Server-client PKI for applied key management system and process

US 10,567,355 B2
Filed: 04/16/2018
Issued: 02/18/2020
Est. Priority Date: 03/12/2015
Status: Active Grant

First Claim

Patent Images

1. A method for obtaining a public key for an application of a communication device, the method comprising:

receiving a request from the communication device to obtain the public key;

evaluating the request based on at least one policy;

requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized;

receiving the public key from the PKI;

identifying one or more key attributes associated with the public key;

evaluating the one or more key attributes based on at least one second policy;

determining acceptability of the public key based on the one or more key attributes indicating that cryptographic considerations of the public key conforms to the at least one second policy; and

sending the public key to the communication device;

wherein the sending of the public key to the communication device is in response to determining that the public key is acceptable based on the at least one second policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments described herein relate to obtaining a public key for an application of a communication device, including, but not limited to, receiving a request from the communication device to obtain the public key, evaluating the request based on at least one policy, requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized, receiving the public key from the PKI, and sending the public key to the communication device.

196 Citations

21 Claims

1. A method for obtaining a public key for an application of a communication device, the method comprising:
- receiving a request from the communication device to obtain the public key;
  
  evaluating the request based on at least one policy;
  
  requesting the public key from a public key infrastructure (PKI) in response to determining that the request is authorized;
  
  receiving the public key from the PKI;
  
  identifying one or more key attributes associated with the public key;
  
  evaluating the one or more key attributes based on at least one second policy;
  
  determining acceptability of the public key based on the one or more key attributes indicating that cryptographic considerations of the public key conforms to the at least one second policy; and
  
  sending the public key to the communication device;
  
  wherein the sending of the public key to the communication device is in response to determining that the public key is acceptable based on the at least one second policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 21)
- - 2. The method of claim 1, wherein:
    - the application is an email application;
      
      the request corresponds to a recipient of an email;
      
      the request comprises an email address corresponding to the recipient; and
      
      the public key is associated with the recipient.
  - 3. The method of claim 1, wherein:
    - the request from the communication device is received via a first network link; and
      
      the public key is request from the PKI via a second network link.
  - 4. The method of claim 3, wherein evaluating the request based on the at least one policy comprises determining whether requesting the public key for the email address corresponding to the recipient is authorized.
  - 5. The method of claim 1, wherein evaluating the request based on the at least one policy comprises determining whether the communication device is authorized to request the public key based on the at least one policy.
  - 6. The method of claim 1, further comprising connecting to the PKI.
  - 7. The method of claim 1, further comprising sending a failure message to the communication device in response to determining that the request is unauthorized.
  - 8. The method of claim 1, further comprising:
    - determining whether the public key is received; and
      
      sending the public key in response to determining that the public key has been received.
  - 9. The method of claim 8, further comprising sending a failure message to the communication device in response to determining that the public key has not been received.
  - 21. The method of claim 1, wherein:
    - the public key is for a recipient of a communication from the communication device;
      
      the request includes at least a unique identifier of the recipient; and
      
      wherein evaluating the request comprises determining whether the communication device is authorized to receive the public key for the recipient based on the unique identifier of the recipient being acceptable based on the at least one policy.

10. An applied key management system for providing a public key to an application of a communication device, the system comprising:
- a memory; and
  
  a processor, the processor is configured to;
  
  receive a request from the communication device to obtain the public key;
  
  evaluate the request based on at least one policy;
  
  request the public key from a public key infrastructure (PKI) in response to determine that the request is authorized;
  
  receive the public key from the PKI;
  
  identify one or more key attributes associated with the public key;
  
  evaluate the one or more key attributes based on at least one second policy;
  
  determine acceptability of the public key based on the one or more key attributes indicating that cryptographic considerations of the public key conforms to the at least one second policy; and
  
  send the public key to the communication device in response to determining that the public key is acceptable based on the at least one second policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein:
    - the application is an email application;
      
      the request corresponds to a recipient of an email;
      
      the request comprises an email address corresponding to the recipient; and
      
      the public key is associated with the recipient.
  - 12. The system of claim 10, wherein:
    - the request from the communication device is received via a first network link; and
      
      the public key is requested from the PKI via a second network link.
  - 13. The system of claim 12, wherein to evaluate the request based on the at least one policy, the processor is further configured to determine whether requesting the public key for the email address corresponding to the recipient is authorized.
  - 14. The system of claim 10, wherein to evaluate the request based on the at least one policy, the processor is further configured to determine whether the communication device is authorized to request the public key based on the at least one policy.
  - 15. The system of claim 10, wherein the processor is further configured to connect to the PKI.
  - 16. The system of claim 10, wherein the processor is further configured to send a failure message to the communication device in response to determining that the request is unauthorized.
  - 17. The system of claim 10, wherein the processor is further configured to:
    - determine whether the public key is received; and
      
      send the public key in response to determining that the public key has been received.
  - 18. The system of claim 17, wherein the processor is further configured to send a failure message to the communication device in response to determining that the public key has not been received.

19. A non-transitory processor-readable medium having processor-readable instructions, such that, when executed, causes a processor to:
- receive a request from the communication device to obtain the public key for an application of the communication device;
  
  evaluate the request based on at least one policy;
  
  request the public key from a public key infrastructure (PKI) in response to determine that the request is authorized;
  
  receive the public key from the PKI;
  
  identify one or more key attributes associated with the public key;
  
  evaluate the one or more key attributes based on at least one second policy;
  
  determine acceptability of the public key based on the one or more key attributes indicating that cryptographic considerations of the public key conforms to the at least one second policy; and
  
  send the public key to the communication device in response to determining that the public key is acceptable based on the at least one second policy.
- View Dependent Claims (20)
- - 20. The non-transitory processor-readable medium of claim 19, wherein:
    - the application is an email application;
      
      the request corresponds to a recipient of an email;
      
      the request comprises an email address corresponding to the recipient; and
      
      the public key is associated with the recipient.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fornetix LLC
Original Assignee
Fornetix LLC
Inventors
White, Charles, Edwards, Stephen
Primary Examiner(s)
Sholeman, Abu S

Application Number

US15/954,280
Publication Number

US 20180241726A1
Time in Patent Office

673 Days
Field of Search

713171
US Class Current
CPC Class Codes

H04L 63/0442   wherein the sending and rec...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

Server-client PKI for applied key management system and process

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

196 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Server-client PKI for applied key management system and process

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

196 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others