Akamai Technologies, Inc.
Terminating SSL connections without locally-accessible private keys

Abstract:

An Internet infrastructure delivery platform (e.g., operated by a service provider) provides an RSA proxy "service" as an enhancement to the SSL protocol that off-loads the decryption of the encrypted pre-master secret (ePMS) to an external server. Using this service, instead of decrypting the ePMS "locally," the SSL server proxies (forwards) the ePMS to an RSA proxy server component and receives, in response, the decrypted pre-master secret. In this manner, the decryption key does not need to be stored in association with the SSL server.