Apparatus and method for group session key and establishment using a certified migration key

US 8,255,690 B2
Filed: 06/12/2009
Issued: 08/28/2012
Est. Priority Date: 06/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

exporting a protected certified migration key (CMK) to a target platform if the platform is authorized to participate in a group and meets a group security policy;

encrypting a group master key with a public portion of the CMK to form a protected group master key; and

transmitting the protected group master key to the target platform.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for group session key and establishment using a certified migration key are described. In one embodiment, the method includes exporting of a protected certified migration key (CMK) to a target platform. In one embodiment, exporting of the protected CMK requires that the target platform is authorized for participation in a group and has a storage key, including attributes that comply with the group security policy. Once the protected CMK is exported, in one embodiment, a group master key is encrypted with a public portion of the CMK to form a protected group master key. Subsequently, the protected group master key is transmitted to the target platform. In one embodiment, possession of the group master key enables the target platform to participate in a secure group communication session. Other embodiments are described and claimed.

14 Citations

View as Search Results

10 Claims

1. A method comprising:
- exporting a protected certified migration key (CMK) to a target platform if the platform is authorized to participate in a group and meets a group security policy;
  
  encrypting a group master key with a public portion of the CMK to form a protected group master key; and
  
  transmitting the protected group master key to the target platform.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein exporting further comprises:
    - verifying that the platform is authorized for participation in the group;
      
      requesting signed attributes of a key selected by the target platform as a parent key of the CMK if the platform is verified as authorized to participate in the group;
      
      comparing signed attributes received from the target platform against the group security policy; and
      
      encrypting the CMK with a public portion of the parent key of the target platform if the signed attributes meet the group security policy to form the protected CMK.
  - 3. The method of claim 1, wherein prior to exporting, the method further comprises:
    - exporting the group CMK to a trusted group manager;
      
      creating, by the trusted group manager, the group master key; and
      
      responding to request a from the target platform to join the group.
  - 4. The method of claim 1, further comprising:
    - encrypting a data stream according to a session key derived from the group master key;
      
      encrypting the session key using the group CMK; and
      
      transmitting the encrypted data stream, including the session key, to the platform and at least one group member platform.
  - 5. The method of claim 1, wherein the protected group master key is transmitted to the target platform by a group member platform.

6. A method comprising:
- providing, according to a key certification request from a group manager, signed attributes of key selected by a target platform as a parent key of a certified migration key (CMK) held by the trusted group manager;
  
  receiving the CMK from the group manager if the signed attributes meet a group security policy; and
  
  participating in a group communications session with at least one group member platform by decrypting an encrypted data stream using a session key received with the encrypted stream and protected by the CMK.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein prior to providing the signed attributes, the method further comprises:
    - issuing, by the target platform, a request to the group manager to join a group; and
      
      receiving the key certification request if the target platform is authorized for participation in the group.
  - 8. The method of claim 6, wherein receiving the CMK further comprises:
    - decrypting the CMK according to the key selected by the platform as the parent key of the CMK; and
      
      loading the CMK under the selected parent key.
  - 9. The method of claim 6, further comprising:
    - receiving a group master key, wherein the group master key is encrypted with a public portion of the CMK;
      
      decrypting the group master key with a private portion of the CMK; and
      
      deriving a group session key from the master key to enable participation in a group communication session.
  - 10. The method of claim 6, wherein participating in the group communication session comprises:
    - receiving the encrypted group session key with encrypted content;
      
      decrypting the session key with a private portion of the CMK; and
      
      decrypting the encrypted content using the decrypted session key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Wiseman, Willard M., McKown, Brett G.
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US12/484,011
Publication Number

US 20090249073A1
Time in Patent Office

1,173 Days
Field of Search

None
US Class Current

713/171
CPC Class Codes

H04L 9/0825 using asymmetric-key encryp...

H04L 9/0836 using tree structure or hie...

Apparatus and method for group session key and establishment using a certified migration key

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for group session key and establishment using a certified migration key

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links