Secure Key Storage Systems, Methods and Apparatuses

US 20170048071A1
Filed: 07/14/2016
Published: 02/16/2017
Est. Priority Date: 06/28/2012
Status: Active Grant

First Claim

Patent Images

1. An apparatus, comprising:

a first non-volatile storage for storing a private root key of a certificate authority for signing digital certificates;

an input device for receiving manual input from an operator;

a communication interface consisting of a one-way transmitter for transmitting information from the apparatus; and

a processor configured to;

retrieve the private root key from the first non-volatile storage;

receive information for a new digital certificate through the input device;

generate the new digital certificate according to the received information;

sign the new digital certificate using the private root key; and

transmit the new digital certificate from the apparatus using the transmitter.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The systems, methods and apparatuses described herein provide a computing environment that manages private key storage. An apparatus according to the present disclosure may comprise a first non-volatile storage for storing a private root key for signing digital certificates, an input device for receiving manual input from an operator, a communication interface consisting of a one-way transmitter for transmitting information from the apparatus, and a processor. The processor may be configured to retrieve the private root key from the first non-volatile storage, receive information for a new digital certificate through the input device, generate the new digital certificate according to the received information, sign the new digital certificate using the private root key and transmit the new digital certificate from the apparatus using the transmitter.

Citations

32 Claims

1. An apparatus, comprising:
- a first non-volatile storage for storing a private root key of a certificate authority for signing digital certificates;
  
  an input device for receiving manual input from an operator;
  
  a communication interface consisting of a one-way transmitter for transmitting information from the apparatus; and
  
  a processor configured to;
  
  retrieve the private root key from the first non-volatile storage;
  
  receive information for a new digital certificate through the input device;
  
  generate the new digital certificate according to the received information;
  
  sign the new digital certificate using the private root key; and
  
  transmit the new digital certificate from the apparatus using the transmitter.
- View Dependent Claims (2, 3, 4, 5, 6, 8)
- - 2. The apparatus of claim 1, further comprising:
    - a timer, anda second non-volatile storage for storing a certificate revocation list (CRL); and
      
      wherein the processor is further configured to;
      
      retrieve the CRL;
      
      add a timestamp generated by the timer to the retrieved CRL;
      
      sign the retrieved CRL using the private root key; and
      
      transmit the signed CRL through the transmitter from the apparatus.
  - 3. The apparatus of claim 2, wherein the processor is further configured to append one or more error detection codes, error correction codes, or both to the signed CRL.
  - 4. The apparatus of claim 2, wherein the processor is further configured to add a timestamp to the retrieved CRL, sign the retrieved CRL and transmit the signed CRL at regular intervals.
  - 5. The apparatus of claim 2, wherein the processor is further configured to transmit the signed CRL at regular intervals.
  - 6. The apparatus of claim 1, wherein the processor is further configured to transmit the new digital certificate at regular intervals.
  - 8. The apparatus of claim 1, wherein the processor is further configured to transmit, via the transmitter, a message containing information regarding the apparatus'"'"'s recent activity to a monitoring service for analyzing and monitoring activities of the apparatus.

7. (canceled)

9. A system, comprising:
- a first device, comprising;
  
  a first non-volatile storage for storing a private root key of a certificate authority for signing digital certificates;
  
  an input device for receiving manual input from an operator;
  
  a communication interface consisting of a one-way transmitter for transmitting information from the first device to a second device; and
  
  a processor configured to generate new digital certificates to be transmitted to the second device; and
  
  the second device, comprising;
  
  a receiver coupled to the transmitter of the first device; and
  
  a communication port for establishing a two-way communication channel with an external network.
- View Dependent Claims (12, 13)
- - 12. The system of claim 9, wherein the processor is further configured to append one or more error detection codes, error correction codes, or both to the signed CRL.
  - 13. The system of claim 12, wherein the second device is configured to perform error detections and corrections appended to the signed CRL and distribute the signed CRL to client devices.

10. (canceled)

11. (canceled)

14-16. -16. (canceled)

17. A system, comprising:
- a first device, comprising;
  
  a first non-volatile storage for storing a private root key of a certificate authority for signing digital certificates;
  
  an input device for receiving manual input from an operator;
  
  a first transceiver for communication with a second device; and
  
  a processor configured to;
  
  receive a new digital certificate request;
  
  verify that the new digital certificate request is valid;
  
  retrieve the private root key from the first non-volatile storage;
  
  generate the new digital certificate according to the new digital certificate request;
  
  sign the new digital certificate using the private root key; and
  
  transmit the new digital certificate from the first device to the second device using a transmitter; and
  
  the second device, comprising;
  
  a second transceiver coupled to the first transceiver of the first device, wherein the first and second transceivers are coupled together by a non-routable, point-to-point connection; and
  
  a communication port for establishing a two-way communication channel with an external network.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The system of claim 17, wherein the first device further comprises:
    - a timer, anda second non-volatile storage for storing a certificate revocation list (CRL); and
      
      wherein the processor is further configured to;
      
      receive an update CRL request;
      
      verify that the update CRL request is valid;
      
      retrieve the CRL;
      
      add a timestamp generated by the timer to the retrieved CRL;
      
      sign the retrieved CRL using the private root key; and
      
      transmit the signed CRL through the transmitter from the apparatus.
  - 19. The system of claim 17, wherein the new digital certificate request is signed by more than one remote operator and the processor is further configured to verify that each remote operator signing the new digital certificate request has a valid operator'"'"'s digital signature.
  - 20. The system of claim 18, wherein the update CRL request is signed by more than one remote operator and the processor is further configured to verify that each remote operator signing the update CRL request has a valid operator'"'"'s digital signature.
  - 21. The system of claim 17, wherein verifying that the new digital certificate request is valid comprises verifying that a remote operator signing the new digital certificate request has a valid operator'"'"'s digital signature.

22. A computer-implemented method, comprising:
- storing, in a first non-volatile storage of a first device, a private root key of a certificate authority for signing digital certificates;
  
  receiving manual input from an operator for information about a new digital certificate;
  
  retrieving the private root key from the first non-volatile storage;
  
  generating the new digital certificate according to the received information;
  
  signing the new digital certificate using the private root key; and
  
  transmitting the new digital certificate from the first device to a second device connected to the first device by a one-way connection.

23-30. -30. (canceled)

31. A computer-implemented method, comprising:
- storing, in a first non-volatile storage of a first device, a private root key of a certificate authority for signing digital certificates;
  
  receiving a new digital certificate request;
  
  verifying the new digital certificate request is valid;
  
  retrieving the private root key from the first non-volatile storage;
  
  generating the new digital certificate according to the new digital certificate request;
  
  signing the new digital certificate using the private root key; and
  
  transmitting the new digital certificate from the first device to a second device by a non-routable, point-to-point connection.

32-35. -35. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OLogN Technologies AG
Original Assignee
OLogN Technologies AG
Inventors
IGNATCHENKO, Sergey

Granted Patent

US 10,250,396 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04L 9/3268   using certificate validatio...

H04L 9/3297   involving time stamps, e.g....

Secure Key Storage Systems, Methods and Apparatuses

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Secure Key Storage Systems, Methods and Apparatuses

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links