iTP Secure WebServer System Administrator's Guide (Version 7.0)
Integrating the WebSafe2 Internet Security
Processor (WISP)
iTP Secure WebServer System Administrator’s Guide—523346-012
5-4
How the iTP Secure WebServer Uses WebSafe2
Internet Security Processors (WISPs)
The number of WISPs need not be as great as the number of WID processes: multiple
WID processes can use the same WISP.
How the iTP Secure WebServer Uses
WebSafe2 Internet Security Processors
(WISPs)
The WISP generates the public/private key pair used by the iTP Secure WebServer
and protects the private key by encrypting it an MFK. While the iTP Secure WebServer
is operating, the WISP decrypts the master keys that clients send, thus enabling the
server to generate session keys to use when communicating with those clients.
Figure 5-2 illustrates this behavior.
A Web client sends the iTP Secure WebServer a master key during the handshake
phase of communication, encrypting this key with the server’s public key received with
the server’s certificate. This key is used by both parties to generate the session keys
that they will use. The server passes the encrypted master key on to the WISP for
decryption.
The WISP decrypts the master key, but protects it with a Key Exchange Key (KEK)
before returning it to the iTP Secure WebServer. A KEK is a key designed to encrypt
Note. WISP is compatible only with systems running on G-series RVUs.
Figure 5-2. Setting Up Secure Communication Using a WebSafe2 Internet
Security Processor (WISP)
iTP Secure
WebServer
Distributor
Process
WID
Web
Client
SSL Handshake
Protocol
NonStop Kernel
{master key}
Public Key
{decrypted
master key}
KEK
WebSafe2
Internet
Security
Processor
(WISP)
WID= WebSafe2 Interface Driver
{text}
encrypted message
text
encryption key
VST004.vsd