×

SECURE SESSION CAPABILITY USING PUBLIC-KEY CRYPTOGRAPHY WITHOUT ACCESS TO THE PRIVATE KEY

  • US 20160080337A1
  • Filed: 11/10/2015
  • Published: 03/17/2016
  • Est. Priority Date: 04/08/2014
  • Status: Active Grant
First Claim
Patent Images

1. A method in a first server for establishing a secure session with a client device, the method comprising:

  • receiving, from the client device, a Client Hello message that includes a first random value;

    in response to the received Client Hello message, transmitting a Server Hello message to the client device that includes a second random value;

    transmitting, to the client device, a Server Certificate message that includes one or more digital certificates;

    transmitting, to the client device, a Server Hello Done message;

    receiving, from the client device, a Client Key Exchange message that includes an encrypted premaster secret, wherein the first server does not include a private key that can decrypt the encrypted premaster secret;

    transmitting, to a second server that has access to a private key that is capable of decrypting the encrypted premaster secret, the encrypted premaster secret, the first random value, the second random value, and an indication of a negotiated cipher suite between the client device and the first server;

    receiving, from the second server, a set of or more session keys to be used in the secure session for encrypting and decrypting communication between the client device and the first server that were generated at least using a master secret that is generated using a premaster secret that is decrypted from the encrypted premaster secret, the first random value, the second random value, and the negotiated cipher suite between the client device and the first server;

    receiving, from the client device, a first Change Cipher Spec message;

    receiving, from the client device, a first Finished message;

    transmitting to the client device, a second Change Cipher Spec message; and

    transmitting, to the client device, a second Finished message.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×