Method and apparatus for establishing and using a secure credential infrastructure
First Claim
Patent Images
1. A computer controlled method to construct a secure credential infrastructure comprising steps of:
- exchanging key commitment information over a preferred channel between a credential issuing device and a prospective member device to pre-authenticate said prospective member device, wherein said preferred channel has both a demonstrative identification property and an authenticity property;
receiving a public key from said prospective member device;
verifying said public key with said key commitment information; and
automatically provisioning said prospective member device with a credential authorized by a credential issuing authority.
10 Assignments
0 Petitions
Accused Products
Abstract
We present technology that allows layman computer users to simply create, provision, and maintain secured infrastructure—an instant PKI. This technology can be used in a wide variety of applications including wired and wireless networks, secure sensor networks (such as medical networks), emergency alert networks, as well as simply and automatically provisioning network devices whether secure or not.
209 Citations
76 Claims
-
1. A computer controlled method to construct a secure credential infrastructure comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and a prospective member device to pre-authenticate said prospective member device, wherein said preferred channel has both a demonstrative identification property and an authenticity property; receiving a public key from said prospective member device; verifying said public key with said key commitment information; and automatically provisioning said prospective member device with a credential authorized by a credential issuing authority. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to construct a secure credential infrastructure, the method comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and a prospective member device to pre-authenticate said prospective member device, wherein said preferred channel has both a demonstrative identification property and an authenticity property; receiving a public key from said prospective member device; verifying said public key with said key commitment information; and automatically provisioning said prospective member device with a credential authorized by a credential issuing authority. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
-
30. A credential issuing apparatus configured to construct a secure credential infrastructure comprising:
-
at least one port configured to establish a preferred channel, wherein said preferred channel has both a demonstrative identification property and an authenticity property; a key commitment receiver mechanism configured to receive key commitment information over said preferred channel; a key receiver mechanism configured to receive a public key; a pre-authentication mechanism configured to verify said public key with said key commitment information; and a credential provisioning mechanism configured to be able to automatically provide a credential authorized by a credential issuing authority responsive to the pre-authentication mechanism. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A credential issuing apparatus configured to construct a secure credential infrastructure comprising:
-
at least one port configured to establish a preferred channel; a key commitment receiver mechanism configured to receive commitment information for a secret through said at least one port; a key receiver mechanism configured to receive said secret; a pre-authentication mechanism configured to verify said secret with said commitment information; and a credential provisioning mechanism configured to be able to automatically provide a credential authorized by a credential issuing authority responsive to the pre-authentication mechanism.
-
-
46. A computer controlled method to join a prospective member device with a secure credential infrastructure comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and said prospective member device, wherein said preferred channel has both a demonstrative identification property and an authenticity property; receiving a public key by said prospective member device; verifying said public key with said key commitment information; and receiving a credential authorized by a credential issuing authority. - View Dependent Claims (47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58)
-
-
59. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to join a prospective member device with a secure credential infrastructure, the method comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and said prospective member device, wherein said preferred channel has both a demonstrative identification property and an authenticity property; receiving a public key by said prospective member device; verifying said public key with said key commitment information; and receiving a credential authorized by a credential issuing authority. - View Dependent Claims (60, 61, 62, 63, 64)
-
-
65. An apparatus capable of joining a secure credential infrastructure comprising:
-
at least one port configured to establish a preferred channel, wherein said preferred channel has both a demonstrative identification property and an authenticity property; a key commitment receiver mechanism configured to receive key commitment information over said preferred channel; a key receiver mechanism configured to receive a public key; a pre-authentication mechanism configured to verify said public key with said key commitment information; and a credential receiving mechanism configured to receive a credential responsive to the pre-authentication mechanism. - View Dependent Claims (66, 67, 68, 69, 70, 71, 72, 73, 74)
-
-
75. A computer controlled method to construct a secure credential infrastructure comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and a prospective member device to pre-authenticate said prospective member device; sending network configuration information over said preferred channel to said prospective member device; receiving a public key from said prospective member device; verifying said public key with said key commitment information; and automatically provisioning said prospective member device with a credential authorized by a credential issuing authority.
-
-
76. A computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method to construct a secure credential infrastructure, the method comprising steps of:
-
exchanging key commitment information over a preferred channel between a credential issuing device and a prospective member device to pre-authenticate said prospective member device; sending network configuration information over said preferred channel to said prospective member device; receiving a public key from said prospective member device; verifying said public key with said key commitment information; and automatically provisioning said prospective member device with a credential authorized by a credential issuing authority.
-
Specification