Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
2007-02-20
2007-02-20
Moazzami, Nasser (Department: 2136)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C713S168000
Reexamination Certificate
active
10008053
ABSTRACT:
Registration of non-configured network devices in a distributed network is facilitated by a method of distributing cryptographic keys. A non-configured first device seeking to communicate securely with a second device acquires knowledge of a trusted registration service. The first device registers with the registration service and obtains a longer-lived symmetric key. Using the longer-lived key, the first device authenticates itself to a key management service, and receives a shorter-lived symmetric key encapsulated in a ticket that includes policy information. A second device carries out the same preparatory process. Using its ticket containing the shorter-lived key, the first device requests the second device to obtain a session key on behalf of both. The second device presents its own ticket and that of the first device to the key management service to authenticate the shorter-lived key, and then obtains a session key for use in communications among the first and second devices. The first device and second device then communicate by encrypting communications with the session key, and without further contact with the key management or registration services or any other online authoritative server or key database. Thus newly deployed network devices may be positively identified, registered in the network, and subjected to key schedule or other key management policies.
REFERENCES:
patent: 5737419 (1998-04-01), Ganesan
patent: 6198824 (2001-03-01), Shambroom
patent: 6718467 (2004-04-01), Trostle
patent: 2001/0047484 (2001-11-01), Medvinsky et al.
patent: 2002/0147906 (2002-10-01), Lotspiech et al.
patent: 2005/0027985 (2005-02-01), Sprunk et al.
patent: WO 99/17495 (1999-04-01), None
Bruce Schneier, “Applied Cryptography”, 1996, pp. 566-572.
J. Trostle, et al., “Lightweight Kerberos Mechanism”, Nov. 2000, 5 pages.
Brian Tung, et al., “Public Key Cryptography for Intial Authentication in Kerberos”, Dec. 15, 2001, 20 pages.
Mike Swift, et al., “Extending the GSS Kerberos Mechanism for Initial Kerberos Authentication (IAKERB)”, Jul. 2001, pp. 1-9.
Kohl, “The Kerberos Network Authentication Service (V5)”, 1993, 106 pages.
Bruce Schneier, “Applied Cryptography”, 1996, pp. 566-572.
Hickman Palermo & Truong & Becker LLP
Moazzami Nasser
Shiferaw Eleni
LandOfFree
Method and apparatus providing secure initialization of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus providing secure initialization of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus providing secure initialization of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3877692