Behavioral-based control of access to encrypted content by a process
US-2017235967-A1 · Aug 17, 2017 · US
Reoccurring keying system
US9948623B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-9948623-B2 |
| Application number | US-201414186863-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 21, 2014 |
| Priority date | Aug 30, 2011 |
| Publication date | Apr 17, 2018 |
| Grant date | Apr 17, 2018 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communicate with the security management, and this regular communication can be further used to implement key renewal and/or rollover procedures.
First claim
Opening claim text (preview).
We claim: 1. A method comprising: sending, by a first computing device and to a second computing device, a first request to establish a secure communication between the first computing device and the second computing device; receiving, by the first computing device and from the second computing device, a response to the first request; sending, by the first computing device and to a trusted computing device, and based on the response to the first request, a second request to establish the secure communication between the first computing device and the second computing device; receiving, by the first computing device and from the trusted computing device: an indication of a plurality of keys; and an indication of a type of key usage for each of the plurality of keys, wherein each of the plurality of keys has a different type of key usage; processing, by the first computing device, a first key of the plurality of keys and a type of key usage for the first key to establish the secure communication between the first computing device and the second computing device; and sending, by the first computing device and to the trusted computing device, verification of an establishment of the secure communication based on the first key and the type of key usage of the first key. 2. The method of claim 1 , wherein the first key is usage-specific and device pair-specific. 3. The method of claim 1 , further comprising: sending to the trusted computing device a request for verification that the first key is valid, wherein the processing is performed in response to receiving a confirmation that the first key is valid. 4. The method of claim 3 , wherein the request for verification comprises an indication of the first computing device, the second computing device, and the type of key usage of the first key. 5. The method of claim 3 , wherein the request for verification comprises an indication of a last known datum: received by the first computing device; from the trusted computing device; and for a pairing of the first computing device and the second computing device. 6. The method of claim 1 , further comprising: receiving an instruction from the trusted computing device to change the type of key usage of the first key. 7. The method of claim 1 , further comprising: when the first key is no longer valid, receiving an indication of a replacement key and processing the indication of the replacement key to establish a second secure communication between the first computing device and the second computing device. 8. The method of claim 1 , wherein the type of key usage comprises one or more of a type of key usage to encrypt data between devices or a type of key usage to authenticate data between devices. 9. The method of claim 1 , wherein the type of key usage comprises one or more of a type of key usage for communication encryption, communication authentication, root encryption, root authentication, server encryption, or server authentication between devices. 10. A method comprising: receiving, by a trusted computing device, a first request to establish a secure communication between a first computing device and a second computing device; sending, by the trusted computing device and to the first computing device: an indication of a plurality of keys; and an indication of a type of key usage for each of the plurality of keys, wherein each of the plurality of keys has a different type of key usage; and receiving, by the trusted computing device and from the first computing device, verification of an establishment of the secure communication between the first computing device and the second computing device based on a first key of the plurality of keys and a type of key usage of the first key. 11. The method of claim 10 , wherein the first key of the plurality of keys is assigned to a group of three or more devices for one or more secure communications, wherein the first computing device and the second computing device are in the group. 12. The method of claim 10 , further comprising: sending, to the first computing device, an instruction to change the type of key usage of the first key. 13. The method of claim 10 , wherein the sending is performed in response to receiving, from the first computing device, a request to verify that one or more of the plurality of keys is valid. 14. The method of claim 10 , further comprising: receiving, from the first computing device, a request to verify that the first key of the plurality of keys is valid. 15. The method of claim 14 , wherein the request to verify comprises an indication of the first computing device and the second computing device, and further comprising: processing the indication of the first computing device and the second computing device to verify that the first key is valid; and in response to verifying that the first key is valid, sending, to the first computing device, a confirmation that the first key is valid. 16. The method of claim 14 , wherein the request to verify comprises an indication of a selected type of key usage, and further comprising: processing the indication of the selected type of key usage to verify that the first key is valid; and in response to verifying that the first key is valid, sending, to the first computing device, a confirmation that the first key is valid. 17. A method comprising: receiving, by a trusted computing device and from a first computing device, a security authorization request that: indicates a first key and a type of key usage of the first key; and indicates a request to establish a secure communication between the first computing device and a second computing device, wherein the first key is one of a plurality of keys each having a different type of key usage; based on the security authorization request, determining that: the first key corresponds to a pairing of the first computing device and the second computing device; the first key is valid; and the first key corresponds to a correct type of key usage for the secure communication between the first computing device and the second computing device; and in response to the determining, sending, by the trusted computing device and to at least one of the first computing device and the second computing device, a response to the security authorization request to establish the secure communication between the first computing device and the second computing device, wherein the response indicates that the first key is valid. 18. The method of claim 17 , further comprising: sending, by the trusted computing device and to the first computing device or the second computing device: an indication of the plurality of keys comprising the first key; and an indication of the type of key usage for each of the plurality of keys, wherein each of the plurality of keys is configured to establish the secure communication between the first computing device and the second computing device. 19. The method of claim 17 , further comprising: in response to the trusted computing device determining that the first key is invalid, sending a replacement key to at least one of the first computing device and the second computing device. 20. The method of claim 17 , wherein the security authorization request comprises an indication of a last known datum: sent from the trusted computing device; to the first computing device; and for the pairing of the first computing device and the second computing device.
Assignees
Inventors
Classifications
for controlling access to devices or network resources · CPC title
for supporting key management in a packet data network (cryptographic mechanisms or cryptographic arrangements for key management H04L9/08) · CPC title
Applying verification of the received information (cryptographic mechanisms or cryptographic arrangements for data integrity or data verification H04L9/32) · CPC title
Revocation or update of secret information, e.g. encryption key update or rekeying · CPC title
- H04L63/062Primary
for key distribution, e.g. centrally by trusted party (cryptographic mechanisms or cryptographic arrangements for key distribution involving a central third party H04L9/0819) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US9948623B2 cover?
- A secure communication system or method are disclosed that may employ a constant level of trust between participants and a security management entity. As part of the constant level of trust, a communication policy may cause participants to request key validation every time the participant wishes to take an action that requires use of a key. In this manner, the participant may regularly communic…
- Who is the assignee on this patent?
- Comcast Cable Comm Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/062. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Apr 17 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).