Systems And Methods For Root Certificate Update
First Claim
1. A method for replacing a cryptographic key, the method including:
- receiving a key replacement message for replacing a fourth cryptographic key, wherein the key replacement message includes encrypted data, the encrypted data having been encrypted using at least part of at least a third cryptographic key;
decrypting at least part of the key replacement message using at least part of the fourth cryptographic key, the decrypting being associated with verifying a digital signature;
reading from the key replacement message at least part of at least a first replacement cryptographic key or at least a first replacement cryptographic key precursor value that is used to derive a first replacement cryptographic key; and
replacing the cryptographic key with at least part of the first replacement cryptographic key.
0 Assignments
0 Petitions
Accused Products
Abstract
Certain embodiments of the present invention provide a method for replacing a cryptographic key including receiving a key replacement message for replacing the cryptographic key, decrypting at least part of the key replacement message using at least part of the cryptographic key, reading from the key replacement message at least part of at least a first replacement cryptographic key or at least a first replacement cryptographic key precursor value that is used to derive a first replacement cryptographic key, and replacing the cryptographic key with at least part of the first replacement cryptographic key. The key replacement message includes encrypted data. The encrypted data having been encrypted using at least part of at least a third cryptographic key. Decrypting the encrypted data using at least part of the cryptographic key. The decrypting being associated with verifying a digital signature.
54 Citations
20 Claims
-
1. A method for replacing a cryptographic key, the method including:
-
receiving a key replacement message for replacing a fourth cryptographic key, wherein the key replacement message includes encrypted data, the encrypted data having been encrypted using at least part of at least a third cryptographic key;
decrypting at least part of the key replacement message using at least part of the fourth cryptographic key, the decrypting being associated with verifying a digital signature;
reading from the key replacement message at least part of at least a first replacement cryptographic key or at least a first replacement cryptographic key precursor value that is used to derive a first replacement cryptographic key; and
replacing the cryptographic key with at least part of the first replacement cryptographic key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of replacing a cryptographic key by communicating to a receiving party a new cryptographic key, together with a means of verification to prove to the party that the new cryptographic key is an authentic replacement key, where such means of verification employs a cryptographic transformation that involves computation using a fourth cryptographic key which was previously communicated to the party, and where the fourth cryptographic key was never previously used as a cryptographic key in any other cryptographic transformation by the party, and replacing said cryptographic key only after successful verification of authenticity for said new cryptographic key by said means of verification employing the fourth cryptographic key.
-
17. A system for replacing a cryptographic key, the system including:
a host including a cryptographic key, wherein the host is adapted to receive a key replacement message including a first replacement cryptographic key, wherein the key replacement message has been encrypted at least in part using a third cryptographic key, wherein the host is further adapted to decrypt at least in part the key replacement message using the cryptographic key to read the first replacement cryptographic key, wherein the host is adapted to replace the cryptographic key with the first replacement cryptographic key. - View Dependent Claims (18, 19, 20)
Specification