Apparatus and methods for managing key material in heterogeneous cryptographic assets
First Claim
1. A method for remotely rekeying a cryptographic device, comprising:
- associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm, generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device.
3 Assignments
0 Petitions
Accused Products
Abstract
Apparatus and methods for remotely rekeying a cryptographic device are disclosed. A method according to the invention includes associating a preliminary certificate with the device, generating a device certificate associated with the device, determining whether a certificate stored in the device is the preliminary certificate associated with the device, and if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device. Apparatus for remotely rekeying a cryptographic device includes a computer readable medium having stored thereon computer executable instructions for performing a method according to the invention.
-
Citations
9 Claims
-
1. A method for remotely rekeying a cryptographic device, comprising:
-
associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm, generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device. - View Dependent Claims (2, 3, 4, 5)
loading into the device the preliminary certificate associated with the device.
-
-
5. The method of claim 4, wherein loading the preliminary certificate into the device comprises delivering the preliminary certificate to a certificate loader.
-
6. Apparatus for remotely rekeying a cryptographic device, comprising a computer readable medium having stored thereon computer executable instructions for:
-
associating a preliminary certificate with the device;
generating a device certificate associated with the device, wherein the device certificate has a public part and a private part;
determining whether a certificate stored in the device is the preliminary certificate associated with the device; and
if the certificate stored in the device is the preliminary certificate associated with the device, then securely loading the device certificate into the device by encrypting the private part of the device certificate using a first encryption algorithm generating a first packet comprising the public part, the encrypted private part, and a set of decryption instructions for decrypting the encrypted private part, encrypting the first packet using a second encryption algorithm, generating a second packet comprising the encrypted first packet and a set of decryption instructions for decrypting the encrypted first packet, and delivering the second packet to the device. - View Dependent Claims (7, 8, 9)
a preliminary certificate loader that receives the preliminary certificate from the computer readable medium, and delivers the preliminary certificate to the device.
-
-
8. Apparatus according to claim 6, wherein the computer readable medium comprises computer-executable instructions for associating the preliminary certificate with a device identifier that corresponds to the device.
-
9. Apparatus according to claim 6, wherein the computer readable medium comprises computer-executable instructions for determining whether the certificate has been previously used as a preliminary certificate associated with another cryptographic device.
Specification