Securing local and intra-platform links

US 20060068758A1
Filed: 09/30/2004
Published: 03/30/2006
Est. Priority Date: 09/30/2004
Status: Abandoned Application

First Claim

Patent Images

1. A method of securing a local link, comprising:

receiving an initiation message;

negotiating a ciphersuite across the local link;

transmitting server authentication credentials;

receiving client authentication credentials;

validating the client authentication credentials;

generating an encryption key based upon the cipher; and

encrypting any further communications across the local link using the encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of securing a local link may involve exchange of initiation messages and negotiation of ciphersuites across a local link. The method then transmits a server authentication and receives a client authentication. Upon validation of the server and client authentication, information from the cipher is used to encrypt communications across the local link. In addition, there is a method of providing intra-platform security. The method performs authentication between two endpoints on a platform and then generates keys between the two endpoints to form a trusted tunnel. The keys are used to encrypt communications between the endpoints.

42 Citations

View as Search Results

28 Claims

1. A method of securing a local link, comprising:
- receiving an initiation message;
  
  negotiating a ciphersuite across the local link;
  
  transmitting server authentication credentials;
  
  receiving client authentication credentials;
  
  validating the client authentication credentials;
  
  generating an encryption key based upon the cipher; and
  
  encrypting any further communications across the local link using the encryption key.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, transmitting a server authentication credentials further comprising:
    - transmitting one from the group comprised of;
      
      a certificate, a shared secret, and other credential.
  - 3. The method of claim 1, wherein receiving a client authentication further comprising:
    - receiving one from the group comprised of;
      
      a certificate, a shared secret, and other credential.
  - 4. The method of claim 1, negotiating a cipher further comprising negotiating on ciphersuite information containing cryptographic key types.
  - 5. The method of claim 1, generating a key further comprising generating a key from one of the group comprised of:
    - a platform token, a trusted platform module, a platform identity, and a network media access control address.

6. A device, comprising:
- an interface allowing the device to communicate over a local link;
  
  a memory to store a server authentication credentials and root authentication credentials for at least one client;
  
  a processor to;
  
  receive a communication through the port, wherein the communication includes client authentication credentials;
  
  verify client authentication credentials; and
  
  transmit the server authentication credentials to the client device.
- View Dependent Claims (7, 8, 9)
- - 7. The device of claim 6, the interface further comprising one selected from the group comprised of:
    - a Bluetooth communication interface, an IrDA interface, and a wireless communication interface.
  - 8. The device of claim 6, the memory to store a server authentication credentials and a root authentication credentials further comprising a memory to store a server certificate and a root certificate.
  - 9. The device of claim 6, the network device further comprising one selected of the group comprised of:
    - a computer, a personal digital assistant, a cellular phone, and other client device.

10. A system comprising:
- a server device having server authentication credentials;
  
  a client device having client authentication credentials; and
  
  a local communication link between the server device and the client device, wherein communications across the link are secured by the server and client authentication credentials and data encryption.
- View Dependent Claims (11, 12, 13)
- - 11. The system of claim 10, the server further comprising one selected from the group comprising a PC, a notebook computer, a personal digital assistant, cellular phone, and other client device.
  - 12. The system of claim 10, the client further comprising one selected from the group comprised of:
    - a notebook computer, a personal digital assistant, a cellular phone, a printer, and other client device.
  - 13. The system of claim 10, the local link further comprising one of the group comprised of:
    - radio communications, IrDA, Bluetooth and other wireless communications.

14. A method of providing intra-platform security, comprising:
- performing authentication between two endpoints on a platform;
  
  generating keys on the two endpoints; and
  
  using the keys to encrypt communications between the endpoints.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14, performing authentication further comprising exchanging and validating certificates between the two endpoints.
  - 16. The method of claim 14, generating keys further comprising keys based upon platform tokens.
  - 17. The method of claim 14 comprising selecting endpoints from the group comprised of:
    - in the kernel of the operating system, in the firmware below the kernel of the operating system, and inside communication modules in the platform.

18. A system, comprising:
- a first endpoint located in the system;
  
  a second endpoint located in the system; and
  
  a processor to provide a trusted tunnel between communications modules within the platform.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26)
- - 19. The system of claim 18, the first endpoint further comprising a smart card and the second endpoint further comprising a wireless local area network card.
  - 20. The system of claim 18, the processor further to monitor exchange of authentications between the first and second endpoints prior to establishing the trusted tunnel.
  - 21. The system of claim 18, the trusted tunnel is based on the Transport Layer Security definitions.
  - 22. The system of claim 18, the trusted tunnel is based on the Secure Sockets Layer definitions.
  - 23. The system of claim 18, the processor to reside on the first endpoint.
  - 24. The system of claim 18, the processor to reside on the second endpoint.
  - 25. The system of claim 18, the processor to be located in the system but not on either the first or second endpoint.
  - 26. The system of claim 18, the processor to reside at a location selected form the group comprised of:
    - the first endpoint, the second endpoint, and outside of the endpoints.

27. An article of machine-readable media containing instructions that, when executed, cause the machine to:
- receive an initiation message;
  
  negotiate a ciphersuite across the local link;
  
  transmit a server authentication credentials;
  
  receive a client authentication credentials;
  
  validate the client authentication credentials;
  
  generate an encryption key based upon the negotiated ciphersuite; and
  
  encrypt any further communications across the local link using the encryption key.
- View Dependent Claims (28)
- - 28. The article of claim 27, the instructions causing the machine to receive a client authentication further causes the machine to receive a ciphersuite information containing an encryption algorithm and cryptographic key types.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Aissi, Selim, Matasar, Benjamin, Dharmadhikari, Abhay, Puthenkulam, Jose, Yelamanchi, Mrudula, Dashevsky, Jane, Callahan, Shelagh Ann

Application Number

US10/957,273
Publication Number

US 20060068758A1
Time in Patent Office

Days
Field of Search
US Class Current

455/411
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/0869   for achieving mutual authen...

Securing local and intra-platform links

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Securing local and intra-platform links

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links