Automated key management system
First Claim
Patent Images
1. A key management agent system in a computer network, the system comprising:
- a centralized key control system that automatically generates and distributes asymmetric cryptographic keys for use by software applications in the computer network, the key control system including a key management server computer;
an administrative server interface, providing a user interface to the key management agent system, that is communicatively connected to the key control system;
at least one key management agent communicatively connected to the key control system and arranged to receive at least one of the asymmetric cryptographic keys directly from the key control system; and
at least one key store communicatively connected to the key management agent and automatically loaded with the at least one asymmetric cryptographic keys as directed by the key control system.
3 Assignments
0 Petitions
Accused Products
Abstract
A system for automated cryptographic key management comprises a key control system, a key management agent system, and a key system application program interface. A method for automated cryptographic key management is also disclosed. The method comprises the automatic generation of cryptographic keys by the key control system and distribution of such keys by the key control system to the key management agent system.
-
Citations
21 Claims
-
1. A key management agent system in a computer network, the system comprising:
-
a centralized key control system that automatically generates and distributes asymmetric cryptographic keys for use by software applications in the computer network, the key control system including a key management server computer;
an administrative server interface, providing a user interface to the key management agent system, that is communicatively connected to the key control system;
at least one key management agent communicatively connected to the key control system and arranged to receive at least one of the asymmetric cryptographic keys directly from the key control system; and
at least one key store communicatively connected to the key management agent and automatically loaded with the at least one asymmetric cryptographic keys as directed by the key control system. - View Dependent Claims (2)
-
-
3. A key control system for cryptographic asymmetric application keys for use within an automated key management system, the key control system comprising:
-
a collection of key data, the key data including a plurality of asymmetric cryptographic application keys for use in facilitating secure communication in the automated key management system, a cryptographic key database system for storing at least a portion of the key data including encrypted asymmetric application keys, and a key management server computer communicatively connected within the automated key management system and arranged to automatically generate an asymmetric application key and store the asymmetric application key in the cryptographic key database system. - View Dependent Claims (4)
-
-
5. A method of distributing asymmetric cryptographic keys automatically by a key control system in an automated key management system, the method comprising:
-
at the key control system, receiving instructions from an administrative interface to distribute an asymmetric cryptographic key to a key management agent;
automatically distributing without manual intervention the asymmetric cryptographic key to the key management agent via a secure interface; and
automatically loading, without manual intervention, the asymmetric cryptographic key into a key store for independent retrieval by an application programming interface of an unrelated software application. - View Dependent Claims (6)
-
-
7. A method for securely transmitting a cryptographic application key from a first computing device to a second computing device using a certificate having an expiration date, the method comprising:
-
assessing the expiration date of the certificate of the second computing device, based upon the assessment, generating, by the second computing device, an authentication key pair having a public key and a private key, wrapping the public key in a system certificate request message by the second computing device, transmitting the system certificate request message from the second computing device to the first computing device, sending the system certificate request from the first computing device to a certificate authority, at the first computing device, receiving, from the certificate authority, a signed certificate that comprises the public key signed by the certificate authority, forwarding the signed public key from the first computing device to the second computing device, and distributing a cryptographic application key from the first computing device to the second computing device using the signed public key to authenticate the distribution. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A method for automatically rotating cryptographic keys in an automatic key management system having a first computing device communicatively connected to a second computing device, the method comprising:
-
storing a first cryptographic key to a first computing device, storing the first cryptographic key to a second computing device, using the first cryptographic key to facilitate communication between the first and second computing devices, distributing a second cryptographic key to the first and second computing device, replacing the first cryptographic key with the second cryptographic key in the first computing device, maintaining the first cryptographic key at the second computing device, thereby facilitating communication between the first and second computing devices using the first cryptographic key, until it is determined that the replacement has been successfully completed, and using the second cryptographic key to facilitate communication between the first and second computing devices upon determining that the first computing device has successfully replaced the first cryptographic key with the second cryptographic key. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A method for automatically rotating cryptographic keys in an automatic key management system, the method comprising:
-
providing first and second computing devices, the first computing device including a key control system and the second computing device including a software application installed thereon and a data file, the software application operating independently from the key control system, loading a first cryptographic key into the data file in the second computing device, using the first cryptographic key in the software application, after using the first cryptographic key in the software application, automatically distributing without manual intervention a second cryptographic key to the second computing device via a secure interface, automatically loading, without manual intervention, the second cryptographic key into the data file for independent retrieval by the software application, and using the second cryptographic key, as a replacement for the first cryptographic key, in the software application.
-
Specification