Providing forward secrecy in a terminating TLS connection proxy

US 20150106624A1
Filed: 12/17/2014
Published: 04/16/2015
Est. Priority Date: 12/16/2011
Status: Active Grant

First Claim

Patent Images

1. A method to secure a communication among a client, a first server, and a second server, the first server holding a public certificate for a given domain, the public certificate having a public key of an asymmetric key pair, the second server holding an private key corresponding to the public key, comprising, as an ordered sequence at the first server:

during a cryptographic handshake request received from the client, applying a cryptographic function to an ephemeral value to generate a server random value, and returning to the client the server random value and the public certificate;

receiving from the client a pre-master secret value encrypted with a public key of the public certificate, together with a client random value;

transmitting to the second server the encrypted pre-master secret, together with the ephemeral value and the client random value;

receiving from the second server a master secret, the master secret having been generated at the second server by applying the cryptographic function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using the private key to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret; and

using the master secret to compute derivative data, the derivative data adapted to secure further communications between the client and the first server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.

54 Citations

View as Search Results

20 Claims

1. A method to secure a communication among a client, a first server, and a second server, the first server holding a public certificate for a given domain, the public certificate having a public key of an asymmetric key pair, the second server holding an private key corresponding to the public key, comprising, as an ordered sequence at the first server:
- during a cryptographic handshake request received from the client, applying a cryptographic function to an ephemeral value to generate a server random value, and returning to the client the server random value and the public certificate;
  
  receiving from the client a pre-master secret value encrypted with a public key of the public certificate, together with a client random value;
  
  transmitting to the second server the encrypted pre-master secret, together with the ephemeral value and the client random value;
  
  receiving from the second server a master secret, the master secret having been generated at the second server by applying the cryptographic function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using the private key to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret; and
  
  using the master secret to compute derivative data, the derivative data adapted to secure further communications between the client and the first server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as described in claim 1 further including purging the ephemeral value.
  - 3. The method as described in claim 2 wherein the ephemeral value is purged immediately following transmitting the ephemeral value to the second server.
  - 4. The method as described in claim 1 wherein the cryptographic handshake is a Transport Layer Security (TLS) handshake.
  - 5. The method as described in claim 1 wherein the cryptographic function is a key derivation function.
  - 6. The method as described in claim 5 wherein the key derivation function is a one-way function.
  - 7. The method as described in claim 4 wherein the given function is a TLS pseudorandom function (PRF).
  - 8. The method as described in claim 1 further including establishing a persistent connection from the first server to the second server.
  - 9. The method as described in claim 1 wherein the ephemeral value is a random number.

10. An apparatus operative in an overlay network edge server, comprising:
- at least one hardware processor;
  
  computer memory holding computer program instructions executed by the hardware processor, the computer program instructions operative during a handshake from a client to perform the following ordered operations;
  
  (i) select an ephemeral value, (ii) apply a one-way function to the ephemeral value to generate a server random value, (iii) return to the client the server random value and a public certificate holding a public key of a key pair;
  
  (iv) receive from the client an encrypted pre-master secret and a client random value;
  
  (v) forward to a cryptographic server the encrypted pre-master secret, a random value received from the client, and the ephemeral value; and
  
  (vi) purge the ephemeral value.
- View Dependent Claims (11, 12, 13, 14, 15, 20)
- - 11. The apparatus as described in claim 10 wherein the computer program instructions are further operative to receive from the cryptographic server a master secret, the master secret having been generated at the cryptographic server by applying the one-way function to the ephemeral value to re-create the first server random value, decrypting the encrypted pre-master secret using a private key of the key pair to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret.
  - 12. The apparatus as described in claim 11 wherein the computer program instructions are further operative to compute a pair of symmetric keys from the master secret.
  - 13. The apparatus as described in claim 11 wherein the computer program instructions are further operative to receive derivative data computed at the cryptographic server from the master secret.
  - 14. The apparatus as described in claim 10 wherein the computer program instructions are further operative to establish and maintain a persistent connection to the cryptographic server.
  - 15. The apparatus as described in claim 10 wherein the ephemeral value is a random number.
  - 20. The apparatus as described in claim 10 wherein the handshake is a Transport Layer Security (TLS) handshake.

16. An apparatus operative in an overlay network cryptographic server, comprising:
- at least one hardware processor;
  
  computer memory holding computer program instructions executed by the hardware processor, the computer program instructions operative during a handshake from a client to an edge server to perform the following ordered operations;
  
  (i) receive from the edge server an encrypted pre-master secret, a random value received at the edge server from the client, and an ephemeral value, the ephemeral value having been generated at the edge server in response to receipt of a handshake request and used to compute a server random value, the server random value having been generated at the edge server by applying a one-way function to the ephemeral value, the server random value having been used by the client together with a public key of a key pair to generate the pre-master secret; and
  
  (ii) generate a master secret by applying the one-way function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using a private key of the key pair to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret.
- View Dependent Claims (17, 18, 19)
- - 17. The apparatus as described in claim 16 wherein the computer program instructions are further operative during the handshake to return the master secret to the edge server.
  - 18. The apparatus as described claim 16 wherein the computer program instructions are further operative to maintain a persistent connection to the edge server.
  - 19. The apparatus as described in claim 16 wherein the handshake is a Transport Layer Security (TLS) handshake.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Akamai Technologies, Inc.
Original Assignee
Akamai Technologies, Inc.
Inventors
Gero, Charles E., Lisiecki, Philip A.

Granted Patent

US 9,531,691 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/171
CPC Class Codes

H04L 2209/76   Proxy, i.e. using intermedi...

H04L 63/0435   wherein the sending and rec...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0823   using certificates cryptogr...

H04L 63/166   at the transport layer

H04L 9/0643   Hash functions, e.g. MD5, S...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0869   involving random numbers or...

H05K 999/99   dummy group

Providing forward secrecy in a terminating TLS connection proxy

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

54 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing forward secrecy in a terminating TLS connection proxy

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

54 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links