Sonstiges: |
- Nachgewiesen in: USPTO Patent Grants
- Sprachen: English
- Patent Number: 11683,170
- Publication Date: June 20, 2023
- Appl. No: 17/109866
- Application Filed: December 02, 2020
- Assignees: ARRIS Enterprises LLC (Suwanee, GA, US)
- Claim: 1. A method for secure digital communications comprising the steps of: generating by a certificate authority an asymmetric key pair comprising a first public key and a private key; and providing in the first public key descriptive attributes and a digital signature, wherein the digital signature is responsive to at least part of the first public key, wherein the asymmetric key pair is a Rivest, Shamir, and Adelman (RSA) key pair, wherein the asymmetric key pair further comprises a modulus n and a public key exponent e, wherein the public key exponent e includes the descriptive attributes and the digital signature, wherein a first portion of the public key exponent e is allocated to descriptive attributes, wherein a second portion of the public key exponent e is allocated to the digital signature, and wherein the digital signature is responsive to the modulus and the descriptive attributes.
- Claim: 2. The method of claim 1 further comprising the steps of: passing the modulus and the public key exponent from a first system to a second system; establishing a secure session between the first system and the second system, within a secure digital communication protocol, responsive to the modulus and the public key exponent; and verifying, by the second system, the digital signature, responsive to the modulus and the public key exponent, thereby authenticating the first public key.
- Claim: 3. The method of claim 2 , wherein the secure digital communication protocol is Secure Shell (SSH).
- Claim: 4. The method of claim 2 , wherein the descriptive attributes comprise a name corresponding to the Certificate Authority.
- Claim: 5. The method of claim 2 , wherein the descriptive attributes comprise a validity period corresponding to the first public key.
- Claim: 6. The method of claim 2 , wherein the descriptive attributes comprise a unique identity corresponding to a customer premises equipment device.
- Claim: 7. The method of claim 2 further comprising the step of installing the RSA key pair in a customer premises equipment device, wherein installation of the RSA key pair takes place within a customer premises equipment device manufacturing facility.
- Claim: 8. The method of claim 2 further comprising the steps of: generating large random prime numbers p and q according to an RSA algorithm; applying validity tests to a first candidate public key exponent, thereby determining that the first candidate public key exponent is invalid; and regenerating p and q upon determining that the first candidate public key exponent is invalid, thereby providing a second candidate public key exponent, wherein the modulus is responsive to p and q.
- Claim: 9. The method of claim 8 , wherein a Certificate Authority public key corresponds to the Certificate Authority, and wherein the Certificate Authority public key is an Elliptic Curve public key.
- Claim: 10. The method of claim 9 , wherein the Certificate Authority employs an Elliptic Curve Digital Signature Algorithm or an Edwards Digital Signature Algorithm, thereby providing the digital signature.
- Claim: 11. The method of claim 1 further comprising the steps of: passing the modulus and the public key exponent from a first system to a second system; establishing a secure session between the first system and the second system, within a secure digital communication protocol, responsive to the modulus and the public key exponent; detecting by the second system an invalid public key, responsive to the modulus and the public key exponent; and aborting the secure session, responsive to the detection of an invalid public key.
- Claim: 12. The method of claim 11 , wherein the secure digital communication protocol is Secure Shell (SSH).
- Claim: 13. The method of claim 11 , wherein the descriptive attributes comprise a name corresponding to the Certificate Authority.
- Claim: 14. The method of claim 11 , wherein the descriptive attributes comprise a validity period corresponding to the first public key.
- Claim: 15. The method of claim 11 , wherein the descriptive attributes comprise a unique identity corresponding to a customer premises equipment device.
- Claim: 16. The method of claim 11 further comprising installing the RSA key pair in a customer premises equipment device, wherein installation of the RSA key pair takes place within a customer premises equipment device manufacturing facility.
- Claim: 17. The method of claim 11 further comprising the steps of: generating large random prime numbers p and q according to an RSA algorithm; applying validity tests to a first candidate public key exponent, thereby determining that the first candidate public key exponent is invalid; and regenerating p and q upon determining that the first candidate public key exponent is invalid, thereby providing a second candidate public key exponent, wherein the modulus is responsive to p and q.
- Claim: 18. The method of claim 17 , wherein a Certificate Authority public key corresponds to the Certificate Authority, which is an Elliptic Curve public key.
- Claim: 19. The method of claim 18 , wherein the Certificate Authority employs an Elliptic Curve Digital Signature Algorithm or an Edwards Digital Signature Algorithm, thereby providing the digital signature.
- Claim: 20. The method of claim 1 , wherein the first portion of the public key exponent e comprises most significant bits (MSB) of the public key exponent e as allocated to descriptive attributes, and wherein the second portion of the public key exponent e comprises least significant bits (LSB) of the public key exponent e as allocated to the digital signature.
- Patent References Cited: 5218637 June 1993 Angebaud ; 5633929 May 1997 Kaliski, Jr. ; 5675649 October 1997 Brennan ; 5884272 March 1999 Walker ; 5987131 November 1999 Clapp ; 6170058 January 2001 Kausik ; 6298153 October 2001 Oishi ; 6751729 June 2004 Giniger et al. ; 6965673 November 2005 Boneh ; 7035410 April 2006 Aiello ; 9755829 September 2017 Battistello ; 20020077078 June 2002 Antti ; 20020154779 October 2002 Asano ; 20020165912 November 2002 Wenocur ; 20050018852 January 2005 Camenisch ; 20050084098 April 2005 Brickell ; 20060083370 April 2006 Hwang ; 20060137006 June 2006 Ramzan ; 20060159259 July 2006 Gentry ; 20060251248 November 2006 Lipson ; 20070180225 August 2007 Schmidt ; 20080013721 January 2008 Hwang ; 20080080707 April 2008 Gueron ; 20080104400 May 2008 Kocher ; 20080148055 June 2008 Ferguson ; 20080229111 September 2008 Paya ; 20090028323 January 2009 Aciicmez ; 20090296938 December 2009 Devanand ; 20100031021 February 2010 Arnold ; 20100208887 August 2010 Joye ; 20110093721 April 2011 Perlman ; 20130046972 February 2013 Campagna ; 20130227277 August 2013 Campagna ; 20130290704 October 2013 Giniger ; 20140075203 March 2014 Barbu ; 20140244998 August 2014 Amenedo ; 20150089216 March 2015 Benoit ; 20160043870 February 2016 Avanzi ; 20160182235 June 2016 Bos ; 20160261403 September 2016 Benoit
- Other References: IGOE National Security Agency D. Stebilia Queensland University of TechnologyK, “X.509v3 Certificates for Secure Shell Authentication; RFC6187.txt”, X.509V3 Certificates for Secure Shell Authentication RFC6187.TXT, Internet Engineering Task Force, IEFT, Standard Internet Society (ISOC), Mar. 31, 2011, pp. 1-16. imported from a related application ; PCT Search Report & Written Opinion, Re: Application No. PCT/US2017/033541, dated Aug. 16, 2017. imported from a related application ; International Search Report prepared by the European Patent Office for PCT/US2017/033541, dated Aug. 16, 2017, 6 pages. cited by applicant ; Written Opinion prepared by the European Patent Office for PCT/US2017/033541, dated Aug. 16, 2017, 5 pages. cited by applicant ; Office Action prepared by the US Patent and Trademark Office for U.S. Appl. No. 15/599,842, dated May 23, 2019, pp. 18 pages. cited by applicant ; Final Office Action prepared by the US Patent and Trademark Office for U.S. Appl. No. 15/599,842, dated Jan. 31, 2020, 20 pages. cited by applicant
- Primary Examiner: Chiang, Jason
- Attorney, Agent or Firm: Chernoff, Vilhauer, McClung & Stenzel, LLP
|