Method and apparatus for ad hoc cryptographic key transfer
First Claim
Patent Images
1. A method for obtaining a cryptographic key comprising:
- dispatching a key request to a communications channel;
receiving a response from one or more key sources from the communications channel;
selecting a key source according to one or more responses from one or more key sources;
preparing a requester credential;
communicating the requester credential to the selected key source;
receiving a source credential from the selected key source;
receiving an encrypted first cryptographic-key from the selected key source; and
decrypting the received encrypted first cryptographic-key according to the received source credential, the requester credential and a pre-placed certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for obtaining a cryptographic key by dispatching a key request to a communications channel, receiving a response from one or more key sources, selecting a key source according to the received responses, preparing a requester credential, communicating the requester credential to the selected key source, receiving a source credential from the selected key source, receiving an encrypted key from the key source and decrypting the encrypted key source according to the received source credential, the requester credential and a pre-placed certificate.
-
Citations
21 Claims
-
1. A method for obtaining a cryptographic key comprising:
-
dispatching a key request to a communications channel; receiving a response from one or more key sources from the communications channel; selecting a key source according to one or more responses from one or more key sources; preparing a requester credential; communicating the requester credential to the selected key source; receiving a source credential from the selected key source; receiving an encrypted first cryptographic-key from the selected key source; and decrypting the received encrypted first cryptographic-key according to the received source credential, the requester credential and a pre-placed certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing a cryptographic key comprising:
-
receiving a key request on a communications channel; determining if the key request can be satisfied; responding to the key request with a source identifier when the key-request can be satisfied; receiving a requester credential from a remote terminal; determining when the requester credential is valid; establishing a communications channel with the remote terminal when the requester credential is valid; and encrypting a cryptographic key according to the requester credential, the source credential and a counterpart to a certificate that is pre-placed in the requester; and conveying the encrypted cryptographic-key to the remote terminal using the communications channel. - View Dependent Claims (9, 10)
-
-
11. A secure terminal comprising:
-
a pre-placed certificate register storing a pre-placed certificate received from a data transfer device; a communications unit wirelessly communicating with a remotely located key source; a source identification unit dispatching a key request by means of the communications unit, receiving a source identification message from the communications unit and further selecting a key source according to a received source identification message; a key request unit incorporating a local credential into a key request, dispatching by means of the communications unit the key request to a key source selected by the source identification unit and receiving an encrypted key from the key source by means of the communications unit; and a decryption unit receiving from the key source by means of the communications unit a source credential and further decrypting an encrypted key according to the source credential, the local credential and a pre-placed certificate stored in the pre-placed certificate register. - View Dependent Claims (12, 13)
-
-
14. A secure terminal comprising:
-
a processor executing an instruction sequence; a modulator generating a carrier according to data received from the processor; a demodulator providing data to the processor by demodulating a received carrier; a memory storing one or more instruction sequences and information; one or more instruction sequences stored in the memory including; a source identification module that, when executed by the processor, minimally causes the processor to; convey a key request to the modulator; receive from the demodulator one or more key source identification messages; and select a key source according to a received key source identification message; a key request module that, when executed by the processor, minimally causes the processor to; convey to the modulator a requester credential message that includes a requester credential; and receive from the demodulator a source credential and an encrypted cryptographic key; and a decryption module that, when executed by the processor, minimally causes the processor to decrypt the received cryptographic key according to the received source credential, the requester credential and a pre-placed certificate that is included in the memory. - View Dependent Claims (15, 16, 17, 18, 19)
-
-
20. A key source apparatus comprising:
-
a wireless communications unit communicating with a remotely located key requester; a requester validation unit generating a valid requester signal when a key request received by the communications unit is valid; a source identification unit directing a source identification message to a key requester by means of the communications unit in response to the valid requester signal; a request validation unit generating a valid request signal when a requester credential message is received by the communications unit from a key requester; a key cache storing one or more cryptographic keys; a key encryption unit encrypting a cryptographic key stored in the key cache, wherein said encryption is accomplished according to a source credential, a received requester credential and a counterpart to a certificate that has been pre-placed in the key requester and wherein the key encryption unit directs an encrypted cryptographic key to a key requester by means of the communications unit. - View Dependent Claims (21)
-
Specification