Roaming utilizing an asymmetric key pair
First Claim
1. A method for generating a portion of a split private key of an asymmetric key pair at multiple locations, the portion not stored in a persistent state, comprising:
- generating, at a first network location associated with a user, a first symmetric key and a second symmetric key different than the first symmetric key;
transmitting, from the first network location, the generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key;
generating, at a second network location, the first symmetric key and the second symmetric key, the first factor not present at the second network location;
receiving the encrypted first factor at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location; and
decrypting the received encrypted first factor with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.
5 Assignments
0 Petitions
Accused Products
Abstract
Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.
-
Citations
18 Claims
-
1. A method for generating a portion of a split private key of an asymmetric key pair at multiple locations, the portion not stored in a persistent state, comprising:
-
generating, at a first network location associated with a user, a first symmetric key and a second symmetric key different than the first symmetric key;
transmitting, from the first network location, the generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key;
generating, at a second network location, the first symmetric key and the second symmetric key, the first factor not present at the second network location;
receiving the encrypted first factor at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location; and
decrypting the received encrypted first factor with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for generating a portion of a split private key of an asymmetric key pair at multiple locations, the portion not stored in a persistent state, comprising:
-
a first network station associated with a user and configured to i) generate a first symmetric key and a second symmetric key, ii) encrypt a first one of multiple factors for generating the private key portion with the generated first symmetric key, and iii) cause the generated second symmetric key and the encrypted first factor to be transmitted; and
a second network station associated with the user configured to i) generate the first symmetric key and the second symmetric key, ii) receive the encrypted first factor subsequent to a user authentication based upon the second symmetric key generated at the second network station, and iii) decrypt the received encrypted first factor with the first symmetric key generated at the second network station, the decrypted first factor usable to generate the private key portion. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification