KEY MANAGEMENT SYSTEMS AND METHODS FOR SHARED SECRET CIPHERS
First Claim
1. A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
- a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a first domain; and
a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer, the at least one KMS root server being configured to communicate with applications and devices that make security requests to the system when there are no other layers in the system,wherein, the layers are organized in a hierarchy such that each layer has a different security level.
0 Assignments
0 Petitions
Accused Products
Abstract
Various embodiments are described herein for a Key Management System (KMS) and associated methods for providing authentication and secure shared key distribution capabilities without revealing a device'"'"'s secret key. The KMS allows one or more accessing applications or devices residing on a variety of systems and associated with a plurality of organizations to efficiently authenticate other applications or devices with which they are in communication and to securely establish a shared secret between authenticated applications or devices. Secret keys may be cached throughout the KMS system for off-line and efficient operations. The KMS system enables authentication of devices and secure communication between these devices which may have been created and secured under different domains without those domains having an a priori relationship.
-
Citations
122 Claims
-
1. A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
-
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a first domain; and a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer, the at least one KMS root server being configured to communicate with applications and devices that make security requests to the system when there are no other layers in the system, wherein, the layers are organized in a hierarchy such that each layer has a different security level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
-
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a domain; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer, wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and wherein at least one server in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer comprises a key store and is configured to perform computations required for a cryptographic conversation with the device or application to service the security request.
-
-
30. A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
-
a KMS domain authority server layer including at least one KMS authority server configured to manage cryptographic keys for a first domain; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer, wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and wherein the at least one KMS root server is configured to propagate the security request to a KMS root server or a KMS distribute server associated with a different system of another domain thereby allowing the system to authenticate and securely communicate with devices or applications associated with different domains.
-
-
31. A system for the provision of cryptographic key management services (KMS), wherein the system comprises:
-
a KMS domain authority server layer including a plurality of KMS authority servers, each KMS domain authority server being configured to manage cryptographic keys for different domains; a root KMS server layer including at least one KMS root server, the root KMS server layer being linked to the authority KMS server layer; an intermediate KMS server layer including at least one KMS distribute server, the intermediate KMS server layer being linked to the root KMS server layer; and a resolver KMS server layer including at least one KMS local server, the resolver KMS server layer being linked to the intermediate KMS server layer, wherein servers in at least one of the root KMS server layer, the intermediate KMS server layer and the resolver KMS server layer are configured to communicate with applications and devices that make security requests to the system, and wherein the security requests are propagated to the KMS domain authority server of the domain associated with the device or application in order to provide authentication and distribution of at least one of cryptographic keys and cryptographic conversations between two or more of the different domains.
-
-
32. A method for the provision of cryptographic key management services (KMS) in a system, wherein the method comprises:
-
associating at least one KMS authority server with a KMS domain authority server layer having a first security level; configuring the at least one KMS authority server to manage cryptographic keys for a first domain; associating at least one KMS root server with a root KMS server layer having a second security level; linking the root KMS server layer to the authority KMS server layer; and configuring the at least one KMS root server to communicate with applications and devices that make security requests to the system when there are no other layers in the system. - View Dependent Claims (33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59)
-
-
60. A method of providing security services from a Key Management Services (KMS) system to a device requesting a service, wherein the method comprises:
-
sending a query from a server interface in the KMS system to the device; obtaining an initialization vector (iv) and a device vector (dv) from the device at the server interface; generating a Tag Authentication Request (TAR) packet at the server interface based on a unique session identifier (sid), a type code identifying a type of response expected, the iv, and the dv; and sending the TAR packet from the interface server to a KMS server at a higher level in the KMS system to obtain the requested service. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122)
-
Specification