Managing private keys in a free seating environment

US 7,095,859 B2
Filed: 03/18/2002
Issued: 08/22/2006
Est. Priority Date: 03/18/2002
Status: Active Grant

First Claim

Patent Images

1. A method for managing a private key for a user in a free seating environment, said method comprising:

receiving at a first server the private key created by a first computer, wherein said first computer is a client of said first server;

identifying a second computer that is authorized to receive said private key;

transmitting said private key from said first server to said second computer; and

wrapping said private key with a non-migratable public key of said first server, thus creating a first blob, before transmitting said private key within said first blob to said first server, such that said private key cannot be migrated from said first server while wrapped with said non-migratable public key of said first server.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for storing to a server a private key that was created on a TCPA-enabled client computer by the user. The user'"'"'s private key is wrapped in a server non-migratable public key and sent to the server. When the user wants to migrate the user private key to a TCPA-enabled client computer, the user sends a request to the server for the user'"'"'s private key along with the user'"'"'s personal migration data for user identification. The server wraps the user'"'"'s private key in the TCPA-enabled client computer'"'"'s non-migratable public key, and transmits this “blob” to the client computer, which unwraps the blob to reveal the user'"'"'s private key.

Citations

16 Claims

1. A method for managing a private key for a user in a free seating environment, said method comprising:
- receiving at a first server the private key created by a first computer, wherein said first computer is a client of said first server;
  
  identifying a second computer that is authorized to receive said private key;
  
  transmitting said private key from said first server to said second computer; and
  
  wrapping said private key with a non-migratable public key of said first server, thus creating a first blob, before transmitting said private key within said first blob to said first server, such that said private key cannot be migrated from said first server while wrapped with said non-migratable public key of said first server.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein said first computer is a first client computer.
  - 3. The method of claim 1, wherein said second computer is a second client computer.
  - 4. The method of claim 1, wherein said second computer is a second server.
  - 5. The method of claim 1, wherein said first computer and said second computer are a same computer.
  - 6. The method of claim 1, further comprising:
    - unwrapping said first blob in said first server to expose the private key;
      
      wrapping the private key in said first server, creating a second blob, with a non-migratable public key of said second computer; and
      
      transmitting said second blob to said second computer.
  - 7. The method of claim 1, wherein said first computer is Trusted Computing Platform Alliance (TCPA) compliant.

8. A client computer in a computer network, said client computer comprising:
- means for wrapping a private key with a non-migratable public key of a first server to form a first blob, wherein said client computer creates said private key utilizing a Trusted Computing Platform Alliance (TCPA) protocol, and wherein said first blob that cannot be migrated out of said first server; and
  
  means for transmitting said first blob to said first server.
- View Dependent Claims (9)
- - 9. The client computer of claim 8, further comprising:
    - means for requesting said private key from said server;
      
      means for providing a non-migratable public key for encrypting said private key into a second blob; and
      
      means for receiving said second blob.

10. A server in a computer network, said server comprising:
- means for providing a public key to another computer;
  
  means for receiving a blab from said another computer, said blob comprising a private key, from said another computer, encrypted with a public key of the server, wherein said private key is created by said another computer utilizing a Trusted Computing Platform (TCPA) protocol;
  
  means for exposing said private key within said server by decrypting said public key;
  
  means for receiving a request for said private key from a requesting computer;
  
  means for wrapping said private key wit a non-migratable public key of said requesting computer to form a blob; and
  
  means for transmitting said blob to said requesting computer.

11. A computer program product, residing on a computer usable medium, for managing a private key for a user in a free seating environment, said computer program product comprising:
- program code means for receiving at a first server the private key from a first computer, wherein said private key is created by said first computer utilizing a Trusted Computing Platform (TCPA) protocol;
  
  program code means for identifying a second computer that is authorized to receive said private key;
  
  program code means for transmitting said private key from said first server to said second computer; and
  
  program code means for wrapping said private key with a non-migratable public key of said first server, thus creating a first blob, before transmitting said private key within said first blob to said first server, such that said private key cannot be migrated from said first server while wrapped with said non-migratable public key of said first server.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer program product of claim 11, wherein said first computer is a first client computer.
  - 13. The computer program product of claim 11, wherein said second computer is a second client computer.
  - 14. The computer program product of claim 11, wherein said second computer is a second server.
  - 15. The computer program product of claim 11, wherein said first computer and said second computer are a same computer.
  - 16. The computer program product of claim 11, further comprising:
    - program code means for unwrapping said first blob in said first server to expose the private key;
      
      program code means for wrapping the private key in said first server, creating a second blob, with a non-migratable public key of said second computer; and
      
      program code means for transmitting said second blob to said second computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo PC International Limited (Lenovo Group Ltd.)
Original Assignee
Lenovo Singapore Pte Limited (Lenovo Group Ltd.)
Inventors
Challener, David Carroll
Primary Examiner(s)
Zand, Kambiz

Application Number

US10/100,446
Publication Number

US 20030174842A1
Time in Patent Office

1,618 Days
Field of Search

713/155
US Class Current

380/282
CPC Class Codes

G06F 21/62   Protecting access to data v...

H04L 2209/127   Trusted platform modules [TPM]

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 9/083   involving central third par...

Managing private keys in a free seating environment

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Managing private keys in a free seating environment

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links