- Patent Title: Establishing a cryptographic tunnel between a first tunnel endpoint and a second tunnel endpoint where a private key used during the tunnel establishment is remotely located from the second tunnel endpoint
-
Application No.: US18333333Application Date: 2023-06-12
-
Publication No.: US11949776B2Publication Date: 2024-04-02
- Inventor: Watson Bernard Ladd , Vladislav Krasnov
- Applicant: CLOUDFLARE, INC.
- Applicant Address: US CA San Francisco
- Assignee: CLOUDFLARE, INC.
- Current Assignee: CLOUDFLARE, INC.
- Current Assignee Address: US CA San Francisco
- Agency: NICHOLSON DE VOS WEBSTER & ELLIOTT LLP
- Main IPC: H04L29/06
- IPC: H04L29/06 ; H04L9/08 ; H04L9/32 ; H04L12/46
Abstract:
A responder device receives, from an initiator device, a request to initiate a cryptographic tunnel between the initiator device and the responder device. The responder device does not include a static private key to be used in an asymmetric cryptography algorithm when establishing the tunnel. The responder device transmits a request to a key server that has access to the static private key and receives a response that is based on at least a result of at least one cryptographic operation using the static private key. The responder device receives from the key server, or generates, a transport key(s) for the responder device to use for sending and receiving data on the cryptographic tunnel. The responder device transmits a response to the initiator device that includes information for the initiator device to generate a transport key(s) that it is to use for sending and receiving data on the cryptographic tunnel.
Public/Granted literature
Information query
