Systems and methods for establishing and using distributed key servers

US 9,817,953 B2
Filed: 09/26/2014
Issued: 11/14/2017
Est. Priority Date: 09/26/2013
Status: Expired due to Fees

First Claim

Patent Images

1. A licensing authority system for securely providing an authorization code to a requesting device, the system comprising:

a plurality of key servers;

wherein the plurality of key servers includes at least an “

A”

server and one or more “

B”

servers;

wherein the “

A”

server is configured toreceive a device authorization code request from a requesting device,in response to receiving the device authorization code request, transmitting an “

A”

server authorization code request and a “

B”

server authorization code to the one or more “

B”

servers, andupon receiving an “

A”

server authorization code from the one or more “

B”

servers responsive to the “

A”

server authorization code request, transmitting a device authorization code to the requesting device.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods in which multiple key servers operate cooperatively to securely provide authorization codes to requesting devices. In one embodiment, a server cloud receives a device authorization code request and selects an “A server”. The “A server” requests authorization from one or more “B servers” and authorizes the “B servers” to respond. The “B servers” provide authorization to the “A server”, and may provide threshold key inputs to enable decryption of device authorization codes. The “A server” cannot provide the requested device authorization code without authorization from the “B server(s)”, and the “B server(s)” cannot provide the requested server authorization code and threshold inputs without a valid request from the “A server”. After the “A server” receives authorization from the “B server(s)”, it can provide the initially requested device authorization code to the requesting device.

13 Citations

19 Claims

1. A licensing authority system for securely providing an authorization code to a requesting device, the system comprising:
- a plurality of key servers;
  
  wherein the plurality of key servers includes at least an “
  
  A”
  
  server and one or more “
  
  B”
  
  servers;
  
  wherein the “
  
  A”
  
  server is configured toreceive a device authorization code request from a requesting device,in response to receiving the device authorization code request, transmitting an “
  
  A”
  
  server authorization code request and a “
  
  B”
  
  server authorization code to the one or more “
  
  B”
  
  servers, andupon receiving an “
  
  A”
  
  server authorization code from the one or more “
  
  B”
  
  servers responsive to the “
  
  A”
  
  server authorization code request, transmitting a device authorization code to the requesting device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The licensing authority system of claim 1, wherein each of the plurality of key servers is identically configured.
  - 3. The licensing authority system of claim 2, wherein the device authorization code request is broadcast to all of the plurality of key servers, and wherein a first one of the plurality of key servers to acknowledge the device authorization code request functions as the “
    - A”
      
      server.
  - 4. The licensing authority system of claim 3, wherein a single one of the plurality of key servers other than the “
    - A”
      
      server functions as the “
      
      B”
      
      server, and wherein the “
      
      B”
      
      server transmits the server authorization code to the “
      
      A”
      
      server.
  - 5. The licensing authority system of claim 3, wherein more than one of the plurality of key servers other than the “
    - A”
      
      server function as the “
      
      B”
      
      servers, and wherein each of the “
      
      B”
      
      servers transmits at least a portion of a response comprising the server authorization code to the “
      
      A”
      
      server.
  - 6. The licensing authority system of claim 5, wherein each of the “
    - B”
      
      servers transmits a corresponding threshold key input to the “
      
      A”
      
      server, and wherein the “
      
      A”
      
      server can only transmit the device authorization code to the requesting device after receipt of at least a threshold number of the threshold key inputs from the “
      
      B”
      
      servers.
  - 7. The licensing authority system of claim 5, wherein the key servers comprise servers of a higher-level licensing authority in a hierarchical licensing authority structure, and wherein the requesting device comprises a server of a lower-level licensing authority in the hierarchical licensing authority structure.
  - 8. The licensing authority system of claim 2, further comprising a load balancer, wherein the load balancer is configured to:
    - receive the device authorization code request from the requesting device;
      
      determine the availability of one or more of the key servers to function as the “
      
      A”
      
      server;
      
      identify one of the key servers as the “
      
      A”
      
      server; and
      
      forward the device authorization code request to the “
      
      A”
      
      server.
  - 9. The licensing authority system of claim 1, wherein the “
    - A”
      
      server is incapable of transmitting the device authorization code to the requesting device without first receiving the “
      
      A”
      
      server authorization code from the “
      
      B”
      
      server, and wherein the “
      
      B”
      
      server is incapable of transmitting the “
      
      A”
      
      server authorization code to the “
      
      A”
      
      server without first receiving the “
      
      B”
      
      server authorization code from the “
      
      A”
      
      server.

10. A licensing authority server for securely providing an authorization code to a requesting device, the licensing authority server comprising:
- a CPU;
  
  a memory that stores an encrypted secret key for at least an identified device;
  
  a server secret key store that is inaccessible to devices other than the CPU; and
  
  one or more input/output (I/O) ports;
  
  wherein the licensing authority server is capable of functioning as an “
  
  A”
  
  server in whichin response to receiving a device authorization code request for the identified device via the one or more I/O ports, the CPU generates a server authorization code request and outputs the server authorization code request via the one or more I/O portsin response to receiving a server authorization code, the CPU generates an ephemeral global key, decrypts the encrypted secret key for the identified device with the ephemeral global key, generates a device authorization code for the identified device, and outputs the device authorization code for the identified device; and
  
  wherein the device authorization code for the identified device can be generated by the CPU only after receiving the server authorization code.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The licensing authority server of claim 10, wherein the licensing authority server is configured to acknowledge the device authorization code request and to function as the “
    - A”
      
      server only upon determining that the licensing authority server is a first one of one or more licensing authority servers to acknowledge the device authorization code.
  - 12. The licensing authority server of claim 10, wherein the licensing authority server is further capable of functioning as a “
    - B”
      
      server in which, in response to receiving a server authorization code request from a different licensing authority server via the one or more I/O ports, the CPU outputs a server authorization code via the one or more I/O ports.
  - 13. The licensing authority server of claim 12, wherein when the licensing authority server is functioning as the “
    - B”
      
      server, the CPU outputs a key with the server authorization code via the one or more I/O ports.
  - 14. The licensing authority server of claim 13, wherein the key comprises a threshold key.

15. A computer program product comprising a non-transitory computer readable medium containing one or more instructions executable by a computer to perform steps including:
- functioning as an “
  
  A”
  
  server, includingin response to receiving a device authorization code request from an identified device, generating a server authorization code request and outputting the server authorization code request,in response to receiving a server authorization code responsive to the server authorization code request, generating an ephemeral global key, decrypting an encrypted secret key for the identified device with the ephemeral global key, generating a device authorization code for the identified device, and outputting the device authorization code for the identified device, andinhibiting generation of the device authorization code for the identified device until the server authorization code is received.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer program product of claim 15, wherein functioning as the “
    - A”
      
      server includes acknowledging the device authorization code request and functioning as the “
      
      A”
      
      server only upon determining that the computer is a first one of one or more servers to acknowledge the device authorization code.
  - 17. The computer program product of claim 15, wherein the instructions are further executable by the computer to perform functions of a “
    - B”
      
      server including, in response to receiving a server authorization code request from a server other than the computer, outputting a server authorization code.
  - 18. The computer program product of claim 17, wherein the instructions are further executable by the computer to perform functions of a “
    - B”
      
      server including, outputting a key with the server authorization code.
  - 19. The computer program product of claim 18, wherein the key comprises a threshold key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Torus Ventures LLC (Jeffrey M. Gross)
Original Assignee
Rubicon Labs, Inc.
Inventors
Oxford, William V., Woodcock, III, Gerald E.
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US14/497,652
Publication Number

US 20150089231A1
Time in Patent Office

1,145 Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/107   License processing; Key pro...

G06F 2221/2145   Inheriting rights or proper...

H04L 2209/60   Digital content management,...

H04L 2209/603   Digital right managament [DRM]

H04L 63/062   for key distribution, e.g. ...

H04L 67/1004   Server selection for load b...

H04L 9/0869   involving random numbers or...

Systems and methods for establishing and using distributed key servers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for establishing and using distributed key servers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links