Secured Communication in Network Environments

1. A computer-implemented method, the method comprising: obtaining, at a first computing device, a session key for encrypting data that is communicated between a client device and the first computing device; receiving, from the client device, an encrypted request for data, wherein the encrypted request was encrypted by the client device using the session key, and wherein the data being requested is stored on a second computing device that is accessible to the first computing device; sending, to the second computing device and over an independently secure channel between the first computing device and the second computing device, a copy of the session key and the encrypted request for data; receiving, from the second computing device and over the independently secure channel between the first computing device and the second computing device, encrypted data that is responsive to the request, the data responsive to the request having been encrypted by the second computing device using the session key; and sending, to the client device, the encrypted data that is responsive to the request, wherein the client device is configured to decrypt, using the session key, the data that is responsive to the request.

2. The computer-implemented method of claim 1 , wherein obtaining the session key at the first computing device, wherein the session key is able to encrypt data that is communicated between the client device and the first computing device further comprises: receiving, from the client device and at the first computing device, data for establishing a secure communication channel between the client device and the first computing device; performing, with the client device, a cryptographic protocol handshake; and generating, in response to performing the handshake, the session key for encrypting data that is communicated between the client device and the first computing device.

3. The computer-implemented method of claim 1 , further comprising: receiving, from the client device, a different encrypted request for data, wherein the different encrypted request was encrypted by the client device using the session key, and wherein the data being requested is stored on a third computing device that is accessible to the first computing device; sending, to the third computing device, a copy of the session key and the different encrypted request for data; receiving, from the third computing device, encrypted data that is responsive to the different request, the data responsive to the request having been encrypted by the third computing device using the session key; and sending, to the client device, the encrypted data that is responsive to the different request, wherein the client device is configured to decrypt, using the session key, the data that is responsive to the different request.

4. The computer-implemented method of claim 1 , wherein sending, to the second computing device and over the independently secure channel between the first computing device and the second computing device, a copy of the session key and the encrypted request for data further comprises: obtaining a public key associated with the second computing device; encrypting the session key using the public key associated with the second computing device; and sending, to the second computing device, the session key encrypted using the public key associated with the second computing device, wherein the second computing device is configured to decrypt the session key using a private key associated with the second computing device.

5. The computer-implemented method of claim 1 , the method further comprising: restricting the first computing device to sending the session key to the second computing device, wherein the first computing device cannot access the session key to decrypt data.

6. A computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing device to perform operations, comprising: obtaining a session key for encrypting data that is communicated between a client device and the computing device; receiving, from the client device, an encrypted request for data, wherein the encrypted request was encrypted by the client device using the session key, and wherein the data being requested is stored on a second computing device; sending, to the second computing device and over an independently secure channel between the computing device and the second computing device, a copy of the session key and the encrypted request for data; receiving, over the independently secure channel between the computing device and the second computing device, encrypted data that is responsive to the request, the data responsive to the request having been encrypted by the second computing device using the session key; and sending, to the client device, the encrypted data that is responsive to the request.

7. The computing device of claim 6 , wherein the operations further comprise: establishing an independently secure communication channel between the computing device and the second computing device by obtaining a different session key for encrypting data that is communicated between the computing device and the second computing device.

8. The computing device of claim 6 , wherein the operations further comprise: receiving, from the client device, a different encrypted request for data, the different encrypted request having been encrypted by the client device using the session key, wherein the data being requested is stored on a fourth computing device, and wherein the fourth computing device is configured to send data through a third computing device; and sending, to the fourth computing device, a copy of the session key and the different encrypted request for data.

9. The computing device of claim 8 , wherein the session key and the encrypted request for data are not sent to fourth computing device through the third computing device.

10. The computing device of claim 8 , wherein the operations further comprise: receiving, from the third computing device, encrypted data that is responsive to the request, the data responsive to the request having been generated and encrypted by the fourth computing device, the encryption being performed using the session key; and sending, to the client device, the encrypted data that is responsive to the different request, wherein the third computing device does not have a copy of the session key to decrypt the encrypted data that is responsive to the different request.

11. The computing device of claim 6 , wherein the operations further comprise: restricting the computing device to sending the session key to the second computing device, wherein the computing device cannot access the session key to decrypt data.

12. The computing device of claim 6 , wherein obtaining the session key for encrypting data that is communicated between the client device and the computing device further comprises: receiving, from the client device, data for establishing a secure communication channel between the client device and the computing device; performing, with the client device, a cryptographic protocol handshake; and generating, in response to performing the handshake, the session key for encrypting data that is communicated between the client device and the computing device.

13. The computing device of claim 12 , wherein the computing device includes a first module that is configured to perform the cryptographic protocol handshake, and to generate the session key, a second module that is configured to encrypt and decrypt data using the session key, and a third module that is configured to send the session key to a computing device.

14. The computing device of claim 13 , wherein the first module, the second module, and the third module are able to be configured with different access rights to the session key.

15. The computing device of claim 13 , wherein the computing device is restricted to performing the cryptographic protocol handshake, and to send the session key to the second computing device, and wherein the second computing device is able to encrypt and decrypt data using the session key.

16. The computing device of claim 6 , wherein sending, to the second computing device, a copy of the session key and the encrypted request for data further comprises: obtaining a public key associated with the second computing device; encrypting the session key using the public key associated with the second computing device; and sending, to the second computing device, the session key encrypted using the public key associated with the second computing device, wherein the second computing device is configured to decrypt the session key using a private key associated with the second computing device.

17. A computing device comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the computing device to perform operations, comprising: receiving, from a first computing device and over an independently secure communication channel between the computing device and the first computing device, a session key and an encrypted request for data, the encrypted request for data having been encrypted using the session key, and the encrypted request for data having been transmitted from a client device to the first computing device, wherein the session key was established between the client device and the first computing device; processing, using the session key, the encrypted request for data to obtain data that is responsive to the request; encrypting, using the session key, the obtained data; and sending, over the independently secure communication channel between the computing device and the first computing device, the encrypted data to the first computing device.

18. The computing device of claim 17 , wherein the session key is encrypted using a public key associated with the computing device, and wherein the operations further comprise: decrypting the session key using a private key associated with the computing device.

19. The computing device of claim 17 , wherein the session key was established between the client device and the first computing device in response to a cryptographic protocol handshake between a client device and the first computing device.

20. The computing device of claim 17 , wherein the operations further comprise: receiving, from the first computing device, a different encrypted request for data, the different encrypted request for data having been encrypted using the session key, and wherein the data being requested is stored on a second computing device, the second computing device being accessible by the computing device; sending, to the second computing device and over a different independently secure communication channel between the computing device and the second computing device, a copy of the session key and the different encrypted request for data; receiving, from the second computing device and over the different independently secure communication channel between the computing device and the second computing device, encrypted data that is responsive to the different request, the data responsive to the different request having been encrypted by the second computing device using the session key; and sending, to the first computing device and over the independently secure communication channel between the computing device and the first computing device, the encrypted data that is responsive to the different request.