Key exchange through partially trusted third party
First Claim
1. A computer-implemented method comprising:
- transmitting, from a cryptography service running on a computer system and to a first entity, a first data to indicate a first association between the first entity and a first public key;
obtaining, at the cryptography service, the first data in response to a request to verify the first association;
transmitting, from the cryptography service and to a second entity, an indication that the data is valid; and
transmitting, from the cryptography service and to the second entity, a second data used to indicate validity of a second association between the second entity and a second public key, wherein the first public key and the second public key are both used as part of establishing a cryptographically protected communications session between the first entity and the second entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A system may transmit, to a first entity, data to indicate an association between the first entity and a public key, wherein the public key is to be used to establish a cryptographically protected communications session between the first entity and a second entity, receive the data in response to a request to verify the association, and transmit, to the second entity, an indication that the data is valid. The system may be a cryptography service that is partially by the first and second entities. A partially trusted system can a computer system that is trusted in some respects but not trusted in other respects. A partially trusted cryptography service may be trusted to generate digital signatures and verify authenticity of digital signatures, but not trusted with access to a cryptographic key that can be used to access a cryptographically protected communications between a first entity and a second entity.
-
Citations
20 Claims
-
1. A computer-implemented method comprising:
-
transmitting, from a cryptography service running on a computer system and to a first entity, a first data to indicate a first association between the first entity and a first public key; obtaining, at the cryptography service, the first data in response to a request to verify the first association; transmitting, from the cryptography service and to a second entity, an indication that the data is valid; and transmitting, from the cryptography service and to the second entity, a second data used to indicate validity of a second association between the second entity and a second public key, wherein the first public key and the second public key are both used as part of establishing a cryptographically protected communications session between the first entity and the second entity. - View Dependent Claims (2, 3, 4)
-
-
5. A system, comprising:
-
one or more hardware processors; and memory that stores executable instructions that, as a result of being executed by the one or more processors, causes the system to; transmit, from the system and to a first entity, a first data to indicate a first association between the first entity and a first public key; obtain, at the system, the first data in response to a request to verify the first association; transmit, from the system and to the second entity, an indication that the data is valid; and transmit, from the system and to the second entity, a second data used to indicate validity of a second association between the second entity and a second public key, wherein the first public key and the second public key are both used as part of establishing a cryptographically protected communications session between the first entity and the second entity. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:
-
transmit, from the computer system and to a first entity, a first data to indicate a first association between the first entity and a first public key; obtain, at the computer system, the first data in response to a first request to verify the first association; transmit, from the computer system and to the second entity, a first indication that the first data is valid; and transmit, from the computer system and to the second entity, a second data used to indicate validity of a second association between the second entity and a second public key, wherein the first public key and the second public key are both used as part of establishing a cryptographically protected communications session between the first entity and the second entity. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification