Inventors:
- SAN FRANCISCO CA, US
Matthieu Philippe François Tourne - San Francisco CA, US
Piotr Sikora - San Francisco CA, US
Ray Raymond Bejjani - San Francisco CA, US
Dane Orion Knecht - San Francisco CA, US
Matthew Browning Prince - San Francisco CA, US
John Graham-Cumming - London, GB
Lee Hahn Holloway - Santa Cruz CA, US
Nicholas Thomas Sullivan - San Francisco CA, US
Albertus Strasheim - San Francisco CA, US
International Classification:
H04L 9/32
H04L 29/06
G06F 21/33
H04L 9/08
H04L 29/08
H04L 9/14
H04L 9/30
Abstract:
A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret. The different server decrypts the encrypted premaster secret, generates the master secret, and transmits the master secret to the server. The server receives the master secret and continues with the handshake procedure including generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.