Cryptographic system for resource starved CE device secure upgrade and re-configuration
First Claim
1. An asymmetric cryptographic key management system for secure data exchange using symmetric algorithms, the system comprising:
- a plurality of clients, each client having a unique client identifier and client secret key;
one or more service providers for transmitting secure data to the plurality of clients, each service provider having a respective service provider identifier and service provider secret key;
a plurality of public key values, each public key value for securing a connection between at least one of the plurality of clients and one of the one or more service providers, exclusive of any other service provider of the one or more service providers;
a trusted authority for assigning the service provider identifier and service provider secret key for each of the one or more service providers, and for assigning the client identifier and client secret key for each of the plurality of clients, and the plurality of public key values, the trusted authority having a trusted authority identifier and a trusted authority secret key; and
one or more additional public key values, each additional public key value for securing a connection between the trusted authority and at least one of the clients.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for key management and securing communications channels is presented for the upgrade of compact electronic devices via a communications channel by service providers such as the original manufacturer and, possibly, a number of authorized third party service providers. The manufacturer, acting as a trusted authority, generates and distributes private cryptographic keys to each one of the clients and authorized service providers. The trusted authority also makes available public key values that may be used to secure communications between service providers and clients. The trusted authority may add additional authorized service providers and may also revoke the authorization of compromised service providers, thereby preventing communications between clients and said compromised service providers. Accordingly, authorized service providers, in addition to the manufacturer, may provide program and security upgrades, messages, and generally any data to electronic devices via a secure communications link.
50 Citations
22 Claims
-
1. An asymmetric cryptographic key management system for secure data exchange using symmetric algorithms, the system comprising:
-
a plurality of clients, each client having a unique client identifier and client secret key;
one or more service providers for transmitting secure data to the plurality of clients, each service provider having a respective service provider identifier and service provider secret key;
a plurality of public key values, each public key value for securing a connection between at least one of the plurality of clients and one of the one or more service providers, exclusive of any other service provider of the one or more service providers;
a trusted authority for assigning the service provider identifier and service provider secret key for each of the one or more service providers, and for assigning the client identifier and client secret key for each of the plurality of clients, and the plurality of public key values, the trusted authority having a trusted authority identifier and a trusted authority secret key; and
one or more additional public key values, each additional public key value for securing a connection between the trusted authority and at least one of the clients. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An asymmetric key management system that employs symmetric encryption algorithms for secure transmission of information, the system comprising:
-
a plurality of clients, each client having a unique client secret key value and identifier;
one or more service providers, each service provider having a unique service provider secret key value and identifier;
one or more public key tables, each public key table including one service provider identifier for each of the one or more service providers, a plurality of client identifiers, one for each of the plurality of clients, respectively, and a plurality of public key values, wherein each of the plurality of public key values is assigned to a pairing of a respective one of the plurality of client identifiers and a respective one of the one or more service provider identifiers, exclusive of any other service provider of the one or more service provider identifiers;
whereinsecure transmission of information is achieved between the one or more service providers and clients by negotiating a symmetric session key to encrypt communications. - View Dependent Claims (8, 9, 10)
-
-
11. A method of initializing a symmetric algorithm based public key system, the method comprising the steps of:
-
a) generating and storing a plurality of client secret key values and identifiers;
b) distributing the plurality of client secret key values and identifiers to respective ones of the plurality of clients;
c) generating and storing a plurality of service provider secret key values and identifiers;
d) distributing the plurality of service provider secret key values and identifiers to respective ones of the plurality of service providers; and
e) generating a plurality of public key values for at least one pairing of the plurality of service providers and the plurality of clients and exclusive of pairings of one service provider with another service provider and one client with another client. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of downloading a secure device upgrade encrypted with at least a session key, the method comprising the steps of:
-
a) receiving a transmission from a service provider including a service provider identifier and an encrypted session key;
b) requesting authentication of the service provider from a trusted authority;
c) receiving an authentication response from the trusted authority;
d) aborting the download if the authentication response is negative and continuing the download if the authentication response is positive;
e) obtaining a public key for decrypting at least a portion of the transmission from the service provider;
f) decrypting the portion of the transmission to obtain a decrypted session key;
g) securing a communications channel to the service provider with the session key; and
h) receiving the device upgrade from the service provider through the secured communications channel. - View Dependent Claims (20, 21, 22)
-
Specification