Distributed management of crypto module white lists
First Claim
1. A method for forming a trust relationship between an array of mutually trusting systems and a new system, each comprising a processor and memory, the method comprising:
- introducing the new system to a first system of the array of mutually trusting systems, wherein the introduction includes the first system forming the trust relationship with the new system;
transferring information to the first system of the array of mutually trusting systems from the new system, wherein the information identifies the new system;
requesting a second system of the array of mutually trusting systems to form the trust relationship with the new system;
in response to the request for the second system to form the trust relationship with the new system, the second system requesting if any other system of the array of mutually trusting systems already trusts the new system;
in response to the second system requesting if any other system of the array of mutually trusting systems already trusts the new system, the first system responding and transferring the information to the second system of the array of mutually trusting systems; and
establishing the trust relationship between the new system and each remaining system of the array of mutually trusting systems.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus and method for managing the distribution and expansion of public keys held by a group or array of systems in white lists. The addition of a new system to the array entails a manual input to authorize the introduction of the new system to one trusted system in the array. After the introduction the new system is trusted by the one member and the white list of the one member is loaded into the white list of the new system. The new system then requests joining each of the other systems in the array. For each system in the array asked by the new system, the systems in the array ask if any other systems in the array already trust the new member. In response, a system of the array that trusts the new system responds by sending its white list (containing the public key of the new system) to the requesting system. Eventually the public key of the new system is in the white lists of all the systems in the array. In practice this trusts expansion occurs in the background with respect to running applications.
-
Citations
18 Claims
-
1. A method for forming a trust relationship between an array of mutually trusting systems and a new system, each comprising a processor and memory, the method comprising:
-
introducing the new system to a first system of the array of mutually trusting systems, wherein the introduction includes the first system forming the trust relationship with the new system; transferring information to the first system of the array of mutually trusting systems from the new system, wherein the information identifies the new system; requesting a second system of the array of mutually trusting systems to form the trust relationship with the new system; in response to the request for the second system to form the trust relationship with the new system, the second system requesting if any other system of the array of mutually trusting systems already trusts the new system; in response to the second system requesting if any other system of the array of mutually trusting systems already trusts the new system, the first system responding and transferring the information to the second system of the array of mutually trusting systems; and establishing the trust relationship between the new system and each remaining system of the array of mutually trusting systems. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for forming a trust relationship between an array of mutually trusting systems and a new system, comprising a processor and a memory, that has already established a trust relationship with a first system of the array of mutually trusting systems, the method comprising:
-
requesting, by the new system, that a second system of the array of mutually trusting systems accept the new system as a member of the array of mutually trusting systems; the second system requesting if any system of the array of mutually trusting systems has already established the trust relationship with the new system; sending, by the first system of the array of mutually trusting systems that trusts the new system, a white list including a new system public key identifying the new system to the second system, in response to the second system requesting if any system of the array of mutually trusting systems has already established the trust relationship with the new system; requesting, by the new system, to form the trust relationship with each remaining system of the array of mutually trusting systems; in response to the request to form the trust relationship with each remaining system, requesting, by each remaining system, if any system of the array of mutually trusting systems has already established the trust relationship with the new system; and in response to the request by each remaining system, transferring, by a particular system of the mutually trusting systems that has already established the trust relationship with the new system, the white list including the new system public key that identifies the new system, to each remaining system of the array of mutually trusting systems until the new system is trusted by all systems of the array of mutually trusting systems.
-
-
8. An apparatus for adding a new system to an array of trusted systems, each comprising a processor and a memory, the apparatus comprising:
-
a white list stored in each system of the array of trusted systems, the white list containing public keys identifying each trusted system in the array of trusted systems; a trusted authority that enters a new public key of the new system into the white list of a first system of the array of trusted systems; the new system to establish a trust relationship with each remaining system of the array of trusted systems, wherein each remaining system requests whether the new system has previously established the trust relationship with any system of the array of trusted systems; and in response to the request from each remaining system, transferring, by a particular system of the array of trusted systems that has already established the trust relationship with the new system, the white list that includes the new public key of the new system to each remaining system of the array of trusting systems. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus for forming a trust relationship between an array of mutually trusting systems and a new system, comprising a processor and a memory, that is trusted by a first system of the array of mutually trusting systems, the apparatus comprising:
-
a message from the new system requesting a second system of the array of mutually trusting systems to accept the new system as a trusted member of the array of mutually trusting systems; a message from the second system asking if any system of the array of trusted systems already trusts the new system; and a message from the first system to the second system that includes the first system'"'"'s white list that includes the new system'"'"'s public key that was added to the white list when the first system formed the trust relationship with the new system. - View Dependent Claims (16)
-
-
17. An apparatus for forming a trust relationship between an array of mutually trusting systems and a new system, comprising a processor and a memory, the apparatus comprising:
-
means for introducing the new system to a first system of the array of mutually trusting systems, wherein the introduction includes the first system forming the trust relationship with the new system, means for transferring first information to the first system from the new system identifying the new system, means for transferring second information from the first system to the new system identifying all the systems in the array of mutually trusting systems; means for establishing the trust relationship between the new system and each remaining system of the array of mutually trusting systems, wherein the means for establishing the trust relationship with the each remaining system comprises; means for requesting, by each remaining system of the array of mutually trusting systems, whether any other system of the array of mutually trusting systems has already established the trust relationship with the new system, and means for sending, by a particular system of the array of mutually trusting systems that has already established the trust relationship with the new system, the second information to each remaining system of the array of mutually trusting systems. - View Dependent Claims (18)
-
Specification