Key management system and method

US 20040005061A1
Filed: 07/08/2002
Published: 01/08/2004
Est. Priority Date: 07/08/2002
Status: Active Grant

First Claim

Patent Images

1. A method of managing at least one cipher key, comprising the steps of:

encrypting at least one cipher key;

storing the at least one encrypted cipher key in at least one data memory;

receiving at least one message associated with at least one session; and

identifying at least one stored cipher key associated with the at least one session.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems are disclosed for providing secured data transmission and for managing cryptographic keys. One embodiment of the invention provides secure key management when separate devices are used for generating and utilizing the keys. One embodiment of the invention provides secure storage of keys stored in an unsecured database. One embodiment of the invention provides key security in conjunction with high speed decryption and encryption, without degrading the performance of the data network.

Citations

49 Claims

1. A method of managing at least one cipher key, comprising the steps of:
- encrypting at least one cipher key;
  
  storing the at least one encrypted cipher key in at least one data memory;
  
  receiving at least one message associated with at least one session; and
  
  identifying at least one stored cipher key associated with the at least one session.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 further comprising the step of using the at least one identified cipher key to encrypt or decrypt the at least one message.
  - 3. The method of claim 1 wherein:
    - the at least one message comprises data encrypted with a public key; and
      
      the at least one stored cipher key comprises a private key.
  - 4. The method of claim 3 further comprising the step of deriving, from the data, sessions keys associated with the at least one session.
  - 5. The method of claim 4 further comprising the steps of:
    - encrypting the session keys;
      
      storing the session keys in at least one data memory;
      
      receiving at least one subsequent message associated with the at least one session;
      
      identifying stored session keys associated with the at least one session;
      
      decrypting the identified session keys; and
      
      using the decrypted session keys to decrypt or encrypt the at least one subsequent message.
  - 6. The method of claim 1 further comprising the steps of:
    - sending the least one message to an integrated circuit;
      
      sending the at least one identified cipher key to the integrated circuit; and
      
      decrypting the at least one identified cipher key in the integrated circuit.
  - 7. The method of claim 6 further comprising the step of using the at least one decrypted cipher key to decrypt the at least one message in the integrated circuit.
  - 8. The method of claim 6 further comprising the step of using the at least one decrypted cipher key to encrypt the at least one message in the integrated circuit.
  - 9. The method of claim 6 wherein the step of decrypting the at least one identified cipher key comprises using at least one symmetric key, the method further comprising the step of storing the at least one symmetric key in the integrated circuit.
  - 10. The method of claim 6 wherein the step of decrypting the at least one identified cipher key comprises using at least one asymmetric key, the method further comprising the step of storing the at least one asymmetric key in the integrated circuit.
  - 11. The method of claim 1 further comprising the step of decrypting the at least one identified cipher key using a stream cipher.
  - 12. The method of claim 11 further comprising the step of using the at least one decrypted cipher key to decrypt the at least one message.
  - 13. The method of claim 11 further comprising the step of using the at least one decrypted cipher key to encrypt the at least one message.
  - 14. The method of claim 1 further comprising the step of using at least one symmetric key for the encrypting or decrypting the at least one identified cipher key.
  - 15. The method of claim 1 further comprising the step of using at least one symmetric key for the encrypting or decrypting the at least one identified cipher key.

16. A security processing system, comprising:
- at least one processor for encrypting at least one cipher key;
  
  at least one data memory for storing the at least one encrypted cipher key; and
  
  at least one encryption accelerator, adapted to receive at least one message, for decrypting the at least one stored cipher key and the at least one message.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The security processing system of claim 16 further comprising at least one data network for connecting the at least one processor to at least one of the group consisting of the at least one data memory and the at least one encryption accelerator.
  - 18. The security processing system of claim 16 further comprising at least one data network for connecting the at least one data memory to at least one of the group consisting of the at least one processor and the at least one encryption accelerator.
  - 19. The security processing system of claim 16 further comprising at least one non-volatile memory for storing at least one key for decrypting the at least one stored cipher key.
  - 20. The security processing system of claim 16 further comprising at least one stream cipher for decrypting the at least one stored cipher key.

21. A secured data transmission system, comprising:
- at least one data channel;
  
  at least one main security module for distributing encrypted cipher keys over at the least one data channel; and
  
  at least one satellite security module for receiving encrypted cipher keys over the at least one data channel and for encrypting or decrypting data using the cipher keys.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The secured data transmission system of claim 21 comprising at least one data memory for storing encrypted cipher keys.
  - 23. The secured data transmission system of claim 21 wherein the at least one satellite security module comprises at least one cipher for encrypting or decrypting cipher keys.
  - 24. The secured data transmission system of claim 23 comprising at least one data memory for storing encrypted cipher keys.
  - 25. The secured data transmission system of claim 23 wherein at least one of the cipher keys comprises a key for encrypting or decrypting keys.
  - 26. The secured data transmission system of claim 23 wherein the at least one satellite security module encrypts or decrypts data using at least one decrypted cipher key.
  - 27. The secured data transmission system of claim 21 wherein at least one of the cipher keys comprises a private key.

28. A secured data transmission system, comprising:
- at least one data channel;
  
  at least one main security module for sending for sending at least one key encryption key over a secure connection established over the at least one data channel and for sending encrypted private keys over at the least one data channel and; and
  
  at least one satellite security module for receiving the at least one kek encryption key over the secure connection, for receiving the encrypted private keys over the at least one data channel and for encrypting or decrypting data using the cipher keys.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The secured data transmission system of claim 28 comprising at least one data memory for storing the encrypted private keys.
  - 30. The secured data transmission system of claim 28 wherein the at least one satellite security module comprises at least one cipher for encrypting or decrypting the private keys.
  - 31. The secured data transmission system of claim 30 comprising at least one data memory for storing the encrypted private keys.
  - 32. The secured data transmission system of claim 28 comprising at least one non-volatile data memory for storing the at least one key encryption key.

33. A method for providing secured data transmission comprising the steps of:
- obtaining a key encryption key;
  
  establishing communication over a data channel between a main security module and a satellite security module;
  
  establishing a secure channel over the data channel;
  
  transmitting the key encryption key over the secure channel;
  
  encrypting a private key using the key encryption key;
  
  transmitting the encrypted private key over the data channel; and
  
  decrypting the transmitted private key using the transmitted key encryption key.

34. A method of managing at least one cipher key, comprising the steps of:
- encrypting at least one cipher key;
  
  storing the at least one encrypted cipher key in at least one data memory;
  
  receiving at least one data packet; and
  
  identifying at least one stored cipher key associated with the at least one data packet.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48)
- - 35. The method of claim 34 further comprising the step of using the at least one identified cipher key to encrypt or decrypt the at least one data packet.
  - 36. The method of claim 34 wherein:
    - the at least one data packet comprises data encrypted with a public key; and
      
      the at least one stored cipher key comprises a private key.
  - 37. The method of claim 36 further comprising the step of deriving, from the data, sessions keys associated with at least one session.
  - 38. The method of claim 37 further comprising the steps of:
    - encrypting the session keys;
      
      storing the session keys in at least one data memory;
      
      receiving at least one subsequent data packet associated with the at least one session;
      
      identifying stored session keys associated with the at least one session;
      
      decrypting the identified session keys; and
      
      using the decrypted session keys to decrypt or encrypt the at least one subsequent data packet.
  - 39. The method of claim 34 further comprising the steps of:
    - sending the least one data packet to an integrated circuit;
      
      sending the at least one identified cipher key to the integrated circuit; and
      
      decrypting the at least one identified cipher key in the integrated circuit.
  - 40. The method of claim 39 further comprising the step of using the at least one decrypted cipher key to decrypt the at least one data packet in the integrated circuit.
  - 41. The method of claim 39 further comprising the step of using the at least one decrypted cipher key to encrypt the at least one data packet in the integrated circuit.
  - 42. The method of claim 39 wherein the step of decrypting the at least one identified cipher key comprises using at least one symmetric key, the method further comprising the step of storing the at least one symmetric key in the integrated circuit.
  - 43. The method of claim 39 wherein the step of decrypting the at least one identified cipher key comprises using at least one asymmetric key, the method further comprising the step of storing the at least one asymmetric key in the integrated circuit.
  - 44. The method of claim 34 further comprising the step of decrypting the at least one identified cipher key using a stream cipher.
  - 45. The method of claim 44 further comprising the step of using the at least one decrypted cipher key to decrypt the at least one data packet.
  - 46. The method of claim 44 further comprising the step of using the at least one decrypted cipher key to encrypt the at least one data packet.
  - 47. The method of claim 34 further comprising the step of using at least one symmetric key for the encrypting or decrypting the at least one identified cipher key.
  - 48. The method of claim 34 further comprising the step of using at least one symmetric key for the encrypting or decrypting the at least one identified cipher key.

49. A method for managing cipher keys, comprising the steps of:
- generating a private key;
  
  generating at least one key encryption key;
  
  encrypting the private key using the at least one key encryption key;
  
  sending the at least one key encryption key over a secure channel;
  
  sending the at least one encrypted private key over a secure channel;
  
  storing the at least one encrypted private key that was sent over the secure channel;
  
  decrypting the stored at least one encrypted private key using the at least one key encryption key;
  
  generating at least one session key using the at least one decrypted private key;
  
  encrypting the at least one session key using the at least one key encryption key;
  
  storing the at least one encrypted session key; and
  
  decrypting the stored at least one encrypted session key using the at least one key encryption key to provide a session key to encrypt or decrypt a data packet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Broadcom Corporation (Broadcom, Inc.)
Inventors
Buer, Mark L., Tardo, Joseph J.

Granted Patent

US 7,773,754 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/282
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

G06F 21/72   in cryptographic circuits

H04L 2463/062   applying encryption of the ...

H04L 63/0485   Networking architectures fo...

H04L 63/164   at the network layer

H04L 9/0822   using key encryption key

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

Key management system and method

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

49 Claims

Specification

Solutions

Use Cases

Quick Links

Key management system and method

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

49 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links