Secured communication in network environments
First Claim
Patent Images
1. A computer-implemented method comprising:
- performing a handshake between a client device and a first computing device to generate;
a session key for encrypting data that is communicated between the client device and the first computing device; and
an access controlled compartment, the access controlled compartment associated with access rights preventing the first computing device from performing cryptographic operations using the session key;
receiving, within the access controlled compartment and from the client device, a request for data, wherein the request for data is encrypted using the session key;
sending, from the first computing device to a second computing device, a copy of the session key and the request for data;
receiving, at the first computing device, from the second computing device, the data encrypted with the session key, access rights for the first computing device preventing decryption of the data; and
making the encrypted data available to the client device in response to the request.
1 Assignment
0 Petitions
Accused Products
Abstract
A computing device can obtain a session key for encrypting data that is communicated between a client device and the computing device. The computing device can receive, from the client device, an encrypted request for data. The encrypted request can be encrypted by the client device using the session key. The data requested can be stored on a second computing device. The computing device can send, to the second computing device, a copy of the session key and the encrypted request for data. The second computing device can decrypt the data using the session key and can also encrypt data responsive to the request using the session key.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
performing a handshake between a client device and a first computing device to generate; a session key for encrypting data that is communicated between the client device and the first computing device; and an access controlled compartment, the access controlled compartment associated with access rights preventing the first computing device from performing cryptographic operations using the session key; receiving, within the access controlled compartment and from the client device, a request for data, wherein the request for data is encrypted using the session key; sending, from the first computing device to a second computing device, a copy of the session key and the request for data; receiving, at the first computing device, from the second computing device, the data encrypted with the session key, access rights for the first computing device preventing decryption of the data; and making the encrypted data available to the client device in response to the request. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system comprising:
-
one or more processors; and memory storing instructions that, upon execution by the one or more processors, cause the system; perform a handshake between a client device and a first computing device to generate; a session key associated with a communication session between the client device and the first computing device; and an access controlled compartment, the access controlled compartment associated with access rights preventing the first computing device from performing cryptographic operations using the session key; send a request from the client device, to the access controlled compartment, wherein the request is encrypted using the session key; provide, from the access controlled compartment to a second computing device, the session key and the request; receive, in response to the request, by the access controlled compartment, from the second computing device, using a different encryption handshake between the first computing device and the second computing device, encrypted data encrypted with the session key, access rights on the first computing device prohibiting the encrypted data to be decrypted using the session key; and provide the encrypted data to the client device, from the access controlled compartment. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium comprising executable instructions that, upon execution by one or more processors of a computing system, cause the computing system to at least:
-
receive, from a first computing device, a session key and a request, the request encrypted with the session key, the session key established as a result of a negotiation between a client device and the first computing device, the request stored on the first computing device within an access controlled compartment, the access controlled compartment associated with access rights preventing the first computing device from performing cryptographic operations using the session key; decrypt the request using the session key; process the request to obtain data that is responsive to the request; encrypt, using the session key, the data to produce encrypted data; and relay, through the first computing device, the encrypted data to the client device, wherein access rights for the first computing device prevent decryption of the encrypted data on the first computing device. - View Dependent Claims (18, 19, 20)
-
Specification