Method of delivering direct proof private keys in signed groups to devices using a distribution CD
First Claim
1. A method comprising:
- generating an encrypted data structure associated with a device, the encrypted data structure comprising a private key and a private key digest;
generating an identifier, based on the a pseudo-randomly generated value, for the encrypted data structure;
storing the identifier and the encrypted data structure in a signed group record on a removable storage medium; and
storing the pseudo-random value and a group number corresponding to the signed group record into non-volatile storage within the device.
1 Assignment
0 Petitions
Accused Products
Abstract
Delivering a Direct Proof private key in a signed group of keys to a device installed in a client computer system in the field may be accomplished in a secure manner without requiring significant non-volatile storage in the device. A unique pseudo-random value is generated and stored along with a group number in the device at manufacturing time. The pseudo-random value is used to generate a symmetric key for encrypting a data structure holding a Direct Proof private key and a private key digest associated with the device. The resulting encrypted data structure is stored in a signed group of keys (e.g., a signed group record) on a removable storage medium (such as a CD or DVD), and distributed to the owner of the client computer system. When the device is initialized on the client computer system, the system checks if a localized encrypted data structure is present in the system. If not, the system obtains the associated signed group record of encrypted data structures from the removable storage medium, and verifies the signed group record. The device decrypts the encrypted data structure using a symmetric key regenerated from its stored pseudo-random value to obtain the Direct Proof private key, when the group record is valid. If the private key is valid, it may be used for subsequent authentication processing by the device in the client computer system.
-
Citations
45 Claims
-
1. A method comprising:
-
generating an encrypted data structure associated with a device, the encrypted data structure comprising a private key and a private key digest;
generating an identifier, based on the a pseudo-randomly generated value, for the encrypted data structure;
storing the identifier and the encrypted data structure in a signed group record on a removable storage medium; and
storing the pseudo-random value and a group number corresponding to the signed group record into non-volatile storage within the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. An article comprising:
- a first storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for delivering private keys in signed groups to devices by
generating an encrypted data structure associated with a device, the encrypted data structure comprising a private key and a private key digest;
generating an identifier, based on a pseudo-randomly generated value, for the encrypted data structure;
storing the identifier and the encrypted data structure in a signed group record on a removable storage medium; and
causing the storing the pseudo-random value and a group number corresponding to the signed group record into non-volatile storage within the device. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- a first storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for delivering private keys in signed groups to devices by
-
25. A method comprising:
-
determining if an encrypted data structure, comprising a private key and a private key digest, associated with a device installed in a computer system is stored in a memory on the computer system; and
if the encrypted data structure is not stored, obtaining the encrypted data structure associated with the device in a signed group record from a removable storage medium accessible by the computer system, the removable storage medium storing a database of signed group records. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. An article comprising:
- a first storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for obtaining a private key from a signed group record for a device installed in a computer system by
determining if an encrypted data structure, comprising a private key and a private key digest, associated with a device installed in a computer system is stored in a memory on the computer system (904); and
if the encrypted data structure is not stored, obtaining the encrypted data structure associated with the device in a signed group record from a removable storage medium accessible by the computer system, the removable storage medium storing a database of signed group records. - View Dependent Claims (37, 38, 39, 40, 41, 42, 43, 44, 45)
- a first storage medium having a plurality of machine readable instructions, wherein when the instructions are executed by a processor, the instructions provide for obtaining a private key from a signed group record for a device installed in a computer system by
Specification