Cryptographic key management and validation system
First Claim
1. A Key Management System for generating, distributing and managing cryptographic keys used by a transaction evidencing device that employs cryptographic means to produce evidence of information integrity, the system comprising:
- a plurality of functionally distinct secure boxes communicatively coupled to each other, each of said secure boxes including means for performing one of key management functions for key generation, key installation, key verification and verification of the evidence of information integrity produced by the transaction evidencing device;
computer means for providing system control, said computer means being communicatively coupled to said secure boxes and including means for facilitating communication among said secure boxes;
a plurality of separate logical security domains, each of said security domains providing domain processes for key generation, key installation, key verification and verification of the evidence of information integrity produced by said transaction evidencing device within said domain using said key management functions;
a plurality of domain archives communicatively coupled to said computer means and corresponding respectively to each of said security domains, said domain archives including means for recording key status records and master keys for each domain;
means for installing said master keys in the transaction evidencing device; and
means for verifying said evidence of information integrity.
1 Assignment
0 Petitions
Accused Products
Abstract
A Key Management System for generating, distributing and managing cryptographic keys used by an information transaction system that employs cryptographic means to produce evidence of information integrity. The system comprises a plurality of functionally distinct secure boxes operatively coupled to each other. Each of the secure boxes performs functions for key generation, key installation, key verification or validation of tokens. Computers, operatively coupled to the secure boxes, provide system control and facilitate communication among the secure boxes. A plurality of separate logical security domains provide domain processes for key generation, key installation, key verification and validation of tokens produced by the transaction evidencing device within the domain using the key management functions. A plurality of domain archives, corresponding respectively to each of the security domains, securely and reliably record key status records and master keys for each domain. The Key Management System installs the master keys in the transaction evidencing device and validates the tokens. The secure boxes include a key generation box for generating, encrypting and signing a master key; a key installation box for receiving, verifying and decrypting the signed master key and for installing the master key into the transaction evidencing device; a key verification box for verifying the installation of the master key in the transaction evidencing device, a token verification box for verifying the tokens, and at least one manufacturing box for generating domain keys and distributing the domain keys among the secure boxes for each of the domains.
-
Citations
35 Claims
-
1. A Key Management System for generating, distributing and managing cryptographic keys used by a transaction evidencing device that employs cryptographic means to produce evidence of information integrity, the system comprising:
-
a plurality of functionally distinct secure boxes communicatively coupled to each other, each of said secure boxes including means for performing one of key management functions for key generation, key installation, key verification and verification of the evidence of information integrity produced by the transaction evidencing device; computer means for providing system control, said computer means being communicatively coupled to said secure boxes and including means for facilitating communication among said secure boxes; a plurality of separate logical security domains, each of said security domains providing domain processes for key generation, key installation, key verification and verification of the evidence of information integrity produced by said transaction evidencing device within said domain using said key management functions; a plurality of domain archives communicatively coupled to said computer means and corresponding respectively to each of said security domains, said domain archives including means for recording key status records and master keys for each domain; means for installing said master keys in the transaction evidencing device; and means for verifying said evidence of information integrity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A Key Management System for generating, distributing and managing cryptographic keys used by a digital postage meter that employs cryptographic means to produce evidence of postage payment, the system comprising:
-
a plurality of functionally distinct secure boxes communicatively coupled to each other, each of said secure boxes including means for performing one of key management functions for key generation, key installation, key verification and verification of the evidence of postage payment; computer means for providing system control, said computer means being communicatively coupled to said secure boxes and including means for facilitating communication among said secure boxes; a plurality of separate logical security domains, each of said security domains providing domain processes for key generation, key installation, key verification and verification of the evidence of postage payment produced by the digital meter within said domain using said key management functions; a plurality of domain archives communicatively coupled to said computer means and corresponding respectively to each of said security domains, said domain archives including means for securely and recording key status records and master keys for each domain; means for installing said master keys in the digital postage meter; and means for verifying said evidence of postage payment.
-
-
20. A Key Management System for generating, distributing and managing cryptographic keys used by a transaction evidencing device that employs cryptographic means to produce evidence of information integrity, the system comprising:
-
a plurality of functionally distinct processes communicatively coupled to communicate with each other, each of said plurality of processes including means for performing one of key management functions for key generation, key installation, key verification and verification of the evidence of information integrity produced by the transaction evidencing device; computer means for providing system control, said computer means being communicatively coupled to said plurality of processes and including means for facilitating communication among said processes; a plurality of separate logical security domains, each of said security domains providing domain processes for key generation, key installation, key verification and verification of the evidence of information integrity produced by said transaction evidencing device within said domain using said key management functions; a plurality of domain archives communicatively coupled to said computer means and corresponding respectively to each of said security domains, said domain archives including means for recording key status records and master keys for each domain; means for installing said master keys in the transaction evidencing device; and means for verifying said evidence of information integrity. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification