Key management

US 20030210791A1
Filed: 05/07/2002
Published: 11/13/2003
Est. Priority Date: 05/07/2002
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing cryptographic keys, the method comprising:

accessing at a server a server key;

accessing at the server a client key;

accessing at the server an encrypted private key provided by a client;

encrypting the encrypted private key with the server key to generate a twice encrypted private key; and

encrypting the twice encrypted private key with the client key to generate a thrice encrypted private key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed herein are methods, processor programs, and cryptography products for managing cryptographic keys. The methods, processor programs, and cryptography products disclosed herein can protect keys stored in a database against a wide variety of malicious attacks. The methods, processor programs, and products disclosed herein may include a variety of mechanisms that wrap a key in several layers of protection. According to one exemplary embodiment disclosed herein, a method of managing cryptographic keys includes accessing at a server a server key, accessing at the server a client key, accessing at the server an encrypted private key provided by a client, encrypting the encrypted private key with the server key to generate a twice encrypted private key, and encrypting the twice encrypted private key with the client key to generate a thrice encrypted private key.

Citations

44 Claims

1. A method of managing cryptographic keys, the method comprising:
- accessing at a server a server key;
  
  accessing at the server a client key;
  
  accessing at the server an encrypted private key provided by a client;
  
  encrypting the encrypted private key with the server key to generate a twice encrypted private key; and
  
  encrypting the twice encrypted private key with the client key to generate a thrice encrypted private key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 2. The method of claim 1, further comprising:
    - generating at the server a server key.
  - 3. The method of claim 2, wherein generating at the server the server key comprises generating at the server the server key based on data received during server initialization.
  - 4. The method of claim 3, wherein generating at the server the server key further comprises generating at the server the same server key during different server initializations.
  - 5. The method of claim 2, further comprising:
    - storing at the server the server key in temporary memory only.
  - 6. The method of claim 5, wherein accessing at the server the server key comprises retrieving the server key from temporary memory.
  - 7. The method of claim 1, further comprising:
    - receiving at the server client data identifying the client; and
      
      associating at the server the client key and the thrice encrypted private key with the client data.
  - 8. The method of claim 1, further comprising:
    - receiving at the server the client key from the client.
  - 9. The method of claim 8, wherein receiving at the server the client key from the client comprises receiving at the server the client key from the client via a network connection.
  - 10. The method of claim 9, wherein the network connection connects the client to at least one of a public network, a private network, a wireless system, a satellite-based system, the World Wide Web, and the landline telephone network.
  - 11. The method of claim 1, further comprising:
    - receiving at the server the encrypted private key from the client.
  - 12. The method of claim 11, wherein receiving at the server the encrypted private key from the client comprises receiving at the server the encrypted private key from the client via a network connection.
  - 13. The method of claim 12, wherein the network connection connects the client to at least one of the telephone network and the World Wide Web.
  - 14. The method of claim 1, further comprising:
    - determining whether the client key decrypts the encrypted private key.
  - 15. The method of claim 14, wherein encrypting the twice encrypted private key with the client key to generate the thrice encrypted private key comprises encrypting the twice encrypted private key with the client key to generate the thrice encrypted private key if the client key does not decrypt the encrypted private key.
  - 16. The method of claim 1, further comprising:
    - storing at the server the thrice encrypted private key.
  - 17. The method of claim 16, further comprising:
    - receiving a request from the client for the encrypted private key corresponding to the thrice encrypted private key stored at the server.
  - 18. The method of claim 17, further comprising:
    - providing the encrypted private key to the client.
  - 19. The method of claim 18, further comprising:
    - accessing at the server the thrice encrypted private key;
      
      accessing at the server the server key;
      
      accessing at the server the client key;
      
      decrypting the thrice encrypted private key with the client key to access the twice encrypted private key; and
      
      decrypting the twice encrypted private key with the server key to access the encrypted private key.
  - 20. The method of claim 1, further comprising:
    - performing the method of claim 1 for multiple clients; and
      
      for at least some of the multiple clients, storing at the server the corresponding thrice encrypted private key.
  - 21. The method of claim 20, further comprising:
    - for at least some of the multiple clients, receiving at the server client data identifying the corresponding client; and
      
      for at least some of the multiple clients, associating at the server the corresponding client key and the corresponding thrice encrypted private key with the corresponding client data.
  - 22. The method of claim 21, further comprising:
    - receiving requests from the multiple clients for the encrypted private keys corresponding to the thrice encrypted private keys stored at the server.
  - 23. The method of claim 22, further comprising:
    - providing the corresponding encrypted private key to at least some of the multiple clients.
  - 24. The method of claim 23, further comprising for at least some of the multiple clients:
    - accessing at the server the thrice encrypted private key associated with the corresponding client data;
      
      accessing at the server the server key;
      
      accessing at the server the client key associated with the corresponding client data;
      
      decrypting the thrice encrypted private key with the client key to access the twice encrypted private key; and
      
      decrypting the twice encrypted private key with the server key to access the corresponding encrypted private key.

25. A method of managing cryptographic keys, the method comprising:
- accessing at a server a server key;
  
  accessing at the server an encrypted private key provided by a client; and
  
  encrypting the encrypted private key with the server key to generate a twice encrypted private key.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
- - 26. The method of claim 25, further comprising:
    - generating at the server the server key.
  - 27. The method of claim 26, further comprising:
    - storing at the server the server key in temporary memory only.
  - 28. The method of claim 27, wherein accessing at the server the server key comprises retrieving the server key from temporary memory.
  - 29. The method of claim 25, further comprising:
    - storing at the server the twice encrypted private key.
  - 30. The method of claim 29, further comprising:
    - receiving a request from the client for the encrypted private key corresponding to the twice encrypted private key stored at the server.
  - 31. The method of claim 30, further comprising:
    - providing the encrypted private key to the client.
  - 32. The method of claim 31, further comprising:
    - accessing at the server the twice encrypted private key;
      
      accessing at the server the server key; and
      
      decrypting the twice encrypted private key with the server key to access the encrypted private key.

33. A method of managing cryptographic keys, the method comprising:
- accessing at a server a server key;
  
  accessing at the server a first client key;
  
  accessing at the server a first package encrypted with the first client key, the first package including at least an encrypted private key provided by a client and a second client key;
  
  decrypting the first package with the first client key;
  
  extracting at least the second client key and the encrypted private key from the first package;
  
  encrypting the encrypted private key with the server key to generate a twice encrypted private key; and
  
  encrypting the twice encrypted private key with the second client key to generate a thrice encrypted private key.
- View Dependent Claims (34, 35, 36, 37, 38, 39)
- - 34. The method of claim 33, further comprising:
    - receiving the first client key from the client.
  - 35. The method of claim 34, wherein receiving the first client key from the client comprises receiving the first client key from the client using only a secure network connection.
  - 36. The method of claim 35, wherein the secure network connection includes at least one of a dedicated pipeline, fiber optics which enhance security, a wireless system which inhibits sniffing, a Virtual Private Network (VPN), a Virtual Active Network (VAN), Secure Sockets Layer (SSL), Transport Level Security (TLS), and Internet Protocol Secure (IPSecure).
  - 37. The method of claim 33, further comprising:
    - comparing the first client key with the second client key.
  - 38. The method of claim 33, further comprising:
    - determining whether the second client key decrypts the encrypted private key.
  - 39. The method of claim 38, wherein encrypting the twice encrypted private key with the second client key comprises encrypting the twice encrypted private key with the second client key if the second client key does not decrypt the encrypted private key.

40. A processor program for managing cryptographic keys, the processor program being tangibly stored on a processor-readable medium and comprising instructions operable to cause a processor to:
- access at a server a server key;
  
  access at the server an encrypted private key provided by a client; and
  
  encrypt the encrypted private key with the server key to generate a twice encrypted private key.
- View Dependent Claims (41)
- - 41. The processor program of claim 40, further comprising instructions operable to cause a processor to:
    - access at the server a client key; and
      
      encrypt the twice encrypted private key with the client key to generate a thrice encrypted private key.

42. A product for managing cryptographic keys, the product comprising:
- multiple twice encrypted private keys, at least some of the multiple twice encrypted private keys including an encrypted private key provided by a client, the encrypted private key being further encrypted by a server key generated at a server.
- View Dependent Claims (43)
- - 43. The product of claim 42, wherein the at least some of the multiple twice encrypted private keys are further encrypted by a client key provided by the client.

44. A product for managing cryptographic keys, the product comprising:
- multiple thrice encrypted private keys, at least some of the multiple thrice encrypted private keys including an encrypted private key being further encrypted by two independent layers of encryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Syntrex Incorporated
Original Assignee
Syntrex Incorporated
Inventors
Binder, Garritt C.

Application Number

US10/141,486
Publication Number

US 20030210791A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 2209/80 Wireless

H04L 9/0822 using key encryption key

Key management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Key management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links