| 发明名称 |
Interposer with Security Assistant Key Escrow |
| 摘要 |
An interposer is provided that is configured to interpose into an application security protocol exchange by obtaining application session security state. The interposer does this without holding any private keying material of client or server. An out-of-band Security Assistant Key Escrow service (SAS/SAKE) is also provided. The SAKE resides in the secure physical network perimeter and holds the private keying material required to derive session keys for interposing into application security protocol. During a security protocol handshake, the interposer sends SAKE security protocol handshake messages and in return receives from the SAKE session security state that allows it to participate in application security protocol. |
| 申请公布号 |
US2015288679(A1) |
申请公布日期 |
2015.10.08 |
| 申请号 |
US201414328094 |
申请日期 |
2014.07.10 |
| 申请人 |
Cisco Technology, Inc. |
发明人 |
Ben-Nun Eitan;Zayats Michael;Wing Daniel G.;Patil Kirtesh;Padhye Jaideep;Hungund Manohar B.;Agasaveeran Saravanan |
| 分类号 |
H04L29/06;H04L29/08 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method comprising:
at a network device, receiving a set of session initiation messages from a client device, the set of session initiation messages comprising an address for a server to initiate a secure session between the client device and the server; forwarding the set of session initiation messages to the server at the server address; forwarding the set of session initiation messages to a security assistant device, the security assistant device physically located in a secure location apart from the network device; and receiving a session authorization from the security assistant device, the session authorization enabling the network device to decrypt messages from the secure session between the client device and the server. |
| 地址 |
San Jose CA US |
