Method and apparatus for secure key replacement
First Claim
Patent Images
1. A secure key replacement protocol (SKRP), comprising:
- receiving a rekey request, wherein the rekey request identifies a private key for replacement, the rekey request, comprising;
a SKRP key, and a challenge;
authenticating the rekey request;
replacing the identified private key with the SKRP key;
signing the challenge with the SKRP key; and
returning the signed challenge.
3 Assignments
0 Petitions
Accused Products
Abstract
A method, and a corresponding apparatus, provide for remote, secure replacement of private keys in a private key infrastructure. The method is implemented as a secure key replacement protocol (SKRP), which includes the steps of receiving a rekey request, where the rekey request identifies a private key for replacement, authenticating the rekey request, replacing the identified private key with a SKRP key, signing the challenge with the SKRP key, and returning the signed challenge. The rekey request includes the SKRP key and the challenge.
95 Citations
27 Claims
-
1. A secure key replacement protocol (SKRP), comprising:
-
receiving a rekey request, wherein the rekey request identifies a private key for replacement, the rekey request, comprising;
a SKRP key, and a challenge;
authenticating the rekey request;
replacing the identified private key with the SKRP key;
signing the challenge with the SKRP key; and
returning the signed challenge. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for secure replacement of private keys, comprising:
-
sending a rekey request to a user terminal, the rekey request comprising;
identifiers of one or more private keys to be replaced, secure key replacement protocol (SKRP) keys to replace the private keys, and a challenge to be signed at the user terminal; and
receiving the signed challenge. - View Dependent Claims (17, 18, 19, 20)
-
-
21. An apparatus that provides secure key replacement (SKR), comprising:
-
a receiving module that receives and processes a SKR request, the SKR request comprising;
an identity of a private key to be replaced, a SKR key to replace the private key, and a challenge that, when signed, indicates the private key is replaced with the SKR key;
an authentication module that checks authenticity of the SKR request;
a rekey module that replaces the private key with the SKR key and signs the challenge; and
a return module that returns the signed challenge. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification