Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

US 7,822,982 B2
Filed: 06/16/2005
Issued: 10/26/2010
Est. Priority Date: 06/16/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:

establishing a symmetric key at a management server, said symmetric key automatically associated with a logical device identifier of a provisionable resource;

establishing an isolated virtual network between the management server and the provisionable resource by changing the configuration of a switch coupled with said provisionable resource such that said provisionable resource to which said symmetric key will be provided is temporarily rewired into a separate virtual local area network (VLAN) such that said provisionable resource does not have any other interface on another VLAN, thereby setting up a temporary secure environment for credential distribution;

providing the symmetric key to the provisionable resource over said temporary VLAN secure environment; and

dissolving the isolated VLAN between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the invention provide a method and an apparatus for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment. In one method embodiment, the present invention establishes a symmetric key at a management server, the symmetric key automatically associated with a logical device identifier of a provisionable resource. Additionally, an isolated virtual network is established between the management server and the provisionable resource for providing the symmetric key to the provisionable resource. Then, after the symmetric key is provided to the provisionable resource the isolated virtual network between the management server and the provisionable resource is dissolved.

16 Citations

View as Search Results

30 Claims

1. A method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:
- establishing a symmetric key at a management server, said symmetric key automatically associated with a logical device identifier of a provisionable resource;
  
  establishing an isolated virtual network between the management server and the provisionable resource by changing the configuration of a switch coupled with said provisionable resource such that said provisionable resource to which said symmetric key will be provided is temporarily rewired into a separate virtual local area network (VLAN) such that said provisionable resource does not have any other interface on another VLAN, thereby setting up a temporary secure environment for credential distribution;
  
  providing the symmetric key to the provisionable resource over said temporary VLAN secure environment; and
  
  dissolving the isolated VLAN between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1 further comprising:
    - re-keying the symmetric key during a provisional resource duplication process for each device involved in said provisional resource duplication process.
  - 3. The method of claim 1 further comprising:
    - providing a record entry on a symmetric database of said management server when said provisionable resource is assigned a symmetric key.
  - 4. The method of claim 3 further comprising:
    - deleting a record entry on said symmetric database of said management server when said provisionable resource is deleted.
  - 5. The method of claim 1 wherein said symmetric key is a shared secret.
  - 6. The method of claim 1 wherein said symmetric key is a cryptographic key.
  - 7. The method of claim 1 wherein said logical device identifier identifies a single provisionable resource, based on its logical identity, rather than physical identity.
  - 8. The method of claim 1 wherein said logical device identifier identifies a group of provisionable resources, based on their logical identity, rather than physical identities.
  - 9. The method of claim 1 wherein after said management server has provided said symmetric key, said management server further comprises:
    - receiving an authentication credential from a first provisionable resource; and
      
      providing said authentication credential to a second provisionable resource, wherein said management server securely provides said authentication credential to said second provisionable resource automatically.
  - 10. The method of claim 1 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 11. The method of claim 1 wherein after said management server has provided said symmetric key, said management server further comprises:
    - receiving a shared encryption credential from a first provisionable resource; and
      
      providing said shared encryption credential to a second provisionable resource, wherein said management server securely provides said shared encryption credential to said second provisionable resource automatically.

12. An automated symmetric key security credential distributor for a utility computing environment comprising:
- a symmetric key generator for generating a symmetric key at a management server;
  
  a logical device identifier coupler for coupling the symmetric key with a logical device identifier of a provisionable resource;
  
  a virtual network establisher for automatically establishing an isolated virtual network between the management server and the provisionable resource by changing the configuration of a switch coupled with said provisionable resource such that said provisionable resource to which said symmetric key will be provided is temporarily rewired into a separate virtual local area network (VLAN) such that said provisionable resource does not have any other interface on another VLAN, thereby setting up a temporary secure environment for credential distribution;
  
  a symmetric key provider for providing the symmetric key to the provisionable resource over said temporary VLAN secure environment; and
  
  and a virtual network dissolver for dissolving the isolated VLAN between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The automated symmetric key distributor of claim 12 further comprising:
    - a database on said management server for maintaining a record entry when said provisionable resource is assigned a symmetric key.
  - 14. The automated symmetric key distributor of claim 13 further comprising:
    - a database cleaner on said management server for deleting a record entry when said provisionable resource is deleted.
  - 15. The automated symmetric key distributor of claim 12 wherein said logical device identifier identifies a single provisionable resource, based on a logical identity, rather than a physical identity.
  - 16. The automated symmetric key distributor of claim 12 wherein said logical device identifier identifies a group of provisionable resources, based on a logical identity, rather than a physical identity of said group.
  - 17. The automated symmetric key distributor of claim 12 wherein after said management server has distributed said symmetric key, said management server further comprises:
    - a credential receiver for receiving an authentication credential from a first provisionable resource; and
      
      said credential provider for providing said authentication credential to a second provisionable resource, wherein said management server automatically and securely provides said authentication credential to said second provisionable resource.
  - 18. The automated symmetric key distributor of claim 12 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 19. The automated symmetric key distributor of claim 12 wherein after said provisionable resource has received said symmetric key, said management server further comprises:
    - a shared encryption credential receiver for receiving a shared encryption credential from a first provisionable resource; and
      
      said shared encryption credential provider for providing said shared encryption credential to a second provisionable resource, wherein said management server automatically and securely provides said shared encryption credential to said second provisionable resource.

20. A computer-usable medium having computer-readable program code embodied therein for causing a method for automatic, secure, and confidential distribution of a symmetric key security credential in a utility computing environment comprising:
- establishing a symmetric key at a management server;
  
  associating the symmetric key with a logical device identifier of a provisionable resource;
  
  automatically establishing an isolated virtual network between the management server and the provisionable resource by changing the configuration of a switch coupled with said provisionable resource such that said provisionable resource to which said symmetric key will be provided is temporarily rewired into a separate virtual local area network (VLAN) such that said provisionable resource does not have any other interface on another VLAN, thereby setting up a temporary secure environment for credential distribution;
  
  providing the symmetric key to the provisionable resource over said temporary VLAN secure environment; and
  
  dissolving the isolated VLAN between the management server and the provisionable resource after the symmetric key is provided to said provisionable resource.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 21. The computer-usable medium of claim 20 further comprising:
    - re-keying the symmetric key during a provisional resource duplication process for each device involved in said provisional resource duplication process.
  - 22. The computer-usable medium of claim 20 further comprising:
    - providing a record entry on a symmetric database of said management server when said provisionable resource is assigned a symmetric key.
  - 23. The computer-usable medium of claim 22 further comprising:
    - deleting a record entry on said symmetric database of said management server when said provisionable resource is deleted.
  - 24. The computer-usable medium of claim 20 wherein said symmetric key is a shared secret.
  - 25. The computer-usable medium of claim 20 wherein said symmetric key is a cryptographic key.
  - 26. The computer-usable medium of claim 20 wherein said logical device identifier identifies a single provisionable resource, based on its logical identity, rather than physical identity.
  - 27. The computer-usable medium of claim 20 wherein said logical device identifier identifies a group of provisionable resources, based on their group logical identity, rather than physical identities.
  - 28. The computer-usable medium of claim 20 wherein after said management server has distributed said symmetric key, said management server further comprises:
    - receiving an authentication credential from a first provisionable resource; and
      
      providing said authentication credential to a second provisionable resource, wherein said management server securely provides said authentication credential to said second provisionable resource automatically.
  - 29. The computer-usable medium of claim 20 wherein after said provisionable resource has received said symmetric key, said management server provides an authentication service to said provisionable resources, for authenticating a second provisionable resource, based on their logical identity.
  - 30. The computer-usable medium of claim 20 wherein after said provisionable resource has received said symmetric key, said management server further comprises:
    - receiving a shared encryption credential from a first provisionable resource; and
      
      providing said shared encryption credential to a second provisionable resource, wherein said management server securely provides said shared encryption credential to said second provisionable resource automatically.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Raikar, Amit
Primary Examiner(s)
LaForgia; Christian
Assistant Examiner(s)
TURCHEN, JAMES R

Application Number

US11/154,798
Publication Number

US 20060285693A1
Time in Patent Office

1,958 Days
Field of Search

713/162, 713/171, 726/4
US Class Current

713/171
CPC Class Codes

H04L 63/062 for key distribution, e.g. ...

H04L 63/08 for authentication of entit...

Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Method and apparatus for automatic and secure distribution of a symmetric key security credential in a utility computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others