Automatic and dynamic selection of cryptographic modules for different security contexts within a computer network
First Claim
1. A method for securing data, the method comprising:
- receiving, by a management program, identification of a selected cryptographic security module, wherein the selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface, and wherein the selected cryptographic security module contains unique individual symbols that contain references to functions within the selected cryptographic security module, and wherein the selected cryptographic security module is selected from a plurality of mutually exclusive cryptographic security modules;
based on the received identification of the selected cryptographic security module, generating, by the management program, a global configuration file, wherein the global configuration file comprises a field specifying the selected cryptographic security module, and wherein the global configuration file is digitally signed, by the management program, using a private key with a certificate that has been signed in a correct certificate chain, and wherein the global configuration file is in secure/multipurpose internet mail extensions format for digitally signed documents; and
transmitting, by the management program, a notification to an agent program on a client computer, wherein the notification informs the agent program of the generated global configuration file stored in the database, and wherein the notification directs the agent program to enforce the selected cryptographic security module on the client computer.
2 Assignments
0 Petitions
Accused Products
Abstract
An embodiment of the invention may include a method, computer program product, and system for securing data. The embodiment may include receiving, by a management program, identification of a selected cryptographic security module. The selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface. The selected cryptographic security module contains unique individual symbols that contain references to functions and is selected from a plurality of mutually exclusive cryptographic security modules. Based on the received identification of the selected cryptographic security module, the embodiment may include generating, by the management program, a global configuration file. The embodiment may include transmitting, by the management program, a notification to an agent program on a client computer. The notification informs the agent program of the generated global configuration file and directs the agent program to enforce the selected cryptographic security module on the client computer.
40 Citations
17 Claims
-
1. A method for securing data, the method comprising:
-
receiving, by a management program, identification of a selected cryptographic security module, wherein the selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface, and wherein the selected cryptographic security module contains unique individual symbols that contain references to functions within the selected cryptographic security module, and wherein the selected cryptographic security module is selected from a plurality of mutually exclusive cryptographic security modules; based on the received identification of the selected cryptographic security module, generating, by the management program, a global configuration file, wherein the global configuration file comprises a field specifying the selected cryptographic security module, and wherein the global configuration file is digitally signed, by the management program, using a private key with a certificate that has been signed in a correct certificate chain, and wherein the global configuration file is in secure/multipurpose internet mail extensions format for digitally signed documents; and transmitting, by the management program, a notification to an agent program on a client computer, wherein the notification informs the agent program of the generated global configuration file stored in the database, and wherein the notification directs the agent program to enforce the selected cryptographic security module on the client computer. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer program product for securing data, the computer program product comprising:
one or more computer-readable tangible storage devices and program instructions stored on at least one of the one or more tangible storage devices, the program instructions comprising; program instructions to receive, by a management program, identification of a selected cryptographic security module, wherein the selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface, and wherein the selected cryptographic security module contains unique individual symbols that contain references to functions within the selected cryptographic security module, and wherein the selected cryptographic security module is selected from a plurality of mutually exclusive cryptographic security modules; based on the received identification of the selected cryptographic security module, program instructions to generate, by the management program, a global configuration file, wherein the global configuration file comprises a field specifying the selected cryptographic security module, and wherein the global configuration file is digitally signed, by the management program, using a private key with a certificate that has been signed in a correct certificate chain, and wherein the global configuration file is in secure/multipurpose internet mail extensions format for digitally signed documents; and program instructions to transmit, by the management program, a notification to an agent program on a client computer, wherein the notification informs the agent program of the generated global configuration file stored in the database, and wherein the notification directs the agent program to enforce the selected cryptographic security module on the client computer. - View Dependent Claims (8, 9, 10, 11, 12)
-
13. A computer system for securing data, the computer system comprising:
one or more processors, one or more computer-readable memories, one or more computer-readable tangible storage devices, and program instructions stored on at least one of the one or more storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, the program instructions comprising; program instructions to receive, by a management program, identification of a selected cryptographic security module, wherein the selected cryptographic security module is graphically selected by an authorized operator via a graphic user interface, and wherein the selected cryptographic security module contains unique individual symbols that contain references to functions within the selected cryptographic security module, and wherein the selected cryptographic security module is selected from a plurality of mutually exclusive cryptographic security modules; based on the received identification of the selected cryptographic security module, program instructions to generate, by the management program, a global configuration file, wherein the global configuration file comprises a field specifying the selected cryptographic security module, and wherein the global configuration file is digitally signed, by the management program, using a private key with a certificate that has been signed in a correct certificate chain, and wherein the global configuration file is in secure/multipurpose internet mail extensions format for digitally signed documents; and program instructions to transmit, by the management program, a notification to an agent program on a client computer, wherein the notification informs the agent program of the generated global configuration file stored in the database, and wherein the notification directs the agent program to enforce the selected cryptographic security module on the client computer. - View Dependent Claims (14, 15, 16, 17)
Specification