Policy bound key creation and re-wrap service

Policy bound key creation and re-wrap service

One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using t...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Thom Stefan, Spiger Robert Karl, Bays Valerie Kathleen, Nyström Bo Gustaf Magnus
Format: Patent
Sprache:eng
Schlagworte:
CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Thom Stefan
Spiger Robert Karl
Bays Valerie Kathleen
Nyström Bo Gustaf Magnus
description One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client "roams" to a second machine.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US9690941B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US9690941B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US9690941B23</originalsourceid><addsrcrecordid>eNrjZNANyM_JTK5USMovzUtRyE6tVEguSk0syczPU0gEChSl6pYXJRYoFKcWlWUmp_IwsKYl5hSn8kJpbgYFN9cQZw_d1IL8-NTigsTk1LzUkvjQYEszSwNLE0MnI2MilAAAXL4pug</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Policy bound key creation and re-wrap service</title><source>esp@cenet</source><creator>Thom Stefan ; Spiger Robert Karl ; Bays Valerie Kathleen ; Nyström Bo Gustaf Magnus</creator><creatorcontrib>Thom Stefan ; Spiger Robert Karl ; Bays Valerie Kathleen ; Nyström Bo Gustaf Magnus</creatorcontrib><description>One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client "roams" to a second machine.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; PHYSICS ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2017</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170627&amp;DB=EPODOC&amp;CC=US&amp;NR=9690941B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,776,881,25542,76289</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20170627&amp;DB=EPODOC&amp;CC=US&amp;NR=9690941B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Thom Stefan</creatorcontrib><creatorcontrib>Spiger Robert Karl</creatorcontrib><creatorcontrib>Bays Valerie Kathleen</creatorcontrib><creatorcontrib>Nyström Bo Gustaf Magnus</creatorcontrib><title>Policy bound key creation and re-wrap service</title><description>One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client "roams" to a second machine.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>PHYSICS</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2017</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZNANyM_JTK5USMovzUtRyE6tVEguSk0syczPU0gEChSl6pYXJRYoFKcWlWUmp_IwsKYl5hSn8kJpbgYFN9cQZw_d1IL8-NTigsTk1LzUkvjQYEszSwNLE0MnI2MilAAAXL4pug</recordid><startdate>20170627</startdate><enddate>20170627</enddate><creator>Thom Stefan</creator><creator>Spiger Robert Karl</creator><creator>Bays Valerie Kathleen</creator><creator>Nyström Bo Gustaf Magnus</creator><scope>EVB</scope></search><sort><creationdate>20170627</creationdate><title>Policy bound key creation and re-wrap service</title><author>Thom Stefan ; Spiger Robert Karl ; Bays Valerie Kathleen ; Nyström Bo Gustaf Magnus</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US9690941B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2017</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>PHYSICS</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Thom Stefan</creatorcontrib><creatorcontrib>Spiger Robert Karl</creatorcontrib><creatorcontrib>Bays Valerie Kathleen</creatorcontrib><creatorcontrib>Nyström Bo Gustaf Magnus</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Thom Stefan</au><au>Spiger Robert Karl</au><au>Bays Valerie Kathleen</au><au>Nyström Bo Gustaf Magnus</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Policy bound key creation and re-wrap service</title><date>2017-06-27</date><risdate>2017</risdate><abstract>One or more techniques and/or systems are provided for provisioning encrypted key blobs and client certificates. That is, a trusted execution environment on a first machine may provide a key service provider with a cryptographic encryption key. The key service provider may encrypt a key blob using the cryptographic encryption key and/or wrap the encrypted key blob with one or more policies, such as a platform policy. The key service provider may provision the encrypted key blob to a client on the first machine. The client may submit the encrypted key blob to the trusted execution environment for validation so that the client may perform key actions, such as sign an email or encrypt data. Because the key blob may be specific to a particular trusted execution environment and/or machine, the key service provider may re-wrap the key blob if the client "roams" to a second machine.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US9690941B2
source esp@cenet
subjects CALCULATING
COMPUTING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
PHYSICS
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Policy bound key creation and re-wrap service
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-08T07%3A55%3A28IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Thom%20Stefan&rft.date=2017-06-27&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS9690941B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true