Technologies for secure key provisioning with a manageability engine
US-11650935-B2 · May 16, 2023 · US
System and method for providing secure communication using ephemeral keys with a lifetime associated with a type of data being secured
US12562896B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12562896-B2 |
| Application number | US-202318196390-A |
| Country | US |
| Kind code | B2 |
| Filing date | May 11, 2023 |
| Priority date | May 11, 2023 |
| Publication date | Feb 24, 2026 |
| Grant date | Feb 24, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system for providing ephemeral keys for a cryptographic system includes a secure enclave configured to generate one or more ephemeral keys (EKs), where each EK of the one or more EKs has a lifetime associated with the respective EK, and one or more secured devices connected to the secure enclave, where each secured device of the one or more secured devices has a trusted platform module (TPM) configured to acquire at least one of the one or more EKs, where the TPM of each secured device further is configured to generate secured data in response to validating the lifetime of an associated EK by encrypting sensitive data with the associated EK, and where each secured device of the one or more secured devices is further configured to transmit the secured data to an entity external to the secured device.
First claim
Opening claim text (preview).
What is claimed is: 1 . A system, comprising: a secure enclave implemented in hardware and configured to generate one or more ephemeral keys (EKs), wherein each EK of the one or more EKs has a lifetime associated with the respective EK, wherein the lifetime of an associated EK is associated with a data type of sensitive data associated with the EK and is further associated with a criticality of the sensitive data, wherein the lifetime of the associated EK is further associated with at least a lifetime of a parent EK from which the associated EK directly descends, and wherein the lifetime of the associated EK is set by adjusting a base lifetime of the associated EK based on the criticality of the sensitive data; and one or more secured devices connected to the secure enclave, wherein each secured device of the one or more secured devices has a trusted platform module (TPM) configured to acquire at least one of the one or more EKs, wherein the TPM of each secured device is further configured to generate secured data in response to validating the lifetime of the associated EK by encrypting the sensitive data with the associated EK, wherein the lifetime of the associated EK is identified by lifetime data disposed in a data structure of the associated EK and from which the TPM determines whether the lifetime of the associated EK is valid or invalid, and wherein each secured device of the one or more secured devices is further configured to transmit the secured data to an entity external to the secured device. 2 . The system of claim 1 , wherein the TPM of each secured device is further configured to validate the lifetime of the associated EK by determining whether the lifetime of the associated EK is a valid lifetime where the lifetime has not expired. 3 . The system of claim 1 , wherein the TPM of each secured device is further configured to determine, according to identification data disposed in the associated EK for the parent EK, one or more parent EKs of the associated EK in a key chain for the associated EK, and to validate the lifetime of the associated EK according to the lifetime data for the associated EK disposed in the data structure of the associated EK and by determining whether lifetimes of the one or more parent EKs are valid lifetimes where the respective lifetimes have not expired. 4 . The system of claim 1 , wherein each secured device of the one or more secured devices is further configured to request the associated EK, wherein requesting the associated EK includes identifying the data type of the sensitive data. 5 . The system of claim 1 , wherein the lifetime of the associated EK is shorter than at least the lifetime of the parent EK, and wherein an end time of the lifetime of the associated EK is before, or the same as, an end time of the lifetime of the parent EK. 6 . A system, comprising: a processor; and a non-transitory computer readable medium having a program stored thereon for implementing a trusted platform module (TPM), the program including instructions to: acquire, from a secure enclave, at least one ephemeral key (EK) of one or more EKs generated by the secure enclave, wherein each EK of the one or more EKs has a lifetime associated with the respective EK, wherein the lifetime of an associated EK is associated with a data type of sensitive data associated with the EK and is further associated with a criticality of the sensitive data, wherein the lifetime of the associated EK is further associated with at least a lifetime of a parent EK from which the associated EK directly descends, and wherein the lifetime of the associated EK is set by adjusting a base lifetime of the associated EK based on the criticality of the sensitive data; generate secured data in response to validating the lifetime of the associated EK by encrypting the sensitive data with the associated EK, wherein the lifetime of the associated EK is identified by lifetime data disposed in a data structure of the associated EK and from which the TPM determines whether the lifetime of the associated EK is valid or invalid; and transmit the secured data to an entity externalto the system. 7 . The system of claim 6 , wherein the program further includes instructions to validate the lifetime of the associated EK by determining whether the lifetime of the associated EK is a valid lifetime where the lifetime has not expired. 8 . The system of claim 6 , wherein the program further includes instructions to: determine one or more parent EKs of the associated EK in a key chain for the associated EK according to identification data disposed in the associated EK for the parent EK; and validate the lifetime of the associated EK according to the lifetime data for the associated EK disposed in the data structure of the associated EK and by determining whether lifetimes of the one or more parent EKs are valid lifetimes where the respective lifetimes have not expired. 9 . The system of claim 6 , wherein the program further includes instructions to request the associated EK, wherein requesting the associated EK includes identifying the data type of the sensitive data. 10 . The system of claim 9 , wherein the lifetime of the associated EK is shorter than at least the lifetime of the parent EK, and wherein an end time of the lifetime of the associated EK is before, or the same as, an end time of the lifetime of the parent EK. 11 . A method, comprising: generating one or more ephemeral keys (EKs), wherein each EK of the one or more EKs has a lifetime associated with the respective EK, wherein the lifetime of an associated EK is associated with a data type of sensitive data associated with the EK and is further associated with a criticality of the sensitive data, wherein the lifetime of the associated EK is further associated with at least a lifetime of a parent EK from which the associated EK directly descends, and wherein the lifetime of the associated EK is set by adjusting a base lifetime of the associated EK based on the criticality of the sensitive data; acquiring, by a trusted platform module (TPM) of a secure device of one or more secured devices, at least one EK of the one or more EKs; generating, by the TPM, secured data in response to validating the lifetime of the associated EK by encrypting the sensitive data with the associated EK, wherein the lifetime of the associated EK is identified by lifetime data disposed in a data structure of the associated EK and from which the TPM determines whether the lifetime of the associated EK is valid or invalid; and transmitting, by the TPM, the secured data to an entity externalto the secured device. 12 . The method of claim 11 , further comprising validating, by the TPM, the lifetime of the associated EK by determining whether the lifetime of the associated EK is a valid lifetime where the lifetime has not expired. 13 . The method of claim 11 , further comprising: determining one or more parent EKs of the associated EK in a key chain for the associated EK according to identification data disposed in the associated EK for the parent EK; and validating the lifetime of the associated EK according to the lifetime data for the associated EK disposed in the data structure of the associated EK and by determining whether lifetimes of the one or more parent EKs are valid lifetimes where the respective lifetimes have not expired. 14 . The method of claim 11 , further comprising requesting the associated EK, wherein requesting the associated EK includes identifying the data type of the sensitive data. 15 . The method of claim 14 , wherein the lifetime of the associated EK is
Assignees
Inventors
Classifications
- H04L9/0825Primary
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key · CPC title
involving additional devices, e.g. trusted platform module [TPM], smartcard or USB · CPC title
using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM] · CPC title
Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms (network architectures or network communication protocols for using time-dependent keys in a packet data network H04L63/068) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12562896B2 cover?
- A system for providing ephemeral keys for a cryptographic system includes a secure enclave configured to generate one or more ephemeral keys (EKs), where each EK of the one or more EKs has a lifetime associated with the respective EK, and one or more secured devices connected to the secure enclave, where each secured device of the one or more secured devices has a trusted platform module (TPM) …
- Who is the assignee on this patent?
- Textron Innovations Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/0825. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).