Symmetric key distribution framework for the internet
First Claim
Patent Images
1. A method, comprising:
- a security measurement hardware device, integrated in a client, requesting a required client health policy from an application server;
a network interface controller, integrated in the application server, sending/storing the required client health policy and an address of a key distribution server to the security measurement hardware device;
the security measurement hardware device performing a health check of the client using the required client health policy received from the network interface controller, the health check creating health information describing the health of the client;
the security measurement hardware device sending the health information to a key distribution server;
the key distribution server validating the client'"'"'s health through the received health information;
the key distribution server providing the client with a session key for secure interaction with the application server when the client'"'"'s health has been validated;
the key distribution server providing the network interface controller a master key corresponding to the session key, wherein the master key is one of a plurality of unique master keys, each unique master key being provided for each particular session key;
the client sending a request to interact with the application server using the session key; and
the network interface controller allowing the client to interact with the application server after verifying the client'"'"'s session key with the corresponding master key.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, device, and system are disclosed. In one embodiment the method includes receiving measured health information from a client on a key distribution server. Once the measured health information is received the server is capable of validating the measured health information to see if it is authentic. The server is also capable of sending a session key to the client when the measured health information is validated. When the client receives the session key, the client is capable of initiating an encrypted and authenticated connection with an application server in the domain using the session key.
27 Citations
4 Claims
-
1. A method, comprising:
-
a security measurement hardware device, integrated in a client, requesting a required client health policy from an application server; a network interface controller, integrated in the application server, sending/storing the required client health policy and an address of a key distribution server to the security measurement hardware device; the security measurement hardware device performing a health check of the client using the required client health policy received from the network interface controller, the health check creating health information describing the health of the client; the security measurement hardware device sending the health information to a key distribution server; the key distribution server validating the client'"'"'s health through the received health information; the key distribution server providing the client with a session key for secure interaction with the application server when the client'"'"'s health has been validated; the key distribution server providing the network interface controller a master key corresponding to the session key, wherein the master key is one of a plurality of unique master keys, each unique master key being provided for each particular session key; the client sending a request to interact with the application server using the session key; and the network interface controller allowing the client to interact with the application server after verifying the client'"'"'s session key with the corresponding master key. - View Dependent Claims (2)
-
-
3. A system, comprising:
-
a client, including a security measurement hardware device to; request a required client health policy from an application server, the application server comprising a network interface controller; perform a health check of the client using the required client health, the health check creating health information describing the health of the client; and send the health information to a key distribution server; and wherein the client to send a request to interact with the application server using a session key; and the key distribution server to; validate the client'"'"'s health through the received health information; provide the client with the session key for secure interaction with the application server when the health of the client has been validated; and provide the network interface controller of the application server with a master key corresponding to the session key, wherein the master key is one of a plurality of unique master keys, each unique master key being provided for each particular session key; and the network interface controller of the application server to; send the required client health policy and an address of a key distribution server to the security measurement hardware device; verify the session key with the corresponding master key; and allow the client to interact with the application server after verifying the session key. - View Dependent Claims (4)
-
Specification