Cryptographic key management

US 7,711,120 B2
Filed: 07/29/2005
Issued: 05/04/2010
Est. Priority Date: 07/29/2004
Status: Active Grant

First Claim

Patent Images

1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:

a communications interface configured to communicate electronically transmit and receive information;

a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and

a key manager connected to and configured to communicate with the interface and the memory and further configured to;

distribute cryptographic key sets, of public keys and private keys, to first and second organizations of members;

determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private keys; and

distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic coalition administrator for managing information access across multiple organizations includes a communications interface configured to communicate electronically transmit and receive information, a memory configured to store pairs of public and private cryptographic keys associated with different levels of access, and a key manager configured and connected to communicate with the interface and the memory and configured to: distribute cryptographic key sets, of public cryptographic keys and private cryptographic keys, to first and second organizations of members; determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private cryptographic keys; and distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.

165 Citations

13 Claims

1. A cryptographic coalition administrator for managing information access across multiple organizations, the administrator comprising:
- a communications interface configured to communicate electronically transmit and receive information;
  
  a memory configured to store a plurality of pairs of public and private cryptographic keys associated with different levels of access; and
  
  a key manager connected to and configured to communicate with the interface and the memory and further configured to;
  
  distribute cryptographic key sets, of public keys and private keys, to first and second organizations of members;
  
  determine a first group of members in the first organization to have authorization to exchange information with a second group of members in the second organization, the first and second groups sharing cryptographic parameters, and public and private keys; and
  
  distribute a first cryptographic key set, from the cryptographic key sets, to the first group, the first group having a first sensitivity level at least as high as a second sensitivity level associated with the first cryptographic key set.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The administrator of claim 1 wherein the key manager is configured to distribute the cryptographic key sets in accordance with at least one of sensitivity levels and category labels associated with the sets and the groups of members.
  - 3. The administrator of claim 1 wherein the key manager is disposed in at least one of the organizations.
  - 4. The administrator of claim 1 wherein the key manager is disposed external to the organizations.
  - 5. The administrator of claim 1 wherein the key manager is configured to alter access privileges of at least one of the members.
  - 6. The administrator of claim 5 wherein the key manager is configured to revoke access privileges of one of the members by inhibiting recall of a portion of a key stored in association with the member.
  - 7. The administrator of claim 5 wherein the key manager is configured to add a new member, from the first organization, to the first group by distributing the first cryptographic key set to the new member.
  - 8. The administrator of claim 1 wherein the key manager is further configured to:
    - determine a third group of members in the first organization to have authorization to exchange information with themselves, the members in the third group sharing cryptographic parameters, and public and private cryptographic keys; and
      
      distribute a second cryptographic key set, from the cryptographic key sets, to the third group.

9. A system for use in transferring encrypted information between multiple organizations, the system comprising:
- a communications interface configured to communicate electronically transmit and receive information;
  
  a memory configured to store a plurality of pairs of public and private cryptographic keys; and
  
  a key manager connected and configured to communicate with the interface and the memory and further configured to;
  
  receive a first public cryptographic key, associated with a first organization, that has been encrypted using a second public cryptographic key associated with a second organization;
  
  decrypt the first public key using a first private key;
  
  encrypt a plaintext message using a data encryption key to produce a ciphertext;
  
  encrypt the data encryption key using the first public key to produce a first encrypted key;
  
  send the ciphertext and the first encrypted key toward the first organization;
  
  encrypt the data encryption key using the a third public cryptographic key, associated with the second organization, to produce a second encrypted key; and
  
  send the ciphertext and the second encrypted key toward a member of the second organization;
  
  wherein the system is associated with the second organization.

10. A method of exchanging information, the method comprising:
- transmitting a first public key from a device at a first entity to a second entity;
  
  receiving, by the device, from the second entity, a second public key encrypted by the second entity using the first public key;
  
  decrypting the second public key by the device using a first private key associated with the first public key;
  
  encrypting information by the device using a data encryption key to produce ciphertext;
  
  encrypting the data encryption key by the device using the second public key to produce a first encrypted key;
  
  transmitting, by the device, the ciphertext and the first encrypted key from the first entity to the second entity;
  
  encrypting the data encryption key by the device using a third public cryptographic key to produce a second encrypted key; and
  
  transmitting, by the device, the ciphertext and the second encrypted key from the first entity to a third entity.
- View Dependent Claims (11, 12, 13)
- - 11. The method of claim 10 further comprising signing the first public cryptographic key and wherein transmitting the first write-only key comprises transmitting the signed first write-only key.
  - 12. The method of claim 10 wherein the first and third entities are members of a first organization of members, and the second entity is a member of a second organization of members that is separate from the first organization.
  - 13. An article of manufacture including a computer storage medium having stored thereon software instructions that, if executed by a computing device, cause the computing device to execute operations to implement the method of claim 10.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
James G. Lightburn
Original Assignee
Infoassure Incorporated
Inventors
Viola, Leonard R., Lightburn, James G., Kimmel, Wayne R., Kimmel, Gerald D., Domangue, Ersin L., Adamouski, Francis J.
Primary Examiner(s)
Dinh; Minh

Application Number

US11/193,227
Publication Number

US 20060242407A1
Time in Patent Office

1,740 Days
Field of Search

380/281, 380/284
US Class Current

380/279
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/065   for group communications cr...

H04L 63/105   Multiple levels of security

H04L 9/088   Usage controlling of secret...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

H04L 9/3247   involving digital signatures

Cryptographic key management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

165 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic key management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

165 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links