公开(公告)号：US09288043B1

公开(公告)日：2016-03-15

申请号：US14516761

申请日：2014-10-17

Applicant: MOTOROLA SOLUTIONS, INC

Inventor： Thomas J Mihm, Jr. ,  Kenneth C Fuchs

IPC: H04K1/00 ,  H04L9/08 ,  H04L9/00

CPC classification number: H04L9/0822 ,  H04L9/006 ,  H04L9/0825 ,  H04L9/083

Abstract: At least one embodiment takes the form of a process carried out by a key-management infrastructure (KMI). The KMI receives first and second disassembly products of a high-security cryptographic key and provides the first and second disassembly products to a mobile radio for reassembly of the high-security cryptographic key. Providing the first disassembly product to the mobile radio includes providing the first disassembly product to the mobile radio over a local connection via a restricted-access key variable loader. Providing the second disassembly product to the mobile radio includes (i) generating a medium-security-encrypted second disassembly product at least in part by encrypting the second disassembly product based on at least one medium-security cryptographic key, and (ii) providing the medium-security-encrypted second disassembly product to the mobile radio over an air interface.

Abstract translation: 至少一个实施例采用由密钥管理基础设施（KMI）执行的过程的形式。 KMI接收高安全密钥的第一和第二拆解产品，并将第一和第二拆卸产品提供给移动无线电装置，用于重组高安全密码密钥。 向移动无线电提供第一拆卸产品包括通过限制访问密钥可变加载器通过本地连接向移动无线电提供第一拆卸产品。 向移动无线电提供第二拆解产品包括（i）至少部分地通过基于至少一个中等密钥加密密钥加密第二拆卸产品来产生中等安全加密的第二拆解产品，以及（ii） 中型安全加密的第二拆解产品通过空中接口传输到移动无线电。

公开(公告)号：US11652625B2

公开(公告)日：2023-05-16

申请号：US17303982

申请日：2021-06-11

Applicant: MOTOROLA SOLUTIONS, INC.

Inventor： Gary P Hunsberger ,  Chris A Kruegel ,  Kenneth C Fuchs ,  Pawel Fafara ,  Brian W Pruss ,  Jakub Trojanek

IPC: H04L9/08 ,  H04W12/0431 ,  H04W12/041

CPC classification number: H04L9/0891 ,  H04L9/083 ,  H04L9/0822 ,  H04L9/0825 ,  H04L9/0866 ,  H04W12/041 ,  H04W12/0431

Abstract: A system and process for performing a touchless key provisioning operation for a communication device. In operation, a key management facility (KMF) imports a public key and a public key identifier uniquely identifying the public key of the communication device. The public key is associated with an asymmetric key pair generated at the communication device during its factory provisioning and configuration. The KMF registers the communication device and assigns a key encryption key (KEK) for the communication device. The KMF then provisions the communication device by deriving a symmetric touchless key provisioning (TKP) key based at least in part on the public key of the communication device, encrypting the KEK with the symmetric TKP key to generate a key wrapped KEK, and transmitting the key wrapped KEK to the communication device for decryption by the communication device.