypted by the security gateway using the secret, wherein the client device communicates with the server via the client session between the security gateway and the client device and the secure session between the security gateway and the server, wherein the server decrypts the secure session using the public key of the server.
1 Assignment
0 Petitions
Accused Products
Abstract
A security network system may include a security gateway operable to establish a client session between the security gateway and a client device. The security gateway is operable to receive client session information from the client session. The client session information includes an identification of a server with which the client device needs to exchange data. The security network system may also include a Hardware Security Module (HSM) in communication with the security gateway. The HSM is operable to establish, in concert with the security gateway, a secure session between the security gateway and the server based on the client session data, a public key, a secret key, and context attributed to the secure session.
158 Citations
20 Claims
-
1. A security network system for providing secure data communication, the system comprising:
-
a security gateway operable to; establish a client session between the security gateway and a client device, wherein the client session is an unencrypted session; receive client session information from the client session, wherein the client session information includes an identification of a server with which the client device needs to exchange data; and a hardware security module (HSM) being a stand-alone hardware device in communication with the security gateway, wherein the HSM is operable to; store a public key received by the security gateway from the server based on the identification of the server; upon the storing of the public key, create a secret for encryption and decryption; encrypt the secret using the public key of the server; and provide the secret encrypted by the HSM to the security gateway; wherein the security gateway is further configured to establish a secure session between the security gateway and the server based on client session data, the secure session being encrypted by the security gateway using the secret, wherein the client device communicates with the server via the client session between the security gateway and the client device and the secure session between the security gateway and the server, wherein the server decrypts the secure session using the public key of the server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for providing secure data communication through a security network system, the security network system including a security gateway and at least one Hardware Security Module (HSM), the HSM being a stand-alone hardware device in communication with the security gateway, the method comprising:
-
establishing, by the security gateway, a client session between the security gateway and a client device, wherein the client session is an unencrypted session; receiving, by the security gateway, client session information from the client session, wherein the client session information includes an identification of a server with which the client device needs to exchange data; storing, by the HSM, a public key received by the security gateway from the server based on the identification of the server; upon the storing of the public key, creating, by the HSM, a secret for encryption and decryption; encrypting, by the HSM, the secret using the public key of the server; providing, by the HSM, the secret encrypted by the HSM to the security gateway; and establishing, by the security gateway, a secure session between the security gateway and the server based on client session data, the secure session being encrypted by the security gateway using the secret, wherein the client device communicates with the server via the client session between the security gateway and the client device and the secure session between the security gateway and the server, wherein the server decrypts the secure session using the public key of the server. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory processor-readable medium having instructions stored thereon, which when executed by one or more processors, cause the one or more processors to implement a method for providing secure data communication through a security network system, the security network system including a security gateway and at least one Hardware Security Module (HSM), the HSM being a stand-alone hardware device in communication with the security gateway, the method comprising:
-
establishing, by the security gateway, a client session between the security gateway and a client device, wherein the client session is an unencrypted session; receiving, by the security gateway, client session information from the client session, wherein the client session information includes an identification of a server with which the client device needs to exchange data; storing, by the HSM, a public key received by the security gateway from the server based on the identification of the server; upon the storing of the public key, creating, by the HSM, a secret for encryption and decryption; encrypting, by the HSM, the secret using the public key of the server; providing, by the HSM, the secret encrypted by the HSM to the security gateway; and
establishing, by the security gateway, a secure session between the security gateway and the server based on the client session data, the secure session being encrypted by the security gateway using the secret, wherein the client device communicates with the server via the client session between the security gateway and the client device and the secure session between the security gateway and the server, wherein the server decrypts the secure session using the public key of the server.
-
Specification