Video surveillance systems using out of band key exchange
US-12177293-B2 · Dec 24, 2024 · US
Secure shell authentication
US10129217B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10129217-B2 |
| Application number | US-201514922917-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 26, 2015 |
| Priority date | May 3, 2013 |
| Publication date | Nov 13, 2018 |
| Grant date | Nov 13, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a key store to store a private/public encryption key pair and to provide the private key to an authentication server; the authentication server to receive requests from a first information handling system within an organization to sign messages with the private key, to retrieve the private key from the key store, to sign the messages, and to transmit the signed messages to the first information handling system without divulging the private key; the first information handling system to transmit the signed messages to a recipient outside the organization, wherein the recipient verifies the signed message to determine the message originated with the organization, wherein the authentication server is in a more secure environment than the first information handling system and inaccessible to the recipient outside the organization, the first information handling system having network access outside the organization, and wherein the authentication server or the other information handling system includes at least one hardware processor. 2. The system of claim 1 , wherein network access of the authentication server is limited to information handling systems within the organization according to a policy of the organization. 3. The system of claim 2 , further comprising a firewall to implement the policy. 4. The system of claim 2 , wherein: the first information handling system has network access outside the organization; and the authentication server is located in a facility separate from the first information handling system. 5. The system of claim 2 , wherein: the first information handling system has network access outside the organization; and the authentication server is located in a room separate from the first information handling system. 6. The system of claim 1 , wherein the authentication server is to authenticate the first information handling system as a prerequisite to signing the messages in response to the requests of the first information handling system. 7. The system of claim 1 , wherein the first information handling system submits the requests to the authentication server utilizing Transport Layer Security. 8. A method comprising: receiving at an authentication server a request to sign a message with a private key from an information handling system within an organization, the authentication server being in a more secure environment than the information handling system and inaccessible to a recipient outside of the organization, the information handling system having network access outside the organization, the authentication server and the information handling system including at least one hardware processor; retrieving a private key from a key store, the key store configured to store a private/public encryption key pair; signing the message with the private key; and transmitting the signed message to the information handling system without divulging the private key, the information handling system configured to transmit the signed message to the recipient outside of the organization enabling the recipient outside the organization to verify the authenticity of the signed message using the public key to ensure the message originated with the organization. 9. The method of claim 8 , further comprising authenticating the information handling system by the authentication server. 10. The method of claim 8 , wherein network access of the authentication server is more restricted than network access of the information handling system according to a policy of an organization controlling the authentication server and the information handling system. 11. The method of claim 10 , wherein a firewall governing network access of the authentication server implements the policy. 12. The method of claim 11 , wherein: the information handling system is on a first network; the authentication server is on a second network; the first network is separate from the second network; and the second network is a segmented network. 13. The method of claim 12 , wherein network access of information handling systems on the second network is limited to information handling systems on the first network. 14. The method of claim 10 , wherein: the information handling systems have network access outside the organization; and the authentication server is located in a facility separate from the information handling systems. 15. The method of claim 10 , wherein: the information handling systems have network access outside the organization; and the authentication server is located in a room separate from the information handling systems. 16. The method of claim 8 , wherein the information handling system submits the requests to the authentication server utilizing Transport Layer Security. 17. A system comprising: an authentication server in communication with an information handling system within an organization, the authentication server to receive requests from the information handling system to sign messages with a private key, network access of the authentication server limited to a plurality of information handling systems within the organization, the plurality of information handling systems including the information handling system; and a key store to store a private/public encryption key pair and to provide the private key to the authentication server; the authentication server to sign the messages and to transmit the signed messages to the information handling system without divulging the private key; the information handling system to transmit the signed messages to a recipient outside the organization, wherein the recipient outside the organization confirms that the message originated with the organization by verifying the signed message with the public key; wherein the authentication server is in a more secure environment than the information handling system and inaccessible to the recipient outside the organization, wherein the authentication server or the information handling system includes at least one hardware processor; and wherein at least a portion of the plurality of information handling systems have network access outside the organization.
Assignees
Inventors
Classifications
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
involving digital signatures · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10129217B2 cover?
- A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second i…
- Who is the assignee on this patent?
- Dell Products Lp, Dell Software Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0428. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 13 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).