Systems and methods for establishing and using distributed key servers
First Claim
1. A licensing authority system for securely providing an authorization code to a requesting device, the system comprising:
- a plurality of key servers;
wherein the plurality of key servers includes at least an “
A”
server and one or more “
B”
servers;
wherein the “
A”
server is configured toreceive a device authorization code request from a requesting device,in response to receiving the device authorization code request, transmitting an “
A”
server authorization code request and a “
B”
server authorization code to the one or more “
B”
servers, andupon receiving an “
A”
server authorization code from the one or more “
B”
servers responsive to the “
A”
server authorization code request, transmitting a device authorization code to the requesting device.
3 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device.
-
Citations
19 Claims
-
1. A licensing authority system for securely providing an authorization code to a requesting device, the system comprising:
-
a plurality of key servers; wherein the plurality of key servers includes at least an “
A”
server and one or more “
B”
servers;wherein the “
A”
server is configured toreceive a device authorization code request from a requesting device, in response to receiving the device authorization code request, transmitting an “
A”
server authorization code request and a “
B”
server authorization code to the one or more “
B”
servers, andupon receiving an “
A”
server authorization code from the one or more “
B”
servers responsive to the “
A”
server authorization code request, transmitting a device authorization code to the requesting device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A licensing authority server for securely providing an authorization code to a requesting device, the licensing authority server comprising:
-
a CPU; a memory that stores an encrypted secret key for at least an identified device; a server secret key store that is inaccessible to devices other than the CPU; and
one or more input/output (I/O) ports;wherein the licensing authority server is capable of functioning as an “
A”
server in whichin response to receiving a device authorization code request for the identified device via the one or more I/O ports, the CPU generates a server authorization code request and outputs the server authorization code request via the one or more I/O ports in response to receiving a server authorization code, the CPU generates an ephemeral global key, decrypts the encrypted secret key for the identified device with the ephemeral global key, generates a device authorization code for the identified device, and outputs the device authorization code for the identified device; and
wherein the device authorization code for the identified device can be generated by the CPU only after receiving the server authorization code. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer readable medium containing one or more instructions executable by a computer to perform steps including:
-
functioning as an “
A”
server, includingin response to receiving a device authorization code request from an identified device, generating a server authorization code request and outputting the server authorization code request, in response to receiving a server authorization code responsive to the server authorization code request, generating an ephemeral global key, decrypting an encrypted secret key for the identified device with the ephemeral global key, generating a device authorization code for the identified device, and outputting the device authorization code for the identified device, and inhibiting generation of the device authorization code for the identified device until the server authorization code is received. - View Dependent Claims (16, 17, 18, 19)
-
Specification