System and method for distributed security
First Claim
1. A method, at a client, for creating a hierarchy of key servers, wherein a key server is configured to distribute cryptographic keys to one or more network entities, the method comprising:
- determining that a first key server is authorized by comparing information stored in a security module of the client with a hash value of a first public key associated with the first key server, wherein the first public key is configured to expire after a predetermined period of time;
accessing information in the security module to determine whether the first key server is permitted to authorize additional key servers; and
in response to determining that the first key server is permitted to authorize additional key servers, signing a second public key of a second key server with the first public key to authorize the second key server, wherein either the first public key of the first key server or the second public key of the second key server can be used to authorize an additional key server.
7 Assignments
0 Petitions
Accused Products
Abstract
A security architecture in which a security module is integrated in a client machine, wherein the client machine includes a local host that is untrusted. The security module performs encryption and decryption algorithms, authentication, and public key processing. The security module also includes separate key caches for key encryption keys and application keys. A security module can also interface a cryptographic accelerator through an application key cache. The security module can authorize a public key and an associated key server. That public key can subsequently be used to authorize additional key servers. Any of the authorized key servers can use their public keys to authorize the public keys of additional key servers. Secure authenticated communications can then transpire between the client and any of these key servers. Such a connection is created by a secure handshake process that takes place between the client and the key server. A time value can be sent from the key server to the client, allowing for secure revocation of keys. In addition, secure configuration messages can be sent to the security module.
-
Citations
20 Claims
-
1. A method, at a client, for creating a hierarchy of key servers, wherein a key server is configured to distribute cryptographic keys to one or more network entities, the method comprising:
-
determining that a first key server is authorized by comparing information stored in a security module of the client with a hash value of a first public key associated with the first key server, wherein the first public key is configured to expire after a predetermined period of time; accessing information in the security module to determine whether the first key server is permitted to authorize additional key servers; and in response to determining that the first key server is permitted to authorize additional key servers, signing a second public key of a second key server with the first public key to authorize the second key server, wherein either the first public key of the first key server or the second public key of the second key server can be used to authorize an additional key server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of establishing an authenticated connection between a client and a key server through a handshake process, the method comprising:
-
generating a client random number; saving a copy of the client random number in a security module of the client; sending the client random number to the key server; receiving a server random number, a signed session key, and a certificate from the key server; sending the signed session key to the security module; verifying the signed session key by determining whether the signed session key has been signed with a verified public key; and verifying the handshake process by comparing a hash of a first public key corresponding to the key server with information stored in the security module, wherein the first public key is configured to expire after a predetermined period of time. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A client device in communication with a plurality of key servers, the client device comprising:
-
a local host configured to; send a first public key, wherein the first public key corresponds to a first key server in the plurality of key servers, and wherein the first public key is configured to expire after a predetermined period of time, and send a secure configuration message; and a security module programmed with secure server authorization data corresponding to the key server, wherein the secure server authorization data comprises a hash value of the first public key, wherein the security module is configured to; determine that the first key server is authorized by comparing information stored in the security module with the hash value of the first public key, determine, based on accessing information in the security module, whether the first key server is permitted to authorize additional key servers, in response to determining that the first key server is permitted to authorize additional key servers, sign a second public key of a second key server with the first public key to authorize the second key server, wherein either the first public key or the second public key can be used to authorize an additional key server, determine whether the secure configuration message is accompanied by an authorized signature of an authenticated public key, and in response to determining that the secure configuration message is accompanied by the authorized signature, reconfigure the security module based on the secure configuration message. - View Dependent Claims (19, 20)
-
Specification