SYSTEM AND METHOD FOR SHARING KEYS ACROSS AUTHENTICATORS
First Claim
1. A system comprising:
- first logic and/or circuitry to generate and store a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authentication (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticatorsecond logic and/or circuitry of the first authenticator to generate and store an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator;
third logic and/or circuitry to generate and store a symmetric wrapping key (WK), the wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator;
fourth logic and/or circuitry of the first authenticator to generate a join-block using an authenticator identification code for the first authenticator and the WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator;
fifth logic and/or circuitry of a second authenticator to verify the join-block and generate a join response block responsive to user approval, the join response block generated by encrypting the WK and Group-ID using the WKEK, the join response block to be transmitted to the first authenticator; and
sixth logic on the first authenticator to decrypt the join response block and store the WK and Group-ID.
3 Assignments
0 Petitions
Accused Products
Abstract
A system, apparatus, method, and machine readable medium are described for sharing authentication data. For example, one embodiment of a method comprises: generating and storing a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authorization (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticator generating and storing an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating and storing a symmetric wrapping key (WK), the wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating a join-block using an authenticator identification code for the first authenticator and the WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator; verifying the join-block at the second authenticator and generating a join response block responsive to user approval, the join response block generated by encrypting the WK and Group-ID using the WKEK, the join response block to be transmitted to the first authenticator; and decrypting the join response block and storing the WK and Group-ID.
277 Citations
26 Claims
-
1. A system comprising:
-
first logic and/or circuitry to generate and store a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authentication (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticator second logic and/or circuitry of the first authenticator to generate and store an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator; third logic and/or circuitry to generate and store a symmetric wrapping key (WK), the wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator; fourth logic and/or circuitry of the first authenticator to generate a join-block using an authenticator identification code for the first authenticator and the WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator; fifth logic and/or circuitry of a second authenticator to verify the join-block and generate a join response block responsive to user approval, the join response block generated by encrypting the WK and Group-ID using the WKEK, the join response block to be transmitted to the first authenticator; and sixth logic on the first authenticator to decrypt the join response block and store the WK and Group-ID. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
generating and storing a persistent group identification code (Group-ID) for a group of authenticators sharing a common set of authorization (Uauth) keys, an initial Group-ID to be generated on a first use of a first authenticator and/or following a factory reset of the first authenticator generating and storing an individual asymmetric wrapping key encryption key (WKEK) on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating and storing a symmetric wrapping key (WK), the wrapping key to be generated on a first use of the first authenticator and/or following each factory reset of the first authenticator; generating a join-block using an authenticator identification code for the first authenticator and the WKEK, the join-block usable to join an existing authenticator group, the join block to be sent to a second authenticator; verifying the join-block at the second authenticator and generating a join response block responsive to user approval, the join response block generated by encrypting the WK and Group-ID using the WKEK, the join response block to be transmitted to the first authenticator; and decrypting the join response block and storing the WK and Group-ID. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
Specification