Methods and apparatus for accelerating secure session processing

US 7,134,014 B2
Filed: 11/23/2005
Issued: 11/07/2006
Est. Priority Date: 05/31/2002
Status: Expired due to Term

First Claim

Patent Images

1. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:

transmitting a first verification message from the client to the server;

transmitting a second verification message from the server to the client;

generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server;

generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client;

generating a first master secret by the client responsive to the second key generation information received from the server; and

generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus are provided for an entity such as a CPU to efficiently call a cryptography accelerator to perform cryptographic operations. A function call causes the cryptography accelerator to execute multiple cryptographic operations in a manner tailored for specific processing steps, such as steps during a handshake phase of a secured session. The techniques provide efficient use of hardware processing resources, data interfaces, and memory interfaces.

5 Citations

View as Search Results

20 Claims

1. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:
- transmitting a first verification message from the client to the server;
  
  transmitting a second verification message from the server to the client;
  
  generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server;
  
  generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client;
  
  generating a first master secret by the client responsive to the second key generation information received from the server; and
  
  generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 15, 16)
- - 2. The method of claim 1, further comprising generating session keys from the first master secret and the second master secret.
  - 3. The method of claim 2, further comprising establishing a secured data exchange between the client and the server over the computer network utilizing the session keys.
  - 4. The method of claim 1, wherein the transmitting a first verification message comprises performing a hash operation on a first intermediate value to derive the first verification message;
    - and transmitting the first verification message to the server.
  - 5. The method of claim 4, wherein the hash operation is associated with SHA1 or MD5.
  - 6. The method of claim 1, wherein the transmitting a second verification message comprises performing a hash operation on a second intermediate value to derive the second verification message;
    - and transmitting the second verification message to the client.
  - 7. The method of claim 6, wherein the hash operation is associated with SHA1 or MD5.
  - 8. The method of claim 1, wherein the first verification message is compared to a client finished message.
  - 9. The method of claim 1, wherein the first verification message and the second verification message include protocol information associated with SSL.
  - 15. The system of claim 1, wherein the means for transmitting a second verification message comprises means for performing a hash operation on a second intermediate value to derive the second verification message;
    - and means for transmitting the second verification message to the client.
  - 16. The system of claim 15, wherein the hash operation is associated with SHA1 or MD5.

10. A system for establishing a secured handshake between a client and a server over a computer network comprising:
- means for transmitting a first verification message from the client to the server;
  
  means for transmitting a second verification message from the server to the client;
  
  means for generating a first key generation information by the client responsive to the second verification message received from the server and sending the generated first key generation information to the server;
  
  means for generating a second key generation information by the server responsive to the first verification message received from the client and sending the generated second key generation information to the client;
  
  means for generating a first master secret by the client responsive to the second key generation information received from the server; and
  
  means for generating a second master secret by the server responsive to the first key generation information received from the client, wherein the first master secret and the second master secret are not transmitted over the computer network.
- View Dependent Claims (11, 12, 13, 14, 17, 18)
- - 11. The system of claim 10, further comprising means for generating session keys from the first master secret and the second master secret.
  - 12. The system of claim 11, further comprising means for establishing a secured data exchange between the client and the server over the computer network utilizing the session keys.
  - 13. The system of claim 10, wherein the means for transmitting a first verification message comprises means for performing a hash operation on a first intermediate value to derive the first verification message;
    - and means for transmitting the first verification message to the server.
  - 14. The system of claim 13, wherein the hash operation is associated with SHA1 or MD5.
  - 17. The system of claim 10, wherein the first verification message is compared to a client finished message.
  - 18. The system of claim 10, wherein the first verification message and the second verification message include protocol information associated with SSL.

19. A method for establishing a secured handshake between a client and a server over a computer network, the method comprising:
- receiving a first verification message from the client;
  
  transmitting a second verification message to the client;
  
  receiving a first key generation information from the client responsive to the second verification message;
  
  generating a second key generation information responsive to the first verification message received from the client and sending the generated second key generation information to the client; and
  
  generating a master secret responsive to the first key generation information received from the client, wherein the master secret is not transmitted over the computer network.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising generating session keys from the master secret.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Luo, Jianjun, Qi, Zheng, Buer, Mark, Tardo, Joseph, Squires, Ronald, Matthews, Don
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US11/286,111
Publication Number

US 20060085640A1
Time in Patent Office

349 Days
Field of Search

713/164, 713/168, 713/151
US Class Current

713/164
CPC Class Codes

H04L 9/0838 Key agreement, i.e. key est...

Methods and apparatus for accelerating secure session processing

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for accelerating secure session processing

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links