US 11,916,890 B1
Distribution of a cryptographic service provided private session key to network communication device for secured communications
Renato J. Recio, Austin, TX (US); Ryan Moats, Omaha, NE (US); Eran Gampel, Tel Aviv (IL); Gal Sagi, Hod Hasharon (IL); Ravinder Reddy Amanaganti, San Ramon, CA (US); Etai Lev Ran, Nofit (IL); and Dean Har'el Lorenz, Haifa (IL)
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed by INTERNATIONAL BUSINESS MACHINES CORPORATION, Armonk, NY (US)
Filed on Aug. 8, 2022, as Appl. No. 17/883,425.
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); H04L 67/146 (2022.01)
CPC H04L 63/0435 (2013.01) [H04L 63/029 (2013.01); H04L 67/146 (2013.01)] 18 Claims
OG exemplary drawing
 
1. A method, comprising:
establishing a secure communication tunnel between user space software and a client device;
accessing a private session key from a cryptographic service;
communicating, from the user space software to a network communication device, the private session key, wherein the private session key is not known to, nor discovered by, a hypervisor stack nor an operating system space of a data processing system hosting the user space software; and
communicating, from the user space software to the network communication device, outbound session packets;
wherein the network communication device is programmed to initiate operations comprising:
generating, by the network communication device, encrypted outbound session packets by encrypting the outbound session packets using the private session key;
communicating, by the network communication device to the client device via the secured communication tunnel, the encrypted outbound session packets;
receiving, by the network communication device from the client device, via the secured communication tunnel, inbound session packets;
generating, by the network communication device, decrypted inbound session packets by decrypting the inbound session packets using the private session key; and
communicating, from the network communication device to the user space software, the decrypted inbound session packets.