Session keys are used to provide data integrity and data confidentiality in communications between two entities of a communications environment. A session key is valid only during the time that the connection between the entities is active. When the connection ends, so does the session and the validity of the session key.
There are various types of session keys and different techniques for generating the keys. One type of session key is a symmetric session key in which both entities communicating, such as a server and a client in a clustered environment, use the same key. In one example, this type of key is generated by having the server generate a symmetric key and then distribute it to the client. The distribution of the symmetric session key is secured by signing the session key with the server's private key and encrypting it with the client's public key to provide both data integrity and data confidentiality.
Signing with a private key involves encrypting a message digest with a private key, which is a slow operation. This is particularly troublesome in recovery situations. For instance, assume the management server of a management domain cluster goes down and then recovers. The management server must establish pre-existing communications channels with each of the clients in the cluster. Thus, the server must generate and distribute a new session key for each client in the management domain cluster. In a large cluster, such as, for example, those having more than 1,024 nodes, this operation is very expensive in terms of performance. This cost in performance hinders recoverability and availability. It also negatively affects scaling.
Based on the foregoing, a need exists for an enhanced technique for providing session keys usable in providing secure communications between parties of a communications environment.