Systems and methods for delegated cryptography

US 9,887,975 B1
Filed: 08/03/2017
Issued: 02/06/2018
Est. Priority Date: 08/03/2016
Status: Active Grant

First Claim

Patent Images

1. An authentication method comprising:

receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link;

displaying information derived from the data;

prompting a user for approval of the request with information derived from the data;

in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and

sending the digital signature to the delegate computer over the secure channel.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In some embodiments, an authentication method comprises receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link; displaying information derived from the data; prompting a user for approval of the request with information derived from the data; in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and sending the digital signature to the delegate computer over the secure channel.

107 Citations

View as Search Results

21 Claims

1. An authentication method comprising:
- receiving a request for a digital signature of data from a delegate computer over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link;
  
  displaying information derived from the data;
  
  prompting a user for approval of the request with information derived from the data;
  
  in response to receiving approval from the user, creating the digital signature of the data using one or more private keys stored in a key enclave; and
  
  sending the digital signature to the delegate computer over the secure channel.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The authentication method of claim 1, further comprising:
    - reading a first key displayed on the delegate computer with a camera, wherein the first key is a public key;
      
      sending a second key to the delegate computer; and
      
      securing communication with the delegate computer using at least one of the first and second keys or one or more keys derived from the first and second keys.
  - 3. The authentication method of claim 2, further comprising:
    - receiving during a confirmation stage a message from the delegate computer secured using at least one of the first and second keys or one or more keys derived from the first and second keys; and
      
      confirming the secure channel in response to receiving the message from the delegate computer.
  - 4. The authentication method of claim 1, further comprising:
    - displaying a first key, wherein the first key is a public key;
      
      receiving a second key from the delegate computer; and
      
      securing communication with the delegate computer using at least one of the first and second keys or one or more keys derived from the first and second keys.
  - 5. The authentication method of claim 4, further comprising:
    - sending during a confirmation stage a message to the delegate computer secured using at least one of the first and second keys or one or more keys derived from the first and second keys.
  - 6. The authentication method of claim 1, wherein the data is SSH session data.
  - 7. The authentication method of claim 6,wherein:
    - the receiving a request for the digital signature of data from the delegate computer comprises receiving from the delegate computer a signature request that contains a host signature of an SSH session identifier; and
      
      the sending the digital signature to the delegate computer comprises sending the digital signature to the delegate computer in response to successfully verifying the host signature; and
      
      the method further comprising;
      
      verifying that the host signature is a signature of the SSH session identifier, wherein the verifying comprises using at least one public key in a list of known host keys stored on at least one of the key enclave or a computer distinct from the key enclave and the delegate computer.
  - 8. The authentication method of claim 1, wherein one or more approved signature requests are recorded in a log.
  - 9. The authentication method of claim 1, wherein one or more approved signature requests are recorded in a log stored on the key enclave.
  - 10. The authentication method of claim 1, wherein one or more approved signature requests are recorded in a log stored on a computer distinct from the key enclave and the delegate computer.
  - 11. The authentication method of claim 1, wherein the data is a Git commit object.
  - 12. The authentication method of claim 1, wherein the data is a Git tag object.
  - 13. The authentication method of claim 1, further comprising:
    - computing a hash of the data; and
      
      computing the digital signature using the hash.
  - 14. The authentication method of claim 1, further comprising:
    - receiving during a specified time interval a request for a second digital signature of second data from the delegate computer over the secure channel; and
      
      sending the second digital signature to the delegate computer over the secure channel without requiring approval from the user.
  - 15. The authentication method of claim 1, further comprising connecting to the delegate computer using a routing service.

16. A verification method comprising:
- receiving a request from a delegate computer for verification of a digital signature over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link;
  
  verifying the digital signature using at least one of one or more public keys stored in a key enclave or data derived from the one or more public keys stored in the key enclave; and
  
  sending the delegate computer a response to the request for verification of the digital signature, wherein the one or more public keys are stored with an associated level of trust and the response comprises the level of trust.
- View Dependent Claims (17, 18, 19)
- - 17. The verification method of claim 16, further comprising:
    - reading a first key displayed on the delegate computer with a camera, wherein the first key is a public key;
      
      sending a second key to the delegate computer; and
      
      securing communication with the delegate computer using at least one of the first and second keys or one or more keys derived from the first and second keys.
  - 18. The verification method of claim 17, further comprising:
    - receiving during a confirmation stage a message from the delegate computer secured using at least one of the first and second keys or one or more keys derived from the first and second keys; and
      
      confirming the secure channel in response to receiving the message from the delegate computer.
  - 19. The verification method of claim 16, further comprising connecting to the delegate computer using a routing service.

20. A verification method comprising:
- receiving a request from a delegate computer for at least one of one or more public keys or data derived from the one or more public keys over a secure channel using cryptography to provide authentication, wherein the secure channel comprises at least one wireless communications link and the one or more public keys are stored in a key enclave;
  
  sending at least one of one or more public keys or data derived from the one or more public keys to the delegate computer;
  
  wherein the one or more public keys are stored with an associated level of trust; and
  
  sending the at least one of one or more public keys or data derived from the one or more public keys to the delegate computer comprises sending the level of trust.
- View Dependent Claims (21)
- - 21. The verification method of claim 20, further comprising connecting to the delegate computer using a routing service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KryptCo, Inc. (Akamai Technologies, Inc.)
Original Assignee
KryptCo, Inc. (Akamai Technologies, Inc.)
Inventors
Gifford, David, King, Kevin Churan, Grinman, Alex
Primary Examiner(s)
McNally, Michael S

Application Number

US15/668,550
Publication Number

US 20180041484A1
Time in Patent Office

187 Days
Field of Search

713155
US Class Current
CPC Class Codes

H04L 2209/80   Wireless network architectu...

H04L 63/062   for key distribution, e.g. ...

H04L 63/126   the source of the received ...

H04L 9/006   involving public key infras...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/0877   using additional device, e....

H04L 9/088   Usage controlling of secret...

H04L 9/0891   Revocation or update of sec...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

H04W 12/041   Key generation or derivation

H04W 12/0431   Key distribution or pre-dis...

H04W 12/0471   Key exchange

H04W 12/106   Packet or message integrity

H04W 12/50   Secure pairing of devices

Systems and methods for delegated cryptography

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

107 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for delegated cryptography

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links