System and method for centralized key distribution
First Claim
Patent Images
1. A method for distributing credentials among electronic devices on a computer network comprising:
- at a first client application operating on a first electronic device, instantiating an account in the first client application, wherein the account is instantiated independently of a pre-existing account on an outside service, wherein instantiating the account in the first client application includes activating the first client application prior to performing a secondary factor of authentication in a two-factor authentication for a transaction involving the pre-existing account at the outside service;
generating a key message, comprising a first cryptographic key, at the first client application;
receiving the key message at a key master service;
associating a key identifier with the first cryptographic key of the key message;
storing the first cryptographic key as non-transitory data in a computer database at the key master service indexed at least by the key identifier;
wherein storing the first cryptographic key comprises storing the first cryptographic key with an expiration condition, wherein the expiration condition is conditional, at least in part, on a number of requests attempting to access the first cryptographic key;
receiving a request for a cryptographic key from the outside service, wherein the request specifies a key identifier; and
responding to the request according to the key identifier;
wherein, responding to the request comprises responding to the request by preventing access to the first cryptographic key after the expiration condition is satisfied;
wherein preventing access to the first cryptographic key comprises disassociating the first cryptographic key and the key identifier.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for distributing key pair credentials that includes receiving a public key message at a key master service, wherein the public key message originates from a first client application; associating a key identifier with the public key; storing the public key at the key master service indexed at least by a key identifier; receiving a request for a public key from an outside service, wherein the request specifies a key identifier; and responding to the request with a public key according to the key identifier.
181 Citations
6 Claims
-
1. A method for distributing credentials among electronic devices on a computer network comprising:
-
at a first client application operating on a first electronic device, instantiating an account in the first client application, wherein the account is instantiated independently of a pre-existing account on an outside service, wherein instantiating the account in the first client application includes activating the first client application prior to performing a secondary factor of authentication in a two-factor authentication for a transaction involving the pre-existing account at the outside service; generating a key message, comprising a first cryptographic key, at the first client application; receiving the key message at a key master service; associating a key identifier with the first cryptographic key of the key message; storing the first cryptographic key as non-transitory data in a computer database at the key master service indexed at least by the key identifier;
wherein storing the first cryptographic key comprises storing the first cryptographic key with an expiration condition, wherein the expiration condition is conditional, at least in part, on a number of requests attempting to access the first cryptographic key;receiving a request for a cryptographic key from the outside service, wherein the request specifies a key identifier; and responding to the request according to the key identifier;
wherein, responding to the request comprises responding to the request by preventing access to the first cryptographic key after the expiration condition is satisfied;
wherein preventing access to the first cryptographic key comprises disassociating the first cryptographic key and the key identifier. - View Dependent Claims (2, 3)
-
-
4. A method of distributing credentials, the method comprising:
-
implementing one of a first mode or a second mode for distributing a cryptographic key, wherein; (i) the first mode includes, at a key master service; (a) receiving a key message; (b) associating a key identifier with a cryptographic key of the key message; (c) storing the cryptographic key indexed at least by the key identifier; (d) receiving a request for the cryptographic key from an outside service, wherein the request specifies the key identifier; and (e) according to the key identifier, responding to the request for the cryptographic key by either providing the cryptographic key or not providing the cryptographic key; and (ii) the second mode includes, at the key master service; (f) receiving a request for a private key and a public key identifier, wherein a cryptographic public key is stored and indexed at least by the public key identifier; (g) providing the private key and the public key identifier to a device having a specific client application operating thereon; and implementing the first mode or the second mode based on technical attributes of the device having the specific client application operating thereon. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeDuo Security Incorporated (Cisco Systems, Inc.)
-
InventorsOberheide, Jon, Song, Douglas
-
Primary Examiner(s)Rahman, Mahfuzur
-
Assistant Examiner(s)VICTORIA, NARCISO F
-
Application NumberUS14/482,829Publication NumberTime in Patent Office930 DaysField of Search380/279US Class Current1/1CPC Class CodesH04L 9/083 involving central third par...H04L 9/0894 Escrow, recovery or storing...
