Lightweight cryptographic service for simplified key life-cycle management

US 10,715,318 B2
Filed: 01/23/2018
Issued: 07/14/2020
Est. Priority Date: 01/23/2018
Status: Active Grant

First Claim

Patent Images

1. A method for a cryptographic service facilitating asymmetric encryption, the cryptographic service implemented on one or more computer systems, the method comprising:

receiving, by the cryptographic service, one or more unique identifiers;

determining, by the cryptographic service, whether each of the one or more unique identifiers is valid;

generating, by the cryptographic service, a key pair per unique identifier of the one or more unique identifiers based on whether the corresponding unique identifier is valid; and

sending, by the cryptographic service, a success reply including a private key for each key pair generation,wherein the key pair enables the cryptographic service to avoid digital certificates or associated key life-cycle management for the encryption of data between a requester and one or more remote system,wherein in the key pair comprises the private key and a public key, the private key being distributed once to a requester and the public key being provided on demand,wherein the method of the cryptographic service provides a success reply including a public key to a remote system upon receiving the unique identifier from the remote system and validating the unique identifier received from the remote system with respect to a get request from the remote system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for a cryptographic service facilitating asymmetric encryption is provided. The cryptographic service is implemented on one or more computer systems. The method includes receiving, by the cryptographic service, one or more unique identifiers. The method also includes determining, by the cryptographic service, whether each of the one or more unique identifiers is valid. The method includes generating, by the cryptographic service, a key pair per unique identifier of the one or more unique identifiers based on whether the corresponding unique identifier is valid. The method includes sending, by the cryptographic service, a success reply including a public key for each key pair generation.

Citations

12 Claims

1. A method for a cryptographic service facilitating asymmetric encryption, the cryptographic service implemented on one or more computer systems, the method comprising:
- receiving, by the cryptographic service, one or more unique identifiers;
  
  determining, by the cryptographic service, whether each of the one or more unique identifiers is valid;
  
  generating, by the cryptographic service, a key pair per unique identifier of the one or more unique identifiers based on whether the corresponding unique identifier is valid; and
  
  sending, by the cryptographic service, a success reply including a private key for each key pair generation,wherein the key pair enables the cryptographic service to avoid digital certificates or associated key life-cycle management for the encryption of data between a requester and one or more remote system,wherein in the key pair comprises the private key and a public key, the private key being distributed once to a requester and the public key being provided on demand,wherein the method of the cryptographic service provides a success reply including a public key to a remote system upon receiving the unique identifier from the remote system and validating the unique identifier received from the remote system with respect to a get request from the remote system.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the method of the cryptographic service sends a failure reply based on whether the corresponding unique identifier is invalid.
  - 3. The method of claim 1, wherein the method of the cryptographic service deletes an association of the key pair and the unique identifier of the one or more unique identifiers upon validating the unique identifier and an input signature with respect to a delete request from a requester.
  - 4. The method of claim 3, wherein the method of the cryptographic service sends a failure reply based on whether the unique identifier of the one or more unique identifiers or the input signature is invalid.

5. A computer program product for a cryptographic service facilitating asymmetric encryption, the cryptographic service implemented on one or more computer systems, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by at least one of processor of the one or more computer systems to cause:
- receiving, by the cryptographic service, one or more unique identifiers;
  
  determining, by the cryptographic service, whether each of the one or more unique identifiers is valid;
  
  generating, by the cryptographic service, a key pair per unique identifier of the one or more unique identifiers based on whether the corresponding unique identifier is valid; and
  
  sending, by the cryptographic service, a success reply including a private key for each key pair generation,wherein the key pair enables the cryptographic service to avoid digital certificates or associated key life-cycle management for the encryption of data between a requester and one or more remote system,wherein in the key pair comprises the private key and a public key, the private key being distributed once to a requester and the public key being provided on demand,wherein the method of the cryptographic service provides a success reply including a public key to a remote system upon receiving the unique identifier from the remote system and validating the unique identifier received from the remote system with respect to a get request from the remote system,wherein the key pair enables the cryptographic service to avoid digital certificates or associated key life-cycle management for the encryption of data between a requester and one or more remote system,wherein in the key pair comprises the private key and a public key, the private key being distributed once to a requester and the public key being provided on demand,wherein the method of the cryptographic service provides a success reply including a public key to a remote system upon receiving the unique identifier from the remote system and validating the unique identifier received from the remote system with respect to a get request from the remote system.
- View Dependent Claims (6, 7, 8)
- - 6. The computer program product of claim 5, wherein the program instructions are further executable by the processor to cause the cryptographic service to send a failure reply based on whether the corresponding unique identifier is invalid.
  - 7. The computer program product of claim 5, wherein the program instructions are further executable by the processor to cause the cryptographic service to delete an association of the key pair and the unique identifier of the one or more unique identifiers upon validating the unique identifier and an input signature with respect to a delete request from a requester.
  - 8. The computer program product of claim 5, wherein the program instructions are further executable by the processor to cause the cryptographic service to send a failure reply based on whether the unique identifier of the one or more unique identifiers or the input signature is invalid.

9. A cryptographic service system comprising a processor and a memory storing program instructions for a cryptographic service facilitating asymmetric encryption thereon, the program instructions executable by the processor to cause:
- receiving, by the cryptographic service system, one or more unique identifiers;
  
  determining, by the cryptographic service system, whether each of the one or more unique identifiers is valid;
  
  generating, by the cryptographic service system, a key pair per unique identifier of the one or more unique identifiers based on whether the corresponding unique identifier is valid; and
  
  sending, by the cryptographic service system, a success reply including a private key for each key pair generation,wherein the key pair enables the cryptographic service to avoid digital certificates or associated key life-cycle management for the encryption of data between a requester and one or more remote system,wherein in the key pair comprises the private key and a public key, the private key being distributed once to a requester and the public key being provided on demand,wherein the method of the cryptographic service provides a success reply including a public key to a remote system upon receiving the unique identifier from the remote system and validating the unique identifier received from the remote system with respect to a get request from the remote system.
- View Dependent Claims (10, 11, 12)
- - 10. The cryptographic service system of claim 9, wherein the program instructions are further executable by the processor to cause the cryptographic service system to send a failure reply based on whether the corresponding unique identifier is invalid.
  - 11. The cryptographic service system of claim 9, wherein the program instructions are further executable by the processor to cause the cryptographic service system to delete an association of the key pair and the unique identifier of the one or more unique identifiers upon validating the unique identifier and an input signature with respect to a delete request from a requester.
  - 12. The cryptographic service system of claim 9, wherein the program instructions are further executable by the processor to cause the cryptographic service to send a failure reply based on whether the unique identifier of the one or more unique identifiers or the input signature is invalid.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Charters, Graham C., Dixon, Bret W., Horwood, Benjamin T., Poga, Alexander H., Shewell, Mark A.
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Wyszynski, Aubrey H

Application Number

US15/877,789
Publication Number

US 20190229896A1
Time in Patent Office

903 Days
Field of Search

380282
US Class Current
CPC Class Codes

G06F 21/31   User authentication

G06F 21/602   Providing cryptographic fac...

H04L 63/0442   wherein the sending and rec...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/083   involving central third par...

H04L 9/0894   Escrow, recovery or storing...

H04L 9/3247   involving digital signatures

Lightweight cryptographic service for simplified key life-cycle management

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Lightweight cryptographic service for simplified key life-cycle management

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links