iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-002
5-4
How the iTP Secure WebServer Uses WebSafe2
Internet Security Processors (WISPs)
How the iTP Secure WebServer Uses
WebSafe2 Internet Security Processors
(WISPs)
The WISP generates the public/private key pair used by the iTP Secure WebServer
and protects the private key by encrypting it an MFK. While the iTP Secure WebServer
is operating, the WISP decrypts the master keys that clients send, thus enabling the
server to generate session keys to use when communicating with those clients.
Figure 5-2 illustrates this behavior.
A web client sends the iTP Secure WebServer a master key during the handshake
phase of communication, encrypting this key with the server’s public key received with
the server’s certificate. This key is used by both parties to generate the session keys
that they will use. The server passes the encrypted master key on to the WISP for
decryption.
The WISP decrypts the master key, but protects it with a Key Exchange Key (KEK)
before returning it to the iTP Secure WebServer. A KEK is a key designed to encrypt
other keys. The server uses the master key to generate its SERVER-READ and
SERVER-WRITE session keys.
Figure 5-2. Setting Up Secure Communication Using a WebSafe2 Internet
Security Processor (WISP)
WebSafe2
Internet
Security
Processor
(WISP)
iTP Secure
WebServer
NonStop Kernel
{decrypted master key}
KEK
{master key}
Public Key
Web
Client
SSL Handshake
Protocol
{text} text WID=WebSafe2 Interface Driver
encrypted message
encryption key
CDT014.CDD
WID
Distributor
Process