Network centered recovery process for cryptographic processing modules

US 7,925,890 B2
Filed: 10/23/2006
Issued: 04/12/2011
Est. Priority Date: 10/23/2006
Status: Expired due to Fees

First Claim

Patent Images

1. A method for re-initializing a cryptographic processing module, comprising:

generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data;

communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database;

storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated;

indexing said module unique recovery vector in said unclassified network database using a unique module identifying code that identifies said cryptographic processing module;

relocating said cryptographic processing module from said classified environment to an unclassified environment;

subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over said computer network, to said unclassified environment; and

using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment;

wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is provided for re-initializing a cryptographic processing module (102) at a location designated as an unclassified environment. The method includes storing in a database (122) a module unique recovery vector (310, 510) assigned to a cryptographic processing module. The method also includes indexing the module unique recovery vector in the database using a unique module identifying code (for example, a serial number) assigned to the cryptographic processing module. The method further includes subsequently communicating the module unique recovery vector from the database, over a computer network (120), to a remote computing environment (400) that is unclassified. The module unique recovery vector is used to re-initialize the cryptographic processing module.

16 Citations

View as Search Results

12 Claims

1. A method for re-initializing a cryptographic processing module, comprising:
- generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data;
  
  communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database;
  
  storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated;
  
  indexing said module unique recovery vector in said unclassified network database using a unique module identifying code that identifies said cryptographic processing module;
  
  relocating said cryptographic processing module from said classified environment to an unclassified environment;
  
  subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over said computer network, to said unclassified environment; and
  
  using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment;
  
  wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method according to claim 1, further comprising generating a new module unique recovery vector in said unclassified environment.
  - 3. The method according to claim 1, further comprising generating said module unique recovery vector in a cryptographic initialization process exclusively responsive to receipt of at least one initialization vector.
  - 4. The method according to claim 1, further comprising storing said module unique data in a storage device of said cryptographic processing module.
  - 5. The method according to claim 1, further comprising encrypting said module unique recovery vector prior to said communicating step.
  - 6. The method according to claim 1, further comprising querying said cryptographic processing module in said unclassified environment to obtain said unique module identifying code.
  - 7. The method according to claim 1, further comprising communicating said unique module identifying code from said unclassified environment to a server associated with said unclassified network database.
  - 8. The method according to claim 7, further comprising encrypting said unique module identifying code prior to communicating said unique module identifying code.

9. A method for re-initializing a cryptographic processing module, comprising:
- generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data;
  
  communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database;
  
  storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated;
  
  querying said cryptographic processing module to obtain a unique module identifying code that is assigned only to said cryptographic processing module;
  
  communicating said unique module identifying code to said unclassified network database;
  
  indexing said module unique recovery vector in said unclassified network database using said unique module identifying code;
  
  relocating said cryptographic processing module from said classified environment to an unclassified environment;
  
  subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over a computer network, to said unclassified environment; and
  
  using module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment;
  
  wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.
- View Dependent Claims (10, 11)
- - 10. The method according to claim 9, further comprising generating a new module unique recovery vector in said unclassified environment.
  - 11. The method according to claim 9, further comprising generating said module unique recovery vector in a cryptographic re-initialization process exclusively responsive to receipt of at least one initialization vector.

12. A method for re-initializing a cryptographic processing module, comprising:
- generating recovery information, at said cryptographic processing module located in a classified environment, that includes a module unique recovery vector and module unique data;
  
  communicating said module unique recovery vector from said classified environment, over a computer network, to an unclassified network database;
  
  storing in said unclassified network database said module unique recovery vector defining first re-initialization data that is required for re-activating previously deactivated information security functions of said cryptographic processing module at a future time and is functional only with one said cryptographic processing module for which it was uniquely generated;
  
  querying said cryptographic processing module to obtain a unique module identifying code that is assigned only to said cryptographic processing module;
  
  encrypting said unique module identifying code;
  
  communicating said unique module identifying code from said cryptographic processing module, over a computer network, to said unclassified network database;
  
  indexing said module unique recovery vector in said unclassified network database using said unique module identifying code;
  
  encrypting said module unique recovery vector;
  
  relocating said cryptographic processing module from said classified environment to an unclassified environment;
  
  subsequent to said relocation, communicating said module unique recovery vector from said unclassified network database, over a computer network, to said unclassified environment; and
  
  using said module unique data and said module unique recovery vector provided from said unclassified network database to re-initialize said cryptographic processing module in said unclassified environment;
  
  wherein said module unique data defines second re-initialization data that is required for re-activating said previously deactivated information security functions of said cryptographic processing module and is unique to said cryptographic processing module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harris Global Communications, Inc. (L3Harris Technologies, Inc.)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
Mann, Ian D., Dever, Donald J.
Primary Examiner(s)
Arani; Taghi T
Assistant Examiner(s)
Mehrmanesh; Amir

Application Number

US11/551,746
Publication Number

US 20080098235A1
Time in Patent Office

1,632 Days
Field of Search

None
US Class Current

713/189
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 9/3226   using a predetermined code,...

H04L 9/3234   involving additional secure...

Network centered recovery process for cryptographic processing modules

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Network centered recovery process for cryptographic processing modules

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links