Systems, methods, and computing platforms for executing credential-less network-based communication exchanges
US-12184638-B2 · Dec 31, 2024 · US
Network authorization system
US9906513B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9906513-B2 |
| Application number | US-201514867824-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 28, 2015 |
| Priority date | Sep 28, 2015 |
| Publication date | Feb 27, 2018 |
| Grant date | Feb 27, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system includes a key repository and a network node. The key repository is configured to generate a private key and a public key of the network node, to communicate the private key and the public key to the network node, to verify whether the network node is authorized to operate on a network, to generate a first message indicating whether the network node is authorized to operate on the network, to encrypt the first message using the public key, and to communicate the encrypted first message to the network node. The network node is configured to decrypt the encrypted first message using the private key, to generate a second message based on the first message, to encrypt the second message using the private key, and to record the encrypted second message to a ledger.
First claim
Opening claim text (preview).
What is claimed is: 1. A system comprising: a key manager comprising a hardware processor configured to: generate a private key and a public key of a network node; communicate the private key and the public key to the network node; verify whether the network node is authorized to operate on a network; generate a first message indicating whether the network node is authorized to operate on the network; encrypt the first message using the public key; and communicate the encrypted first message to the network node; and the network node configured to: decrypt the encrypted first message using the private key; generate a second message based on the first message, the second message indicating whether the network node is authorized to operate on the network; encrypt the second message using the private key; and record the encrypted second message to a ledger, wherein the ledger is searchable using the public key to return the encrypted second message. 2. The system of claim 1 , wherein verifying whether the network node is authorized to operate on the network comprises one or more of: verifying an operating system version of the network node; verifying a patch level of the network node; verifying that a first user account is associated with the network node; verifying that a second user account is not associated with the network node; verifying that a file system is mounted on the network node; verifying that a security software is installed on the network node; verifying that a service is connected to the network node. 3. The system of claim 1 , wherein the network node is further configured to: generate a hash of a kernel of the network node; and communicate the hash to the key manager to identify the network node to the key manager. 4. The system of claim 1 , wherein the key manager is further configured to: determine that a change occurred on the network node; and in response to the determination that the change occurred, verify whether the network node is authorized to operate on the network. 5. The system of claim 1 , wherein the ledger comprises a plurality of records, each record indicating whether a node of the network is authorized to operate on the network. 6. The system of claim 1 , wherein a second network node searches the ledger using the public key of the network node to determine whether the network node is authorized to operate on the network before the second network node communicates with the network node. 7. The system of claim 1 , wherein: the network comprises a plurality of network nodes; and each network node of the plurality of network nodes stores a copy of the ledger. 8. The system of claim 1 , wherein the second message comprises a portion of the first message. 9. An apparatus comprising: a memory configured to store: a private key of a network node; and a public key of the network node; and a hardware processor communicatively coupled to the memory, the processor configured to: generate the private key and the public key of the network node; communicate the private key and the public key to the network node; verify whether the network node is authorized to operate on a network; generate a first message indicating whether the network node is authorized to operate on the network; encrypt the first message using the public key; and communicate the encrypted first message to the network node, wherein the network node is configured to: decrypt the encrypted first message using the private key; generate a second message based on the first message, the second message indicating whether the network node is authorized to operate on the network; encrypt the second message using the private key; and record the encrypted second message to a ledger, wherein the ledger is searchable using the public key to return the encrypted second message. 10. The apparatus of claim 9 , wherein verifying whether the network node is authorized to operate on the network comprises one or more of: verifying an operating apparatus version of the network node; verifying a patch level of the network node; verifying that a first user account is associated with the network node; verifying that a second user account is not associated with the network node; verifying that a file apparatus is mounted on the network node; verifying that a security software is installed on the network node; verifying that a service is connected to the network node. 11. The apparatus of claim 9 , wherein the network node is further configured to: generate a hash of a kernel of the network node; and communicate the hash to the key manager to identify the network node to the key manager. 12. The apparatus of claim 9 , wherein the processor is further configured to: determine that a change occurred on the network node; and in response to the determination that the change occurred, verify whether the network node is authorized to operate on the network. 13. The apparatus of claim 9 , wherein the ledger comprises a plurality of records, each record indicating whether a node of the network is authorized to operate on the network. 14. The apparatus of claim 9 , wherein a second network node searches the ledger using the public key of the network node to determine whether the network node is authorized to operate on the network before the second network node communicates with the network node. 15. The apparatus of claim 9 , wherein: the network comprises a plurality of network nodes; and each network node of the plurality of network nodes stores a copy of the ledger. 16. A method comprising: generating a private key and a public key of a network node; communicating the private key and the public key to the network node; verifying whether the network node is authorized to operate on a network; generating a first message indicating whether the network node is authorized to operate on the network; encrypting the first message using the public key; communicating the encrypted first message to the network node; decrypting the encrypted first message using the private key; generating a second message based on the first message, the second message indicating whether the network node is authorized to operate on the network; encrypting the second message using the private key; and recording the encrypted second message to a ledger, wherein the ledger is searchable using the public key to return the encrypted second message. 17. The method of claim 16 , wherein verifying whether the network node is authorized to operate on the network comprises one or more of: verifying an operating method version of the network node; verifying a patch level of the network node; verifying that a first user account is associated with the network node; verifying that a second user account is not associated with the network node; verifying that a file method is mounted on the network node; verifying that a security software is installed on the network node; verifying that a service is connected to the network node. 18. The method of claim 16 , further comprising: generating a hash of a kernel of the network node; and communicating the hash to the key manager to identify the network node to the key manager. 19. The method of claim 16 , further comprising: determining that a change occurred on the network node; and in response to the determination that the change occurred, verifying whether the network node is authorized to operate on the network. 20. The met
Assignees
Inventors
Classifications
- H04L63/08Primary
for authentication of entities (cryptographic mechanisms or cryptographic arrangements for entity authentication H04L9/32) · CPC title
using cryptographic hash functions · CPC title
Generation of secret information including derivation or calculation of cryptographic keys or passwords · CPC title
- H04L9/083Primary
involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] · CPC title
wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption (cryptographic mechanisms or cryptographic arrangements for public-key encryption H04L9/30) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9906513B2 cover?
- A system includes a key repository and a network node. The key repository is configured to generate a private key and a public key of the network node, to communicate the private key and the public key to the network node, to verify whether the network node is authorized to operate on a network, to generate a first message indicating whether the network node is authorized to operate on the netw…
- Who is the assignee on this patent?
- Bank Of America
- What technology area does this patent fall under?
- Primary CPC classification H04L63/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 27 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).