MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS

US 20080209210A1
Filed: 01/30/2008
Published: 08/28/2008
Est. Priority Date: 05/25/2001
Status: Active Grant

First Claim

Patent Images

1. A method for granting trust to and revoking said granted trust from partner code of a system using a master key, comprising the steps of:

signing said partner code with a minor key;

issuing minor key empowerment code signed by said master key for said granting trust to said partner code; and

if revoking said granted trust becomes necessary, distributing minor key antidote code associated with said partner code signed by said master key for said revoking said granted trust from said partner code.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.

Citations

24 Claims

1. A method for granting trust to and revoking said granted trust from partner code of a system using a master key, comprising the steps of:
- signing said partner code with a minor key;
  
  issuing minor key empowerment code signed by said master key for said granting trust to said partner code; and
  
  if revoking said granted trust becomes necessary, distributing minor key antidote code associated with said partner code signed by said master key for said revoking said granted trust from said partner code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein said revocation of said granted trust by said antidote code is permanent.
  - 3. The method of claim 1, further comprising the step of:
    - deliberately limiting amount and complexity of said empowerment code and said antidote code, so that opportunities for error are reduced.
  - 4. The method of claim 1, further comprising the steps of running said antidote code as upgrade software to combat a security breach.
  - 5. The method of claim 4, wherein said antidote code is downloadable.
  - 6. The method of claim 1, further comprising the step of issuing a plurality of secondary keys each associated to partner code originating from a different partner.
  - 7. The method of claim 1, wherein said empowerment and antidote code are general purpose code and written in any of, but not limited to:
    - the Java language; and
      
      JavaScript.
  - 8. The method of claim 1, further comprising the step of:
    - sending calls from said empowerment code and said antidote code to a signed API associated with said system to determine if said system has ability to grant trust to or revoke trust from said partner code.
  - 10. The apparatus of claim 8, wherein application of said antidote code overrides application of said empowerment code permanently.
  - 11. The apparatus of claim 8, further comprising means for adding additional partner code, corresponding additional minor key signed by said master key, a corresponding additional empowerment code signed by said master key, and a corresponding additional antidote code signed by said master key.
  - 12. The apparatus of claim 8, wherein said empowerment and antidote code are written in any of, but not limited to:
    - the Java language; and
      
      JavaScript.
  - 13. The apparatus of claim 8, wherein said empowerment code is significantly simple and said antidote code is significantly simple, thereby eliminating opportunities for error.
  - 14. The apparatus of claim 8, wherein said minor key is created by a partner associated with said partner code.
  - 15. The apparatus of claim 8, further comprising an application program interface (API) signed by said master key for receiving calls from said minor key empowerment code and said minor key antidote code for determining if said system has ability to grant trust to and revoke trust from said partner code.
  - 16. The apparatus of claim 15, wherein said empowerment code uses said system interface to effect said grant of said trust, and said antidote code uses said system interface to effect said revocation of said granted trust.

9. An apparatus for granting trust to and revoking said granted trust from partner code of a system using a master key, comprising:
- a minor key for signing said partner code;
  
  minor key empowerment code, wherein said empowerment code is signed by said master key for said granting trust to said partner code;
  
  responsive to a desire to revoke said granted trust, means for distributing minor key antidote code associated, if it becomes necessary to revoke said granted trust, wherein said minor key antidote code is signed by said master key for said revoking said granted trust from said partner code.

17. A computer readable storage medium encoded with instructions, which when executed by a computational device implements an apparatus for granting trust to and revoking said granted trust from partner code of a system using a master key, the apparatus comprising:
- a minor key for signing said partner code;
  
  minor key empowerment code, wherein said empowerment code is signed by said master key for said granting trust to said partner code;
  
  responsive to a desire to revoke said granted trust, means for distributing minor key antidote code associated, if it becomes necessary to revoke said granted trust, wherein said minor key antidote code is signed by said master key for said revoking said granted trust from said partner code.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The computer readable storage medium of claim 17, wherein application of said antidote code overrides application of said empowerment code permanently.
  - 19. The computer readable storage medium of claim 17, the apparatus further comprising:
    - means for adding additional partner code, corresponding additional minor key signed by said master key, a corresponding additional empowerment code signed by said master key, and a corresponding additional antidote code signed by said master key.
  - 20. The computer readable storage medium of claim 17, wherein said empowerment and antidote code are written in any of, but not limited to:
    - the Java language; and
      
      JavaScript.
  - 21. The computer readable storage medium of claim 17, wherein said empowerment code is significantly simple and said antidote code is significantly simple, thereby eliminating opportunities for error.
  - 22. The computer readable storage medium of claim 17, wherein said minor key is created by a partner associated with said partner code.
  - 23. The computer readable storage medium of claim 17, the apparatus further comprising an application program interface (API) signed by said master key for receiving calls from said minor key empowerment code and said minor key antidote code for determining if said system has ability to grant trust to and revoke trust from said partner code.
  - 24. The computer readable storage medium of claim 23, wherein said empowerment code uses said system interface to effect said grant of said trust, and said antidote code uses said system interface to effect said revocation of said granted trust.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Original Assignee
Meta Platforms, Inc. (f/k/a Facebook, Inc.)
Inventors
ROSKIND, James A.

Granted Patent

US 8,181,018 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/158
CPC Class Codes

G06F 21/33   using certificates

H04L 63/0442   wherein the sending and rec...

H04L 63/064   Hierarchical key distributi...

MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

MASTER KEY TRUST GRANTS AND REVOCATIONS FOR MINOR KEYS

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links