Apparatus and method for group session key and establishment using a certified migration key
First Claim
1. A method comprising:
- exporting a protected certified migration key (CMK) to a target platform if the platform is authorized to participate in a group and meets a group security policy;
encrypting a group master key with a public portion of the CMK to form a protected group master key; and
transmitting the protected group master key to the target platform.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.
14 Citations
10 Claims
-
1. A method comprising:
- exporting a protected certified migration key (CMK) to a target platform if the platform is authorized to participate in a group and meets a group security policy;
encrypting a group master key with a public portion of the CMK to form a protected group master key; and
transmitting the protected group master key to the target platform. - View Dependent Claims (2, 3, 4, 5)
- exporting a protected certified migration key (CMK) to a target platform if the platform is authorized to participate in a group and meets a group security policy;
-
6. A method comprising:
- providing, according to a key certification request from a group manager, signed attributes of key selected by a target platform as a parent key of a certified migration key (CMK) held by the trusted group manager;
receiving the CMK from the group manager if the signed attributes meet a group security policy; and
participating in a group communications session with at least one group member platform by decrypting an encrypted data stream using a session key received with the encrypted stream and protected by the CMK. - View Dependent Claims (7, 8, 9, 10)
- providing, according to a key certification request from a group manager, signed attributes of key selected by a target platform as a parent key of a certified migration key (CMK) held by the trusted group manager;
Specification