METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS

US 20110026714A1
Filed: 07/29/2009
Published: 02/03/2011
Est. Priority Date: 07/29/2009
Status: Active Grant

First Claim

Patent Images

1. A method for secure transfer of symmetric encryption keys, the method comprising:

at a sending device;

generating a first and a second key management message (KMM), wherein the first KMM includes a first key encryption key and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys;

encrypting the set of symmetric encryption keys, included in the second KMM, using the first key encryption key;

encrypting the first key encryption key and the KMM encryption key, included in the first KMM, using a first public key of a receiving device;

encrypting the second KMM using the KMM encryption key to generate an encrypted second KMM; and

sending the first KMM and the encrypted second KMM to the receiving device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A sending device generates a first and a second KMM, wherein the first KMM includes a first KEK and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys. The sending device further encrypts the set of symmetric encryption keys using the first KEK; encrypts the first KEK and the KMM encryption key using a first public key of a receiving device; and encrypts the second KMM using the KMM encryption key to generate an encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device. The receiving device decrypts the first KEK and the KMM encryption key using a first private key that corresponds to the first public key; and decrypts the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric keys.

63 Citations

View as Search Results

17 Claims

1. A method for secure transfer of symmetric encryption keys, the method comprising:
- at a sending device;
  
  generating a first and a second key management message (KMM), wherein the first KMM includes a first key encryption key and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys;
  
  encrypting the set of symmetric encryption keys, included in the second KMM, using the first key encryption key;
  
  encrypting the first key encryption key and the KMM encryption key, included in the first KMM, using a first public key of a receiving device;
  
  encrypting the second KMM using the KMM encryption key to generate an encrypted second KMM; and
  
  sending the first KMM and the encrypted second KMM to the receiving device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the first KMM and the encrypted second KMM is sent to the receiving device in one combined KMM.
  - 3. The method of claim 2 further comprising the sending device digitally signing the combined KMM before sending the combined KMM to the receiving device.
  - 4. The method of claim 3 further comprising:
    - at the sending device;
      
      generating a random encrypting key; and
      
      encrypting the combined KMM using the random encrypting key before sending the combined KMM to the receiving device.
  - 5. The method of claim 4 further comprising:
    - encrypting the random encrypting key using a second public key of the receiving device to generate an encrypted random encrypting key; and
      
      appending the encrypted random encrypting key to the combined KMM before sending the combined KMM to the receiving device.
  - 6. The method of claim 1 further comprising the sending device digitally signing at least one of the first KMM or the encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device.
  - 7. The method of claim 6 further comprising:
    - at the sending device;
      
      generating a random encrypting key; and
      
      encrypting the at least one of the first KMM or the encrypted second KMM using the random encrypting key before sending the first KMM and the encrypted second KMM to the receiving device.
  - 8. The method of claim 7 further comprising:
    - at the sending device;
      
      encrypting the random encrypting key using a second public key of the receiving device to generate an encrypted random encrypting key; and
      
      appending the encrypted random encrypting key to the at least one of the first KMM or the encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device.
  - 9. The method of claim 8, wherein the first and second public keys of the receiving device are the same key.
  - 10. The method of claim 1, wherein the first key encryption key and the KMM encryption key are the same key.
  - 11. The method of claim 1 further comprising the sending device exchanging digital certificates with the receiving device to obtain the first public key of the receiving device prior to sending the key management messages to the receiving device.

12. A device for secure transfer of symmetric encryption keys, the method comprising:
- means for generating a first and a second key management message (KMM), wherein the first KMM includes a first key encryption key and a KMM encryption key, and the second KMM includes a set of symmetric encryption keys;
  
  means for encrypting the set of symmetric encryption keys, included in the second KMM, using the first key encryption key;
  
  means for encrypting the first key encryption key and the KMM encryption key, included in the first KMM, using a first public key of a receiving device;
  
  means for encrypting the second KMM using the KMM encryption key to generate an encrypted second KMM; and
  
  means for sending the first KMM and the encrypted second KMM to the receiving device.
- View Dependent Claims (13, 14, 15)
- - 13. The device of claim 12 further comprising the sending device digitally signing at least one of the first KMM or the encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device.
  - 14. The device of claim 13 further comprising:
    - means for generating a random encrypting key; and
      
      means for encrypting at least one of the first KMM or the encrypted second KMM using the random encrypting key before sending the first KMM and the encrypted second KMM to the receiving device.
  - 15. The device of claim 14 further comprising:
    - means for encrypting the random encrypting key using a second public key of the receiving device to generate an encrypted random encrypting key; and
      
      means for appending the encrypted random encrypting key to the at least one of the first KMM or the encrypted second KMM before sending the first KMM and the encrypted second KMM to the receiving device.

16. A method for secure transfer of symmetric encryption keys, the method comprising:
- at a receiving device;
  
  receiving, from a sending device, a first key management message (KMM) and an encrypted second KMM, wherein the first KMM includes a first key encryption key and a KMM encryption key both encrypted with a first public key of the receiving device, and the encrypted second KMM includes a set of symmetric encryption keys encrypted with the first key encryption key;
  
  decrypting the first key encryption key and the KMM encryption key using a first private key of the receiving device, wherein the first private key corresponds to the first public key;
  
  decrypting the encrypted second KMM using the KMM encryption key to obtain the encrypted set of symmetric encryption keys for at least one of storing or forwarding to another device.
- View Dependent Claims (17)
- - 17. The method of claim 16 further comprising the receiving device decrypting the set of symmetric keys using the first key encryption key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Thomas, Shanthi E., Kruegel, Chris A., Senese, Thomas J., Pappas, Scott J., Bright, Michael W., Metke, Anthony R.

Granted Patent

US 8,509,448 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/278
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/602   Providing cryptographic fac...

G06F 21/606   by securing the transmissio...

H04L 2209/80   Wireless network architectu...

H04L 2463/062   applying encryption of the ...

H04L 63/0428   wherein the data content is...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/0822   using key encryption key

H04L 9/0825   using asymmetric-key encryp...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

63 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND DEVICE FOR SECURE TRANSFER OF SYMMETRIC ENCRYPTION KEYS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

63 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links