Secure key storage systems, methods and apparatuses
First Claim
1. An apparatus, comprising:
- a first non-volatile storage for storing a plurality of private root key of a certificate authority for signing digital certificates;
an input device for receiving manual input from an operator;
a communication interface consisting of a one-way transmitter for transmitting information from the apparatus; and
a processor configured to;
select a private root key from the plurality of private root keys according to the manual input received through the input device;
retrieve the selected private root key from the first non-volatile storage;
receive information for a new digital certificate through the input device;
generate the new digital certificate according to the received information;
sign the new digital certificate using the private root key; and
transmit the new digital certificate from the apparatus using the transmitter.
1 Assignment
0 Petitions
Accused Products
Abstract
The systems, methods and apparatuses described herein provide a computing environment that manages private key storage. An apparatus according to the present disclosure may comprise a first non-volatile storage for storing a private root key for signing digital certificates, an input device for receiving manual input from an operator, a communication interface consisting of a one-way transmitter for transmitting information from the apparatus, and a processor. The processor may be configured to retrieve the private root key from the first non-volatile storage, receive information for a new digital certificate through the input device, generate the new digital certificate according to the received information, sign the new digital certificate using the private root key and transmit the new digital certificate from the apparatus using the transmitter.
-
Citations
32 Claims
-
1. An apparatus, comprising:
-
a first non-volatile storage for storing a plurality of private root key of a certificate authority for signing digital certificates; an input device for receiving manual input from an operator; a communication interface consisting of a one-way transmitter for transmitting information from the apparatus; and a processor configured to; select a private root key from the plurality of private root keys according to the manual input received through the input device; retrieve the selected private root key from the first non-volatile storage; receive information for a new digital certificate through the input device; generate the new digital certificate according to the received information; sign the new digital certificate using the private root key; and transmit the new digital certificate from the apparatus using the transmitter. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system, comprising:
-
a first device, comprising; a first non-volatile storage for storing a plurality of private root key of a certificate authority for signing digital certificates; an input device for receiving manual input from an operator; a communication interface consisting of a one-way transmitter for transmitting information from the first device to a second device; and a processor configured to select a private root key from the plurality of private root keys according to the manual input received through the input device and generate new digital certificates to be transmitted to the second device; and the second device, comprising; a receiver coupled to the transmitter of the first device; and a communication port for establishing a two-way communication channel with an external network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a first device, comprising; a first non-volatile storage for storing a plurality of private root key of a certificate authority for signing digital certificates; an input device for receiving manual input from an operator; a first transceiver for communication with a second device; and a processor configured to; receive a new digital certificate request; verify that the new digital certificate request is valid; select a private root key from the plurality of private root keys according to the manual input received through the operator; retrieve the selected private root key from the first non-volatile storage; generate the new digital certificate according to the new digital certificate request; sign the new digital certificate using the private root key; and transmit the new digital certificate from the first device to the second device using a transmitter; and the second device, comprising; a second transceiver coupled to the first transceiver of the first device, wherein the first and second transceivers are coupled together by a non-routable, point-to-point connection; and a communication port for establishing a two-way communication channel with an external network. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A computer-implemented method, comprising:
-
storing, in a first non-volatile storage of a first device, a plurality of private root key of a certificate authority for signing digital certificates; receiving manual input from an operator for information about a new digital certificate; select a private root key from the plurality of private root keys according to the manual input received from the operator; retrieving the selected private root key from the first non-volatile storage; generating the new digital certificate according to the received information; signing the new digital certificate using the private root key; and transmitting the new digital certificate from the first device to a second device connected to the first device by a one-way connection. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer-implemented method, comprising:
-
storing, in a first non-volatile storage of a first device, a plurality of private root key of a certificate authority for signing digital certificates; receiving a new digital certificate request; verifying the new digital certificate request is valid; select a private root key from the plurality of private root keys according to a manual input received through an operator; retrieving the selected private root key from the first non-volatile storage; generating the new digital certificate according to the new digital certificate request; signing the new digital certificate using the private root key; and transmitting the new digital certificate from the first device to a second device by a non-routable, point-to-point connection. - View Dependent Claims (29, 30, 31, 32)
-
Specification