The present invention discloses a technique provisioning network cryptographic keys to a client when direct physical transfer is not feasible. In an embodiment of the invention, a client token generates a temporary key encrypted with a first secret key known only in a master token database and passes this on to an enterprise network token of a network to which service is requested. The enterprise network token then further encrypts the encrypted temporary key with a second secret key and passes that on to the master token database. Since the second secret key is also known by the master token database, the originally encrypted temporary key can be securely decoded only by a master token coupled to the master token database. The decrypted temporary key can then be re-encrypted with a key known only by the enterprise network token and the master token, and returned to the enterprise network token. This allows the enterprise network token to gain secure access to the temporary key of the client token, thereby allowing the enterprise network token to securely provision the remote client token with the appropriate enterprise Network Keys.

Title
Remote secure authorization
Application Number
12/890023
Publication Number
20110016323
Application Date
September 24, 2010
Publication Date
January 20, 2011
Inventor
Anthony C FASCENDA
Bethesda
MD, US
Agent
Hunton & Williams
DC, US
Assignee
Koolspan
MD, US
IPC
H04L 09/32
View Original Source