Centralized cryptographic key administration scheme for enabling secure context-free application operation
First Claim
1. A cryptographic system with at least one server and any number of clients, including none, the cryptographic system further comprising:
- at least one application on one of the at least one server, each capable of engaging in a context-free multi-part communication session with any of the clients;
a key repository process on one of the at least one server, the key repository process configured to validate and record authorizations of specific programs to access one or more than one set of symmetric keys, wherein each of the at least one application is configured to query the key repository process for one or more than one set of symmetric keys, and the key repository process further configured, in response to the query from a particular instance of the at least one application, to provide the requested one or more than one set of symmetric keys to the particular instance of the at least one application but only if the key repository process authenticates the particular instance of the at least one application as being pre-authorized to receive the requested one or more than one set of symmetric keys;
wherein, the particular instance of the at least one application can utilize the one or more than one set of symmetric keys for securely off-loading sensitive information in any intermediate part of the context-free multi-part communication session.
6 Assignments
0 Petitions
Accused Products
Abstract
In scalable multi-node systems, applications that interact with remote users often use sessions that involve multiple messages. Unless the application instance that initiates the conversation processes all subsequent parts of that session, the context of the conversation must be passed between application instances. This context often involves sensitive data, such as session keys. This invention uses a central service, known as a Key Repository process, to create and manage a set of symmetric encryption keys unique to this application. All authorized instances of the application then obtain these keys from the Key Repository process, enabling these application instances to encrypt and save the context on disk, and allowing a possibly different instance of the application to retrieve and decrypt the context. As a result, these application programs can be designed to operate in a context-free manner.
-
Citations
13 Claims
-
1. A cryptographic system with at least one server and any number of clients, including none, the cryptographic system further comprising:
-
at least one application on one of the at least one server, each capable of engaging in a context-free multi-part communication session with any of the clients;
a key repository process on one of the at least one server, the key repository process configured to validate and record authorizations of specific programs to access one or more than one set of symmetric keys, wherein each of the at least one application is configured to query the key repository process for one or more than one set of symmetric keys, and the key repository process further configured, in response to the query from a particular instance of the at least one application, to provide the requested one or more than one set of symmetric keys to the particular instance of the at least one application but only if the key repository process authenticates the particular instance of the at least one application as being pre-authorized to receive the requested one or more than one set of symmetric keys;
wherein, the particular instance of the at least one application can utilize the one or more than one set of symmetric keys for securely off-loading sensitive information in any intermediate part of the context-free multi-part communication session. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for secure context-free multi-part communication in a computer system with a server and any number of clients, including none, the method comprising:
-
instantiating at least one application on the server, each capable of engaging in a context-free multi-part communication session with any of the clients;
instantiating a key repository process on the server, so that the key repository process validates and records authorizations of specific applications to access one or more than one set of symmetric keys, wherein each of the at least one application is configured to query the key repository process for one or more than one set of symmetric keys, and in response to the query from a particular instance of the at least one application, the key repository process provides the requested one or more than one set of symmetric keys to the particular instance of the at least one application but only if the key repository process authenticates the particular instance of the at least one application as being pre-authorized to obtain the requested one or more than one set of symmetric keys;
wherein, the particular instance of the at least one application utilizes the one or more than one set of symmetric keys for securely off-loading sensitive information in any intermediate part of the context-free multi-part communication session.
-
Specification