Secure connection method for network device, related apparatus, and system
US-2017099137-A1 · Apr 6, 2017 · US
Diversifying a base symmetric key based on a public key
US2022012186A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022012186-A1 |
| Application number | US-202117353374-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jun 21, 2021 |
| Priority date | Jun 1, 2015 |
| Publication date | Jan 13, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remote entity. The encryption of the derived key with the public key may provide secure transmission of the derived key to an authorized remote entity with a private key that may be used to decrypt the encrypted derived key.
First claim
Opening claim text (preview).
1 . (canceled) 2 . A method comprising: receiving, by a device from a remote entity, a root signed block including a delegate public key, wherein the delegate public key is signed by a root private key; retrieving a root public key that corresponds to the root private key; verifying the root signed block with the root public key to retrieve the delegate public key; generating, by the device, an encrypted derived key based on a combination of the delegate public key and a symmetric base key stored at the device; and transmitting the encrypted derived key to the remote entity. 3 . The method of claim 2 , wherein the symmetric base key is stored in a one-time programmable (OTP) memory. 4 . The method of claim 2 , wherein generating the encrypted derived key comprises: performing a hash function on the delegate public key to generate a hash value; and truncating the hash value to generate a truncated hash value; and performing a one way function between the symmetric base key and the truncated hash value to generate the encrypted derived key. 5 . The method of claim 4 , wherein the hash function is a Secure Hash Algorithm (SHA). 6 . The method of claim 4 , wherein the one way function is a key tree function. 7 . The method of claim 2 , wherein generating the encrypted derived key comprises performing a one way function with inputs being the symmetric base key and at least a portion of a hash value corresponding to the delegate public key. 8 . The method of claim 2 , wherein generating the encrypted derived key comprises performing a one way function with inputs being the symmetric base key and the delegate public key without any hash function or truncation function being performed. 9 . A system comprising: a memory storing a root public key; and a processing device operatively coupled to the memory, the processing device to: receive a root signed block including a delegate public key from a remote entity, wherein the delegate public key is signed by a root private key; retrieve the root public key that corresponds to the root private key; verify the root signed block with the root public key to retrieve the delegate public key; generate an encrypted derived key based on a combination of the delegate public key and a symmetric base key stored at the system; and transmit the encrypted derived key to the remote entity. 10 . The system of claim 9 , wherein the symmetric base key is stored in a one-time programmable (OTP) memory. 11 . The system of claim 9 , wherein, to generate the encrypted derived key, the processing device is further to: perform a hash function on the delegate public key to generate a hash value; and truncate the hash value to generate a truncated hash value; and perform a one way function between the symmetric base key and the truncated hash value to generate the encrypted derived key. 12 . The system of claim 11 , wherein the hash function is a Secure Hash Algorithm (SHA). 13 . The system of claim 11 , wherein the one way function is a key tree function. 14 . The system of claim 9 , wherein, to generate the encrypted derived key, the processing device is further to perform a one way function with inputs being the symmetric base key and at least a portion of a hash value corresponding to the delegate public key. 15 . The system of claim 9 , wherein, to generate the encrypted derived key, the processing device is further to perform a one way function with inputs being the symmetric base key and the delegate public key without any hash function or truncation function being performed. 16 . A non-transitory computer readable medium including data that, when accessed by a processing device, cause the processing device to perform operations comprising: receiving, from a remote entity, a root signed block including a delegate public key, wherein the delegate public key is signed by a root private key; retrieving a root public key that corresponds to the root private key; verifying the root signed block with the root public key to retrieve the delegate public key; generating an encrypted derived key based on a combination of the delegate public key and a symmetric base key stored at the processing device; and transmitting the encrypted derived key to the remote entity. 17 . The non-transitory computer readable medium of claim 16 , wherein the symmetric base key is stored in a one-time programmable (OTP) memory. 18 . The non-transitory computer readable medium of claim 16 , wherein generating the encrypted derived key comprises: performing a hash function on the delegate public key to generate a hash value; and truncating the hash value to generate a truncated hash value; and performing a one way function between the symmetric base key and the truncated hash value to generate the encrypted derived key. 19 . The non-transitory computer readable medium of claim 18 , wherein the hash function is a Secure Hash Algorithm (SHA). 20 . The non-transitory computer readable medium of claim 18 , wherein the one way function is a key tree function. 21 . The non-transitory computer readable medium of claim 16 , wherein generating the encrypted derived key comprises performing a one way function with inputs being the symmetric base key and at least a portion of a hash value corresponding to the delegate public key.
Assignees
Inventors
Classifications
- H04L9/3242Primary
involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC · CPC title
using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Security improvement · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022012186A1 cover?
- A symmetric key that is stored at a device may be received. A public key from a remote entity may also be received at the device. Furthermore, a derived key may be generated based on a one way function between the symmetric key that is stored at the device and the public key that is received from the remote entity. The derived key may be encrypted with the public key and transmitted to the remo…
- Who is the assignee on this patent?
- Cryptography Res Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L9/3242. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Jan 13 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 2 related publications on this page (citations in our corpus or others sharing the same primary CPC).