Providing forward secrecy in a terminating TLS connection proxy
First Claim
1. A method to secure a communication among a client, a first server, and a second server, the first server holding a public certificate for a given domain, the public certificate having a public key of an asymmetric key pair, the second server holding an private key corresponding to the public key, comprising, as an ordered sequence at the first server:
- during a cryptographic handshake request received from the client, applying a cryptographic function to an ephemeral value to generate a server random value, and returning to the client the server random value and the public certificate;
receiving from the client a pre-master secret value encrypted with a public key of the public certificate, together with a client random value;
transmitting to the second server the encrypted pre-master secret, together with the ephemeral value and the client random value;
receiving from the second server a master secret, the master secret having been generated at the second server by applying the cryptographic function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using the private key to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret; and
using the master secret to compute derivative data, the derivative data adapted to secure further communications between the client and the first server.
1 Assignment
0 Petitions
Accused Products
Abstract
An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire.
54 Citations
20 Claims
-
1. A method to secure a communication among a client, a first server, and a second server, the first server holding a public certificate for a given domain, the public certificate having a public key of an asymmetric key pair, the second server holding an private key corresponding to the public key, comprising, as an ordered sequence at the first server:
-
during a cryptographic handshake request received from the client, applying a cryptographic function to an ephemeral value to generate a server random value, and returning to the client the server random value and the public certificate; receiving from the client a pre-master secret value encrypted with a public key of the public certificate, together with a client random value; transmitting to the second server the encrypted pre-master secret, together with the ephemeral value and the client random value; receiving from the second server a master secret, the master secret having been generated at the second server by applying the cryptographic function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using the private key to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret; and using the master secret to compute derivative data, the derivative data adapted to secure further communications between the client and the first server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus operative in an overlay network edge server, comprising:
-
at least one hardware processor; computer memory holding computer program instructions executed by the hardware processor, the computer program instructions operative during a handshake from a client to perform the following ordered operations;
(i) select an ephemeral value, (ii) apply a one-way function to the ephemeral value to generate a server random value, (iii) return to the client the server random value and a public certificate holding a public key of a key pair;
(iv) receive from the client an encrypted pre-master secret and a client random value;
(v) forward to a cryptographic server the encrypted pre-master secret, a random value received from the client, and the ephemeral value; and
(vi) purge the ephemeral value. - View Dependent Claims (11, 12, 13, 14, 15, 20)
-
-
16. An apparatus operative in an overlay network cryptographic server, comprising:
-
at least one hardware processor; computer memory holding computer program instructions executed by the hardware processor, the computer program instructions operative during a handshake from a client to an edge server to perform the following ordered operations; (i) receive from the edge server an encrypted pre-master secret, a random value received at the edge server from the client, and an ephemeral value, the ephemeral value having been generated at the edge server in response to receipt of a handshake request and used to compute a server random value, the server random value having been generated at the edge server by applying a one-way function to the ephemeral value, the server random value having been used by the client together with a public key of a key pair to generate the pre-master secret; and (ii) generate a master secret by applying the one-way function to the ephemeral value to re-create the server random value, decrypting the encrypted pre-master secret using a private key of the key pair to recover the pre-master secret, and then applying a given function to the client random value, the server random value, and the pre-master secret. - View Dependent Claims (17, 18, 19)
-
Specification