Apparatus and method for generating keys in a network computing environment

US 20040190724A1
Filed: 03/27/2003
Published: 09/30/2004
Est. Priority Date: 03/27/2003
Status: Active Grant

First Claim

Patent Images

1. A networked computer system comprising:

a first computer system; and

a second computer system coupled via a network to the first computer system, wherein the second computer system includes a global key control mechanism, the global key control mechanism allocating a first block of globally unique keys to a client key generation mechanism executing on the first computer system, the client key generation mechanism allocating at least one globally unique key in the block to at least one application that requests a key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A global key control mechanism provides a single point of overall control for key generation, but portions of the key generation and/or allocation tasks may be delegated to client computer systems, thereby reducing network traffic. The global key control mechanism may download a client key generation mechanism on one or more client computer systems, and may allocate a block of keys to the client key generation mechanism. Requests for keys may then be routed to the client key generation mechanism, which can generate and/or allocate keys within the block of keys that the global key control mechanism allocated to it. When the block of keys is used up, the client key generation mechanism may request another block from the global key control mechanism. The preferred embodiments also include the capability of downloading a client key generation mechanism with an associated block of keys once the requests from one or more client applications exceed a predetermined threshold. In addition, the preferred embodiments include a hierarchy of key control mechanisms, with a single global key control mechanism that maintains control over one or more client key control mechanisms that may, in turn, control other client key control mechanism(s) or which may generate and/or allocate keys directly to requesting applications.

27 Citations

View as Search Results

53 Claims

1. A networked computer system comprising:
- a first computer system; and
  
  a second computer system coupled via a network to the first computer system, wherein the second computer system includes a global key control mechanism, the global key control mechanism allocating a first block of globally unique keys to a client key generation mechanism executing on the first computer system, the client key generation mechanism allocating at least one globally unique key in the block to at least one application that requests a key.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The networked computer system of claim 1 wherein the global key control mechanism generates a plurality of globally unique keys according to at least one global key criterion.
  - 3. The networked computer system of claim 2 wherein the client key generation mechanism executing on the first computer system generates a plurality of globally unique keys within the first block of globally unique keys according to the at least one global key criterion.
  - 4. The networked computer system of claim 1 wherein the global key control mechanism executing on the second computer system downloads the client key generation mechanism to the first computer system.
  - 5. The networked computer system of claim 1 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism.
  - 6. The networked computer system of claim 1 wherein the at least one application that requests a key is executing on the first computer system.

7. A networked computer system comprising:
- a first computer system; and
  
  a second computer system coupled via a network to the first computer system, wherein the second computer system includes a global key control mechanism that downloads a client key generation mechanism to the first computer system, the first computer system executing the client key generation mechanism, the client key generation mechanism allocating at least one globally unique key to at least one application that requests a key.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The networked computer system of claim 7 wherein the global key control mechanism generates a plurality of globally unique keys according to at least one global key criterion.
  - 9. The networked computer system of claim 8 wherein the client key generation mechanism executing on the first computer system generates a plurality of globally unique keys according to the at least one global key criterion.
  - 10. The networked computer system of claim 7 wherein the at least one application that requests a key is executing on the first computer system.
  - 11. The networked computer system of claim 7 wherein the global key control mechanism allocates a first block of keys to the client key generation mechanism for allocation to the at least one application.
  - 12. The networked computer system of claim 11 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism to the at least one application.

13. A networked computer system comprising:
- (A) a first computer system; and
  
  (B) a second computer system coupled via a network to the first computer system, wherein the second computer system includes a global key control mechanism that generates a plurality of globally unique keys and determines when to share some of the work load of allocating globally unique keys, and when the global key control mechanism determines to share some of the work load of allocating globally unique keys, the global key control mechanism performs the steps of;
  
  (B1) downloading a client key allocation mechanism to the first computer system; and
  
  (B2) allocating a first block of globally unique keys to the client key allocation mechanism;
  
  (C) wherein the client key allocation mechanism allocates at least one key in the first block to at least one application that requests a key.
- View Dependent Claims (14)
- - 14. The networked computer system of claim 13 wherein the client key allocation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key allocation mechanism to the at least one application.

15. A networked computer system comprising:
- (A) a first computer system; and
  
  (B) a second computer system coupled via a network to the first computer system, wherein the second computer system includes a global key control mechanism that generates a plurality of globally unique keys and determines when to share some of the work load of generating globally unique keys, and when the global key control mechanism determines to share some of the work load of generating globally unique keys, the global key control mechanism performs the steps of;
  
  (B1) downloading a client key generation mechanism to the first computer system; and
  
  (B2) allocating a first block of globally unique keys to the client key generation mechanism;
  
  (C) wherein the client key generation mechanism generates at least one key in the first block and allocates the at least one key to at least one application that requests a key.
- View Dependent Claims (16)
- - 16. The networked computer system of claim 15 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been generated and allocated by the client key generation mechanism to the at least one application.

17. A computer-implemented method for generating and allocating globally unique keys in a network computing environment, the method comprising the steps of:
- (A) executing a global key control mechanism on a first computer system, the global key control mechanism generating a plurality of globally unique keys; and
  
  (B) allocating a first block of the plurality of globally unique keys to a client key allocation mechanism executing on a second computer system coupled via network to the first computer system, the client key allocation mechanism allocating at least one globally unique key in the first block to at least one application that requests a key.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17 wherein the global key control mechanism generates the plurality of globally unique keys according to at least one global key criterion.
  - 19. The method of claim 18 further comprising the step of the client key generation mechanism generating a plurality of globally unique keys within the first block of keys according to the at least one global key criterion.
  - 20. The method of claim 17 further comprising the steps of:
    - the global key control mechanism downloading the client key generation mechanism to the first computer system; and
      
      executing the client key generation mechanism on the first computer system.
  - 21. The method of claim 17 further comprising the step of the client key generation mechanism requesting a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism to the at least one application.

22. A computer-implemented method for generating and allocating globally unique keys in a networked computing environment, the method comprising the steps of:
- (A) executing a global key control mechanism on a first computer system, the global key control mechanism generating a plurality of globally unique keys; and
  
  (B) the global key control mechanism downloading a client key generation mechanism to a second computer system coupled via network to the first computer system, the client key allocation mechanism allocating at least one globally unique key to at least one application that requests a key.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The method of claim 22 wherein the global key control mechanism generates the plurality of globally unique keys according to at least one global key criterion.
  - 24. The method of claim 23 further comprising the step of the client key generation mechanism generating a plurality of globally unique keys according to the at least one global key criterion.
  - 25. The method of claim 22 further comprising the step of at least one application executing on the first computer system requesting a key from the client key generation mechanism.
  - 26. The method of claim 22 further comprising the step of the global key control mechanism allocating a first block of keys to the client key generation mechanism for allocation to the at least one application.
  - 27. The method of claim 26 further comprising the step of the client key generation mechanism requesting a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism to the at least one application.

28. A computer-implemented method for generating and allocating globally unique keys in a networked computing environment, the method comprising the steps of:
- (A) generating a plurality of globally unique keys on a first computer system;
  
  (B) determining when to share some of the work load of allocating globally unique keys;
  
  (C) when the determination is made to share some of the work load of allocating globally unique keys, the global key control mechanism performing the steps of;
  
  (C1) downloading a client key allocation mechanism to a second computer system; and
  
  (C2) allocating a first block of globally unique keys to the client key allocation mechanism;
  
  (D) the client key allocation mechanism allocating at least one key in the first block to at least one application that requests a key.
- View Dependent Claims (29)
- - 29. The method of claim 28 further comprising the step of the client key allocation mechanism requesting a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key allocation mechanism to the at least one application.

30. A computer-implemented method for generating and allocating globally unique keys in a networked computing environment, the method comprising the steps of:
- (A) generating a plurality of globally unique keys on a first computer system;
  
  (B) determining when to share some of the work load of generating globally unique keys;
  
  (C) when the determination is made to share some of the work load of generating globally unique keys, performing the steps of;
  
  (C1) downloading a client key generation mechanism to a second computer system; and
  
  (C2) allocating a first block of globally unique keys to the client key generation mechanism;
  
  (D) the client key generation mechanism generating at least one key in the first block and allocating the at least one key to at least one application that requests a key.
- View Dependent Claims (31)
- - 31. The method of claim 30 further comprising the step of the client key generation mechanism requesting a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been generated and allocated by the client key generation mechanism to the at least one application.

32. A program product comprising:
- (A) a global key control mechanism that allocates a first block of globally unique keys to a client key generation mechanism executing on a first computer system coupled via network to a second computer system executing the global key control mechanism, the client key generation mechanism allocating at least one globally unique key in the block to at least one application that requests a key; and
  
  (B) computer-readable signal bearing media bearing the global key control mechanism.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The program product of claim 32 wherein the computer-readable signal bearing media comprises recordable media.
  - 34. The program product of claim 32 wherein the computer-readable signal bearing media comprises transmission media.
  - 35. The program product of claim 32 wherein the global key control mechanism generates a plurality of globally unique keys according to at least one global key criterion.
  - 36. The program product of claim 35 wherein the client key generation mechanism generates a plurality of globally unique keys within the first block of globally unique keys according to the at least one global key criterion.
  - 37. The program product of claim 32 wherein the global key control mechanism downloads the client key generation mechanism to the first computer system.
  - 38. The program product of claim 32 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism.

39. A program product comprising:
- (A) a global key control mechanism that executes on a first computer system and downloads a client key generation mechanism to a second computer system, the client key generation mechanism allocating at least one globally unique key to at least one application that requests a key; and
  
  (B) computer-readable signal bearing media bearing the global key control mechanism and the client key generation mechanism.
- View Dependent Claims (40, 41, 42, 43, 44, 45)
- - 40. The program product of claim 39 wherein the computer-readable signal bearing media comprises recordable media.
  - 41. The program product of claim 39 wherein the computer-readable signal bearing media comprises transmission media.
  - 42. The program product of claim 39 wherein the global key control mechanism generates a plurality of globally unique keys according to at least one global key criterion.
  - 43. The program product of claim 42 wherein the client key generation mechanism generates a plurality of globally unique keys according to the at least one global key criterion.
  - 44. The program product of claim 39 wherein the global key control mechanism allocates a first block of keys to the client key generation mechanism for allocation to the at least one application.
  - 45. The program product of claim 44 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key generation mechanism to the at least one application.

46. A program product comprising:
- (A) a global key control mechanism that generates a plurality of globally unique keys and determines when to share some of the work load of allocating globally unique keys, and when the global key control mechanism determines to share some of the work load of allocating globally unique keys, the global key control mechanism performs the steps of;
  
  (A1) downloading a client key allocation mechanism to the first computer system; and
  
  (A2) allocating a first block of globally unique keys to the client key allocation mechanism;
  
  wherein the client key allocation mechanism allocates at least one key in the first block to at least one application that requests a key; and
  
  (B) computer-readable signal bearing media bearing the global key control mechanism and the client key generation mechanism.
- View Dependent Claims (47, 48, 49)
- - 47. The program product of claim 46 wherein the computer-readable signal bearing media comprises recordable media.
  - 48. The program product of claim 46 wherein the computer-readable signal bearing media comprises transmission media.
  - 49. The program product of claim 46 wherein the client key allocation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been allocated by the client key allocation mechanism to the at least one application.

50. A program product comprising:
- (A) a global key control mechanism that generates a plurality of globally unique keys and determines when to share some of the work load of allocating globally unique keys, and when the global key control mechanism determines to share some of the work load of generating globally unique keys, the global key control mechanism performs the steps of;
  
  (A1) downloading a client key generation mechanism to the first computer system; and
  
  (A2) allocating a first block of globally unique keys to the client key generation mechanism;
  
  wherein the client key generation mechanism generates at least one key in the first block to at least one application that requests a key; and
  
  (B) computer-readable signal bearing media bearing the global key control mechanism and the client key generation mechanism.
- View Dependent Claims (51, 52, 53)
- - 51. The program product of claim 50 wherein the computer-readable signal bearing media comprises recordable media.
  - 52. The program product of claim 50 wherein the computer-readable signal bearing media comprises transmission media.
  - 53. The program product of claim 50 wherein the client key generation mechanism requests a second block of keys from the global key control mechanism when a predetermined number of the first block of keys has been generated and allocated by the client key generation mechanism to the at least one application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Stevens, Richard Joseph, Dettinger, Richard Dean, La Rocca, Jennifer Lynn

Granted Patent

US 7,890,758 B2
Time in Patent Office

Days
Field of Search
US Class Current

380/279
CPC Class Codes

H04L 63/062 for key distribution, e.g. ...

Apparatus and method for generating keys in a network computing environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

27 Citations

53 Claims

Specification

Solutions

Use Cases

Quick Links

Apparatus and method for generating keys in a network computing environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

27 Citations

53 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links