US2006182277A1PendingUtilityA1

Roaming utilizing an asymmetric key pair

47
Assignee: TRICIPHER INCPriority: Feb 14, 2005Filed: Feb 14, 2005Published: Aug 17, 2006
Est. expiryFeb 14, 2025(expired)· nominal 20-yr term from priority
H04L 9/0897H04L 9/0863H04L 9/085H04L 9/3213H04L 9/0822H04L 9/3236H04L 63/08H04L 9/14H04L 9/3297
47
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Techniques for generating a portion of a split private key are provided. A first symmetric key and a second symmetric key different than the first symmetric key are generated at a first location. The generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key are transmitted. Then, at a second network location, the symmetric keys are again generated. The encrypted first factor is received at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location. The received encrypted first factor is then decrypted with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.

Claims

exact text as granted — not AI-modified
1 . A method for generating a portion of a split private key of an asymmetric key pair at multiple locations, the portion not stored in a persistent state, comprising: 
 generating, at a first network location associated with a user, a first symmetric key and a second symmetric key different than the first symmetric key;    transmitting, from the first network location, the generated second symmetric key and a first one of multiple factors for generating the private key portion encrypted with the generated first symmetric key;    generating, at a second network location, the first symmetric key and the second symmetric key, the first factor not present at the second network location;    receiving the encrypted first factor at the second network location subsequent to a user authentication based upon the second symmetric key generated at the second network location; and    decrypting the received encrypted first factor with the first symmetric key generated at the second network location, the decrypted first factor usable to generate the portion of the split private key of the asymmetric key pair.    
     
     
         2 . The method of  claim 1 , wherein the first symmetric key and the second symmetric key are generated based upon the same information associated with the user.  
     
     
         3 . The method of  claim 1 , further comprising: 
 receiving, at the first network location, a question;    entering, at the first network location, an answer to the question;    receiving, at the second network location, the question; and    entering, at the second network location, the answer to the question;    wherein the first symmetric key is generated based upon the received question and the entered answer; and    wherein the second symmetric key is generated based upon the received question and the entered answer.    
     
     
         4 . The method of  claim 1 , wherein the first factor is stored at the first network location, and further comprising: 
 retrieving the stored first factor;    encrypting the retrieved first factor with the first symmetric key prior to the transmission; and    storing the decrypted first factor at the second network location.    
     
     
         5 . The method of  claim 1 , wherein the asymmetric key pair is a first asymmetric key pair and the first factor is an entire private key of a second asymmetric key pair.  
     
     
         6 . The method of  claim 1 , further comprising: 
 applying a password-based key derivation algorithm to information associated with the user a first number of times to generate the first symmetric key; and    applying a password-based key derivation algorithm to the information a second number of times to generate the second symmetric key;    wherein the second number of times is greater than the first number of times.    
     
     
         7 . The method of  claim 1 , wherein: 
 the first symmetric key is a DES3 compliant key; and    the second symmetric key is a DES3 compliant key.    
     
     
         8 . The method of  claim 1 , wherein: 
 the transmission is to a key granting authority;    the authentication is made by the key granting authority; and    the encrypted first factor is received from the key granting authority only after the key granting authority approves transmitting the encrypted first factor to the second network location.    
     
     
         9 . The method of  claim 1 , wherein the generation, at the first network location, of the first symmetric key and the second symmetric key is performed in association with generation of the asymmetric key pair having a split private key.  
     
     
         10 . A system for generating a portion of a split private key of an asymmetric key pair at multiple locations, the portion not stored in a persistent state, comprising: 
 a first network station associated with a user and configured to i) generate a first symmetric key and a second symmetric key, ii) encrypt a first one of multiple factors for generating the private key portion with the generated first symmetric key, and iii) cause the generated second symmetric key and the encrypted first factor to be transmitted; and    a second network station associated with the user configured to i) generate the first symmetric key and the second symmetric key, ii) receive the encrypted first factor subsequent to a user authentication based upon the second symmetric key generated at the second network station, and iii) decrypt the received encrypted first factor with the first symmetric key generated at the second network station, the decrypted first factor usable to generate the private key portion.    
     
     
         11 . The system of  claim 10 , wherein the first symmetric key and the second symmetric key are generated based upon the same information associated with the user.  
     
     
         12 . The system of  claim 10 , wherein: 
 the first network station is further configured to receive a question and an answer to the question; and    the second network station is further configured to receive the question and the answer to the question;    the first symmetric key is generated based upon the received question and the entered answer; and    the second symmetric key is generated based upon the received question and the entered answer.    
     
     
         13 . The system of  claim 10 , wherein: 
 the first network station is further configured to store the first factor, retrieve the stored first factor, and encrypt the retrieved first factor with the first symmetric key prior to the transmission; and    the second network station is further configured to store the decrypted first factor.    
     
     
         14 . The system of  claim 10 , wherein the asymmetric key pair is a first asymmetric key pair and the first factor is an entire private key of a second asymmetric key pair.  
     
     
         15 . The system of  claim 10 , wherein: 
 generating the first symmetric key includes applying a password-based key derivation algorithm to information associated with the user a first number of times;    generating the second symmetric key includes applying the password-based key derivation algorithm to the information associated with the user a second number of times; and    the second number of times is greater than the first number of times.    
     
     
         16 . The system of  claim 10 , wherein: 
 the first symmetric key is a DES3 compliant key; and    the second symmetric key is a DES3 compliant key.    
     
     
         17 . The system of  claim 10 , wherein: 
 the transmission is to a key granting authority;    the authentication is made by the key granting authority; and the encrypted first factor is received from the key granting authority only after the key granting authority approves transmitting the encrypted first factor to the second network location.    
     
     
         18 . The system of  claim 10 , wherein the generation, at the first network station, of the first symmetric key and the second symmetric key is performed in association with generation of the asymmetric key pair having a split private key.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.