Methods and apparatus for accelerating secure session processing
First Claim
Patent Images
1. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:
- transmitting a first verification message from the client to the server;
transmitting a second verification message from the server to the client;
generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server;
generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client;
generating a first master secret by the client responsive to the second key generation information received from the server; and
generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.
5 Citations
20 Claims
-
1. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:
-
transmitting a first verification message from the client to the server; transmitting a second verification message from the server to the client; generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server; generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client; generating a first master secret by the client responsive to the second key generation information received from the server; and generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16)
-
-
10. A system for establishing a secured handshake between a client and a server over a computer network comprising:
-
means for transmitting a first verification message from the client to the server; means for transmitting a second verification message from the server to the client; means for generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server; means for generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client; means for generating a first master secret by the client responsive to the second key generation information received from the server; and means for generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network. - View Dependent Claims (11, 12, 13, 14, 17, 18)
-
-
19. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:
-
receiving a first verification message from the client; transmitting a second verification message to the client; receiving a first key generation information from the client responsive to the second verification message; generating a second key generation information responsive to the first verification message received from the client and sending the generated second key generation information to the client; and generating a master secret responsive to the first key generation information received from the client, wherein the master secret is not transmitted over the computer network. - View Dependent Claims (20)
-
Specification