×

System and method for sharing keys across authenticators

  • US 10,237,070 B2
  • Filed: 12/31/2016
  • Issued: 03/19/2019
  • Est. Priority Date: 12/31/2016
  • Status: Active Grant
First Claim
Patent Images

1. A system comprising:

  • first logic and circuitry to generate and store a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authentication (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticator;

    second logic and circuitry of the first authenticator to generate and store an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator;

    third logic and circuitry to generate and store a symmetric wrapping key (WK), the symmetric wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator;

    fourth logic and circuitry of the first authenticator to generate a join-block using an authenticator identification code for the first authenticator and the asymmetric WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator;

    fifth logic and circuitry of a second authenticator to verify the join-block and generate a join response block responsive to user approval, the join response block generated by encrypting the symmetric WK and Group-ID using the asymmetric WKEK, the join response block to be transmitted to the first authenticator;

    sixth logic and circuitry on the first authenticator to decrypt the join response block and store the symmetric WK and Group-ID;

    a cloud service in communication with the first authenticator, the cloud service to generate a nonce and securely transmit the nonce to the first authenticator;

    seventh logic and circuitry of the first authenticator to generate a sync-pull-request using the nonce, the Group-ID, a Cloud storage access ID encryption key (CSEK), and the asymmetric WKEK, and to transmit the sync-pull request to the Cloud service; and

    the cloud service to decrypt the sync pull request and compare data contained therein to stored data and to generate a sync pull response including the stored data if the data in the sync pull request is different from the stored data.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×