Apparatus and methods for managing key material in heterogeneous cryptographic assets
First Claim
Patent Images
1. A method for remotely rekeying a cryptographic device, comprising:
- associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm, generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for remotely rekeying a cryptographic device are disclosed. A method according to the invention includes associating a preliminary certificate with the device, generating a device certificate associated with the device, determining whether a certificate stored in the device is the preliminary certificate associated with the device, and if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device. Apparatus for remotely rekeying a cryptographic device includes a computer readable medium having stored thereon computer executable instructions for performing a method according to the invention.
-
Citations
9 Claims
-
1. A method for remotely rekeying a cryptographic device, comprising:
-
associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm, generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device. - View Dependent Claims (2, 3, 4, 5)
loading into the device the preliminary certificate associated with the device.
-
-
5. The method of claim 4, wherein loading the preliminary certificate into the device comprises delivering the preliminary certificate to a certificate loader.
-
6. Apparatus for remotely rekeying a cryptographic device, comprising a computer readable medium having stored thereon computer executable instructions for:
-
associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device. - View Dependent Claims (7, 8, 9)
a preliminary certificate loader that receives the preliminary certificate from the computer readable medium, and delivers the preliminary certificate to the device.
-
-
8. Apparatus according to claim 6, wherein the computer readable medium comprises computer-executable instructions for associating the preliminary certificate with a device identifier that corresponds to the device.
-
9. Apparatus according to claim 6, wherein the computer readable medium comprises computer-executable instructions for determining whether the certificate has been previously used as a preliminary certificate associated with another cryptographic device.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeL-3 Communications Corporation (L3Harris Technologies, Inc.)
-
Original AssigneeL-3 Communications Corporation (L3Harris Technologies, Inc.)
-
InventorsHess, Pennington J., Howard, James L. Jr., MacStravic, James A.
-
Primary Examiner(s)Hayes, Gail
-
Assistant Examiner(s)DI LORENZO, ANTHONY
-
Application NumberUS09/422,292Time in Patent Office1,041 DaysField of Search380/273, 380/282, 713/155-157, 713/168, 713/173, 713/175, 713/189, 705/71US Class Current713/175CPC Class CodesG06F 21/602 Providing cryptographic fac...G06F 2221/2107 File encryptionG06Q 20/02 involving a neutral party, ...G06Q 20/341 Active cards, i.e. cards in...G06Q 20/3552 Downloading or loading of p...G06Q 20/3829 involving key managementG06Q 20/40975 using encryption thereforG07F 7/1008 Active credit-cards provide...G07F 7/1016 Devices or methods for secu...H04L 2209/12 Details relating to cryptog...H04L 2209/56 Financial cryptography, e.g...H04L 9/083 involving central third par...H04L 9/0891 Revocation or update of sec...H04L 9/50 using hash chains, e.g. blo...
