Invention Grant
US08290165B2 Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
有权
用于加密密钥存储的方法和装置,其中密钥服务器通过拥有和安全分发所存储的密钥进行认证
- Patent Title: Method and apparatus for cryptographic key storage wherein key servers are authenticated by possession and secure distribution of stored keys
- Patent Title (中): 用于加密密钥存储的方法和装置,其中密钥服务器通过拥有和安全分发所存储的密钥进行认证
-
Application No.: US12723480Application Date: 2010-03-12
-
Publication No.: US08290165B2Publication Date: 2012-10-16
- Inventor: Robert Allen , Robert A. Jerdonek , John Wang , Tom Wu
- Applicant: Robert Allen , Robert A. Jerdonek , John Wang , Tom Wu
- Applicant Address: US NY Islandia
- Assignee: CA, Inc.
- Current Assignee: CA, Inc.
- Current Assignee Address: US NY Islandia
- Agency: Kilpatrick Townsend & Stockton LLP
- Main IPC: H04L9/00
- IPC: H04L9/00
Abstract:
A key management system includes secured data stored on a first system secured by a control key stored securely on a key server. The secured data is secured against attacks such as unauthorized use, modification or access, where authorization to access the secured data is determined by knowledge of an access private key of an access key pair. When an authorized user is to access the secured data, the first system generates a request to the key server, signed with the access private key, wherein the request is for a decryption control key and the request includes a one-time public key of a key pair generated by the first system for the request. The first system can decrypt the decryption control key from the response, using a one-time private key. The first system can then decrypt the secured data with the decryption control key remaining secured in transport.
Public/Granted literature
Information query
