Signing key log management
First Claim
1. A system, comprising:
- at least one processor; and
memory including instructions that, when executed by the at least one processor, cause the system to;
receive a first request to generate a cryptographic key;
generate the cryptographic key, the cryptographic key including private parameters for a cryptographic signing function and metadata specifying a logging value and a mutability value, the logging value specifying a type of logging to be performed for signing actions of the cryptographic key, the mutability value specifying how the logging value is changeable over a lifecycle of the cryptographic key;
determine the logging value of the cryptographic key;
determine that the type of logging specified by the logging value, as changeable per the mutability value, is able to be enforced by the system;
sign the data using the cryptographic key; and
perform the type of logging specified by the logging value for signing the data.
0 Assignments
0 Petitions
Accused Products
Abstract
Cryptographic keys can include logging properties that enable those keys to be used only if the properties can be enforced by the cryptographic system requested to perform one or more actions using the keys. The logging property can specify how to log use of a respective key. A key can also include a mutability property for specifying whether the logging property can be changed, and if so under what circumstances or in which way(s). The ability to specify and automatically enforce logging can be important for environments where audit logs are essential. These can include, for example, public certificate authorities that must provide accurate and complete audit trails. In cases where the data is not to be provided outside a determined secure environment, the key can be generated with a property indicating not to log any of the usage.
19 Citations
20 Claims
-
1. A system, comprising:
-
at least one processor; and memory including instructions that, when executed by the at least one processor, cause the system to; receive a first request to generate a cryptographic key; generate the cryptographic key, the cryptographic key including private parameters for a cryptographic signing function and metadata specifying a logging value and a mutability value, the logging value specifying a type of logging to be performed for signing actions of the cryptographic key, the mutability value specifying how the logging value is changeable over a lifecycle of the cryptographic key; determine the logging value of the cryptographic key; determine that the type of logging specified by the logging value, as changeable per the mutability value, is able to be enforced by the system; sign the data using the cryptographic key; and perform the type of logging specified by the logging value for signing the data. - View Dependent Claims (2, 3, 4)
-
-
5. A computer-implemented method, comprising:
-
receiving a request to perform a signing action utilizing a cryptographic key; determining a logging value of the cryptographic key, the logging value specifying a type of logging to be performed for signing actions of the cryptographic key; determining a mutability value of the cryptographic key, the mutability value specifying how the logging value is changeable over a lifecycle of the cryptographic key; determining that the type of logging specified by the logging value is able to be enforced by the system; performing the signing action using the cryptographic key; and performing the type of logging specified by the logging value for the signing action. - View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method, comprising:
-
receiving a request to generate a cryptographic key, the request associated with a user and indicating a type of logging to be performed for use of the cryptographic key; authenticating an identity of the user; generating the cryptographic key, the cryptographic key including metadata specifying a logging value and a mutability value, the logging value specifying the type of logging to be performed for signing actions of the cryptographic key, the mutability value specifying how the logging value is changeable over a lifecycle of the cryptographic key; determining whether the type of logging specified by the logging value is able to be enforced by the system; and providing the user with access to the cryptographic key. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification