Method and system for distributing secrets
US-9384362-B2 · Jul 5, 2016 · US
Systems and methods for credentials distribution
US10142325B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10142325-B2 |
| Application number | US-201615250496-A |
| Country | US |
| Kind code | B2 |
| Filing date | Aug 29, 2016 |
| Priority date | Aug 29, 2016 |
| Publication date | Nov 27, 2018 |
| Grant date | Nov 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server. The method further includes sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials. The requesting management node can decrypt the encrypted credentials using a private key.
First claim
Opening claim text (preview).
What is claimed is: 1. A method by a management server, comprising: receiving a credentials request from a requesting management node, wherein the credentials request includes a public key of the requesting management node; determining whether the management server has credentials encrypted for the requesting management node in a local cache, wherein the credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server; sending the encrypted credentials to the requesting management node when the management server has the encrypted credentials, wherein the requesting management node can decrypt the encrypted credentials using a private key; and when the management server determines that the management server does not have the encrypted credentials: sending a multicast request to one or more peer management nodes, the multicast request including the public key of the requesting management node; receiving a unicast response from a responding management node that includes the encrypted credentials for the requesting management node; and sending the encrypted credentials received from the responding management node to the requesting management node. 2. The method of claim 1 , wherein the requesting management node sends the credentials request upon determining that credentials required to perform a task cannot be resolved or acquired at the requesting management node. 3. The method of claim 1 , wherein upon receiving the multicast request, the responding management node resolves the credentials from a local store of the responding management node, decrypts the credentials using a private key of the responding management node, and re-encrypts the credentials using the public key of the requesting management node. 4. The method of claim 1 , wherein the responding management node validates that the requesting management node is trusted to receive credentials by testing a certificate of the requesting management node with a certificate chain. 5. The method of claim 1 , further comprising: storing the encrypted credentials received from the responding management node in the local cache of the management server. 6. The method of claim 1 , wherein the requesting management node and the one or more peer management nodes are part of a same tenancy. 7. The method of claim 1 , wherein the requesting management node sends the credentials request as part of an automated recovery process that does not require a user to re-enter credentials. 8. The method of claim 1 , wherein the management server is a cloud-based server. 9. The method of claim 1 , wherein when the credentials are initially set, the management server uses a public key infrastructure (PKI) to encrypt the credentials in a manner in which only a management node for which the credentials are encrypted can decrypt the credentials. 10. A management server, comprising: a processor; memory in electronic communication with the processor; and instructions stored in the memory, the instructions being executable to: receive a credentials request from a requesting management node, wherein the credentials request includes a public key of the requesting management node; determine whether the management server has credentials encrypted for the requesting management node in a local cache, wherein the credentials are encrypted using the public key of the requesting management node and cannot be decrypted by the management server; send the encrypted credentials to the requesting management node when the management server has the encrypted credentials, wherein the requesting management node can decrypt the encrypted credentials using a private key; and when the management server determines that the management server does not have the encrypted credentials: send a multicast request to one or more peer management nodes, the multicast request including the public key of the requesting management node; receive a unicast response from a responding management node that includes the encrypted credentials for the requesting management node; and send the encrypted credentials received from the responding management node to the requesting management node. 11. The management server of claim 10 , wherein the requesting management node sends the credentials request upon determining that credentials required to perform a task cannot be resolved or acquired at the requesting management node. 12. The management server of claim 10 , wherein the instructions are further executable to: store the encrypted credentials received from the responding management node in the local cache of the management server. 13. The management server of claim 10 , wherein the management server is a cloud-based server. 14. The management server of claim 10 , wherein the management server uses a public key infrastructure (PKI) to encrypt the credentials when the credentials are initially set in a manner in which only a management node for which the credentials are encrypted can decrypt the credentials. 15. A method by a responding management node, comprising: receiving a multicast request from a management server in response to a credentials request sent by a requesting management node and when the management server determines that the management server does not store credentials requested by the requesting management node, wherein the multicast request includes a public key of the requesting management node; resolving the credentials from a local store; encrypting the credentials using the public key of the requesting management node; and sending a unicast response to the management server that includes the encrypted credentials for the requesting management node. 16. The method of claim 15 , further comprising decrypting, before encrypting the credentials using the public key of the requesting management node, the credentials from the local store using a private key of the responding management node if the credentials are encrypted. 17. The method of claim 15 , further comprising: testing a certificate of the requesting management node with a certificate chain of the responding management node; and validating that the requesting management node is trusted to receive credentials. 18. The method of claim 15 , wherein the requesting management node and the responding management node are part of a same tenancy. 19. The method of claim 15 , wherein the management server is a cloud-based server.
Assignees
Inventors
Classifications
wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption (cryptographic mechanisms or cryptographic arrangements using a plurality of keys or algorithms H04L9/14) · CPC title
using hop-by-hop encryption, i.e. wherein an intermediate entity decrypts the information and re-encrypts it before forwarding it · CPC title
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
- H04L63/0823Primary
using certificates (cryptographic mechanisms or cryptographic arrangements for entity authentication involving certificates H04L9/3263) · CPC title
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10142325B2 cover?
- A method by a management server is described. The method includes receiving a credentials request from a requesting management node. The credentials request includes a public key of the requesting management node. The method also includes determining whether the management server has credentials encrypted for the requesting management node in a local cache. The credentials are encrypted using t…
- Who is the assignee on this patent?
- Ivanti Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0823. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Nov 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).