Server-client PKI for applied key management system and process

US 10,560,440 B2
Filed: 03/10/2016
Issued: 02/11/2020
Est. Priority Date: 03/12/2015
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a public key for an application of a communication device, the method comprising:

determining that a first public key corresponding to a first recipient of a communication from the communication device is unavailable in a local key store of the communication device;

requesting by the communication device the first public key corresponding to the first recipient from an applied key management system;

receiving the first public key from the applied key management system, wherein the first public key is authorized by at least one policy;

using the first public key for the application, wherein the first public key is authorized by the applied key management system in response to determining that one or more key attributes of the first public key conforms to the at least one policy;

determining whether a second public key corresponding to a second recipient is available in the local key store of the communication device; and

requesting the second public key from the applied key management system in response to determining that the second public key is unavailable.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein relate to obtaining a public key for an application of a communication device, including, but not limited to, receiving a request from the communication device to obtain the public key, evaluating the request based on at least one policy, requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized, receiving the public key from the PKI, and sending the public key to the communication device.

Citations

18 Claims

1. A method for obtaining a public key for an application of a communication device, the method comprising:
- determining that a first public key corresponding to a first recipient of a communication from the communication device is unavailable in a local key store of the communication device;
  
  requesting by the communication device the first public key corresponding to the first recipient from an applied key management system;
  
  receiving the first public key from the applied key management system, wherein the first public key is authorized by at least one policy;
  
  using the first public key for the application, wherein the first public key is authorized by the applied key management system in response to determining that one or more key attributes of the first public key conforms to the at least one policy;
  
  determining whether a second public key corresponding to a second recipient is available in the local key store of the communication device; and
  
  requesting the second public key from the applied key management system in response to determining that the second public key is unavailable.
- View Dependent Claims (2, 3, 4, 5, 6, 18)
- - 2. The method of claim 1, further comprising:
    - determining whether the second public key is received from the applied key management system; and
      
      using the second public key for the application in response to determining that the second public key is received from the applied key management system.
  - 3. The method of claim 1, further comprising:
    - determining whether the second public key is received from the applied key management system; and
      
      notifying an operator of the communication device in response to determining that the second public key is not received from the applied key management system.
  - 4. The method of claim 1, wherein the first public key is determined to be unavailable in response to determining one or more of:
    - the first public key is not present in the local key store;
      
      the first public key in the local key store needs to be renewed;
      
      orthe first public key in the local key store is revoked.
  - 5. The method of claim 1, wherein the application is an email application.
  - 6. The method of claim 1, wherein using the first public key for the application comprises:
    - adding the first public key to the local key store; and
      
      using the first public key to encrypt a message of the application corresponding to the communication.
  - 18. The method of claim 1, wherein the one or more key attributes indicate that security and cryptographic considerations of the first public key is acceptable based on the at least one policy.

7. A communication device, comprising:
- a local key store;
  
  a memory; and
  
  a processor implementing a client plugin and a client interface;
  
  wherein;
  
  the client plugin is configured to;
  
  interface with an application;
  
  determine whether a first public key corresponding to a first recipient of a message associated with the application is available in the local key store;
  
  determine whether a second public key corresponding to a second recipient is available in the local key store of the communication device; and
  
  the client interface is configured to;
  
  request the first public key from an applied key management system in response to determining that the first public key is unavailable;
  
  receive the first public key from the applied key management system that is authorized by at least one policy in response to determining that one or more key attributes of the first public key conforms to the at least one policy, wherein the message corresponds to a communication sent from the communication device to the first recipient; and
  
  request the second public key from the applied key management system in response to determining that the second public key is unavailable.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The device of claim 7, wherein the client interface is further configured to:
    - determine whether the second public key corresponding to the second recipient is received from the applied key management system; and
      
      notify an operator of the communication device in response to determining that the second public key is not received from the applied key management system.
  - 10. The device of claim 7, wherein to use the first public key for the application, the user interface is further configured to:
    - add the first public key to the local key store; and
      
      use the first public key to encrypt a message of the application.
  - 11. The device of claim 7, wherein the first public key is unavailable in response to determining one or more of:
    - the first public key is not present in the local key store;
      
      the first public key in the local key store needs to be renewed;
      
      orthe first public key in the local key store is revoked.
  - 12. The device of claim 7, wherein the application is an email application.

8. A non-transitory processor-readable medium having processor-readable instructions, such that, when executed, causes a processor to:
- determine that a first public key corresponding to a first recipient of a communication from a communication device is unavailable in a local key store of the communication device;
  
  request the first public key corresponding to the first recipient from an applied key management system, the first public key for an application of the communication device;
  
  receive the first public key from the applied key management system, wherein the first public key is authorized by at least one policy;
  
  use the first public key for the application, wherein the first public key is authorized by the applied key management system in response to determining that one or more key attributes of the first public key conforms to the at least one policy;
  
  determine whether a second public key corresponding to a second recipient is available in the local key store of the communication device; and
  
  request the second public key from the applied key management system in response to determining that the second public key is unavailable.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The non-transitory processor-readable medium of claim 8, where the processor-readable instructions, when executed, further causes the processor to:
    - determine whether the second public key is received from the applied key management system; and
      
      use the second public key for the application in response to determining that the second public key is received from the applied key management system.
  - 14. The non-transitory processor-readable medium of claim 8, where the processor-readable instructions, when executed, further causes the processor to notify an operator of the communication device in response to determining that the second public key is not received from the applied key management system.
  - 15. The non-transitory processor-readable medium of claim 8, where the processor-readable instructions, when executed, further causes the processor to determine the first public key is unavailable in response to determining one or more of:
    - the first public key is not present in the local key store;
      
      the first public key in the local key store needs to be renewed;
      
      orthe first public key in the local key store is revoked.
  - 16. The non-transitory processor-readable medium of claim 8, wherein the application is an email application.
  - 17. The non-transitory processor-readable medium of claim 8, wherein to use the first public key for the application, the processor is further configured to:
    - add the first public key to the local key store; and
      
      use the first public key to encrypt a message of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fornetix LLC
Original Assignee
Fornetix LLC
Inventors
White, Charles, Edwards, Stephen
Primary Examiner(s)
Sholeman, Abu S

Application Number

US15/067,035
Publication Number

US 20160269370A1
Time in Patent Office

1,433 Days
Field of Search

713 17, 713171
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

Server-client PKI for applied key management system and process

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Server-client PKI for applied key management system and process

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links