System and method for device bound public key infrastructure

US 8,464,059 B2
Filed: 12/05/2008
Issued: 06/11/2013
Est. Priority Date: 12/05/2007
Status: Active Grant

First Claim

Patent Images

1. A device for sending data via secured communication in a public key infrastructure, comprising:

a communication module for communicating with a data requesting device;

at least one processor in operative communication with the communication module; and

a memory in operative communication with the at least one processor and comprising executable code for the at least one processor to;

generate a requester key pair for the data requesting device, the requester key pair comprising a requester private key and a requester public key; and

in response to receiving a unique device identifier from the data requesting device, calculate a difference between the unique device identifier and the requester private key.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are provided secured communication of data, such as in the context of a public key infrastructure (PKI). In one embodiment, the technique may involve using a private key that is bound to the device requesting the secure data, thereby making it harder for someone to copy, steal or fake. The private key may be generated by adding a filler code to a unique device identifier. The identifier may be based on at least one user-configurable parameter and at least one non-user-configurable parameter of the device.

120 Citations

21 Claims

1. A device for sending data via secured communication in a public key infrastructure, comprising:
- a communication module for communicating with a data requesting device;
  
  at least one processor in operative communication with the communication module; and
  
  a memory in operative communication with the at least one processor and comprising executable code for the at least one processor to;
  
  generate a requester key pair for the data requesting device, the requester key pair comprising a requester private key and a requester public key; and
  
  in response to receiving a unique device identifier from the data requesting device, calculate a difference between the unique device identifier and the requester private key.
- View Dependent Claims (2, 3, 4)
- - 2. The device of claim 1, wherein the at least one processor stores the calculated difference as a filler code in the memory.
  - 3. The device of claim 1, wherein the at least one processor is adapted to:
    - in response to a request for a data from the data requesting device, identify the data requesting device;
      
      encrypt the data using a sender private key and the requester public key; and
      
      send the encrypted data and a filler code to the data requesting device.
  - 4. The device of claim 3, wherein the at least one processor publishes a sender public key, such that the data requesting device is able to (i) compute the requester private key by adding the filler code to the unique device identifier and (ii) use the computed requester private key to decrypt the encrypted data.

5. A device for requesting data via secured communication in a public key infrastructure, comprising:
- a communication module for communicating with a data sender;
  
  at least one processor in operative communication with the communication module; and
  
  a memory in operative communication with the at least one processor and comprising executable code for the at least one processor to;
  
  receive a request for a unique device identifier of a requesting device from the data sender;
  
  in response to the request from the data sender, compile unique identifying information from a computing environment of the requesting device;
  
  generate the unique device identifier based at least in part on the compiled unique identifying information; and
  
  instruct the communication module to transmit the generated unique device identifier to the data sender.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. The device of claim 5, wherein the at least one processor is adapted to:
    - in response to receiving encrypted data and a filler code from the data sender, compute a requester private key by adding the filler code to the unique device identifier; and
      
      use the computed requester private key to decrypt the encrypted data.
  - 7. The device of claim 5, wherein the at least one processor compiles the unique identifying information by compiling at least one user-configurable parameter and at least one non-user-configurable parameter of the device.
  - 8. The device of claim 7, wherein the at least one non-user-configurable parameter comprises at least one of hard drive serial number, CPU ID, CPU model, CPU manufacturer, and CPU voltage for the device.
  - 9. The device of claim 7, wherein the at least one non-user-configurable parameter is based on a carbon degradation characteristic of a computer chip of the device.
  - 10. The device of claim 7, wherein the at least one non-user-configurable parameter is based on a silicone degradation characteristic of a computer chip of the device.
  - 11. The device of claim 7, wherein the at least one user-configurable parameter comprises at least one of hard disk volume name, user name, device name, user password, and hard disk initialization date for the device.

12. A method for secured communication in a public key infrastructure, comprising:
- generating a requester key pair for a data requesting device, the requester key pair comprising a requester private key and a requester public key;
  
  receiving a unique device identifier from the data requesting device;
  
  calculating a difference between the unique device identifier and the requester private key; and
  
  storing the difference as a filler code.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, further comprising:
    - in response to a request for data from the data requesting device, identifying the data requesting device;
      
      encrypting the data using a sender private key and the requester public key; and
      
      sending the encrypted data and the filler code to the data requesting device.
  - 14. The method of claim 12, further comprising publishing a sender public key, such that the data requesting device is able to (i) compute the requester private key by adding the filler code to the unique device identifier and (ii) use the computed requester private key to decrypt the encrypted data.

15. A method for secured communication in a public key infrastructure, comprising:
- receiving from a data sender a request for a unique device identifier of a requesting device;
  
  in response to the request from the data sender, compiling unique identifying information from a computing environment of the requesting device;
  
  generating the unique device identifier based at least in part on the compiled unique identifying information; and
  
  providing the generated unique device identifier to the data sender.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The method of claim 15, further comprising:
    - receiving encrypted data and a filler code from the data sender;
      
      computing a requester private key by adding the filler code to the unique device identifier; and
      
      using the computed requester private key to decrypt the encrypted data.
  - 17. The method of claim 15, wherein compiling the unique identifying information comprises compiling at least one user-configurable parameter and at least one non-user-configurable parameter of the device.
  - 18. The method of claim 17, wherein compiling the at least one non-user-configurable parameter comprises compiling at least one of hard drive serial number, CPU ID, CPU model, CPU manufacturer, and CPU voltage for the device.
  - 19. The method of claim 17, wherein compiling the at least one non-user-configurable parameter comprises compiling a carbon degradation characteristic of a computer chip of the device.
  - 20. The method of claim 17, wherein compiling the at least one non-user-configurable parameter comprises compiling a silicone degradation characteristic of a computer chip of the device.
  - 21. The method of claim 17, wherein compiling the at least one user-configurable parameter comprises compiling at least one of hard disk volume name, user name, device name, user password, and hard disk initialization date for the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cryptosoft Limited
Original Assignee
DeviceAuthority Inc. (f/k/a NetAuthority, Inc.) (Device Authority Ltd.)
Inventors
Richardson, Ric B., Etchegoyen, Craig S., Harjanto, Dono, Davis, Bradley C.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
BAYOU, YONAS A

Application Number

US12/329,419
Publication Number

US 20090150674A1
Time in Patent Office

1,649 Days
Field of Search

713/171
US Class Current

713/171
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0442   wherein the sending and rec...

H04L 63/0876   based on the identity of th...

H04L 9/006   involving public key infras...

System and method for device bound public key infrastructure

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for device bound public key infrastructure

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links