Method and apparatus for managing a key management system

US 20070127722A1
Filed: 12/29/2006
Published: 06/07/2007
Est. Priority Date: 02/25/2002
Status: Abandoned Application

First Claim

Patent Images

1. A network system for key management, comprising:

a server;

a key management system providing process logic for key management system management located on the server;

a key management system storage providing a secure data storage for the key management system;

an application using the key management system to manage an application key; and

an interface providing a means for managing the key management system, wherein the key management system comprises;

a memory storing data within the key management system;

a hashing module configured to hash a key encryption key to obtain a key encryption key hash;

an encryption module configured to decryption data using the key encryption key and the key encryption key hash; and

a serialization module de-serializing data obtained from the memory, the encryption module, and the serialization module, wherein the key encryption key comprises a key encryption key PIN, a key encryption key SALT, and a key encryption key ITERATION.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network system for key management, including a server, a key management system providing process logic for key management system management located on the server, a key management system storage providing a secure data storage for the key management system, an application using the key management system to manage an application key, and an interface providing a means for managing the key management system.

Citations

38 Claims

1. A network system for key management, comprising:
- a server;
  
  a key management system providing process logic for key management system management located on the server;
  
  a key management system storage providing a secure data storage for the key management system;
  
  an application using the key management system to manage an application key; and
  
  an interface providing a means for managing the key management system, wherein the key management system comprises;
  
  a memory storing data within the key management system;
  
  a hashing module configured to hash a key encryption key to obtain a key encryption key hash;
  
  an encryption module configured to decryption data using the key encryption key and the key encryption key hash; and
  
  a serialization module de-serializing data obtained from the memory, the encryption module, and the serialization module, wherein the key encryption key comprises a key encryption key PIN, a key encryption key SALT, and a key encryption key ITERATION.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 12, 13, 14, 15, 16, 22, 23, 24, 25, 36, 37, 38)
- - 2. The network system of claim 1, further comprising:
    - a client computer operatively connected to the server, wherein the client computer comprises a user interface to manage the key management system.
  - 3. The network system of claim 1, wherein the key management storage is located on the server.
  - 4. The network system of claim 1, wherein the key management storage is located on a second server operatively connected to the server.
  - 5. The network system of claim 1, wherein the interface comprises a graphical user interface.
  - 6. The network system of claim 5, wherein the graphical user interface is integrated into a web browser.
  - 7. The network system of claim 2, wherein the user interface comprises a graphical user interface.
  - 8. The network system of claim 7, wherein the graphical user interface is integrated into a web browser.
  - 9. The network system of claim 2, wherein the client computer and the server are connected using an encrypted connection.
  - 12. The network system of claim 1, wherein the key management system further comprises:
    - an encoding module for encoding data.
  - 13. The network system of claim 1, wherein the hashing module uses an MD5 hashing function.
  - 14. The network system of claim 1, wherein the encryption module further comprises a key generation tool.
  - 15. The network system of claim 14, wherein the key generation tool comprises a symmetric algorithm.
  - 16. The network system of claim 14, wherein the key generation tool comprises an asymmetric algorithm.
  - 22. The network system of claim 1, wherein the interface comprises a means for changing a key encryption key.
  - 23. The network system of claim 1, wherein the interface comprises means for starting the key management system.
  - 24. The network system of claim 1, wherein the interface comprises means for initializing the key management system.
  - 25. The network system of claim 1, wherein the interface comprises means for diagnosing problems with the key management system.
  - 36. The network system of claim 1, wherein the key management system is configured to retrieve a value secured in the key management system storage by:
    - receiving a request for the value secured in the key management system storage;
      
      searching for a key corresponding to the value in a decoded key list; and
      
      retrieving a tuple corresponding to the value, if the key corresponding to the value is in the decoded key list.
  - 37. The network system of claim 36, wherein the key management storage is located on a second server.
  - 38. The network system of claim 36, wherein the interface comprises a graphical user interface.

10. (canceled)

11. A network system for key management, comprising:
- a server;
  
  a key management system providing process logic for key management system management located on the server;
  
  a key management system storage providing a secure data storage for the key management system;
  
  an application using the key management system to manage an application key; and
  
  an interface providing a means for managing the key management system, wherein the key management system comprises;
  
  a memory storing data within the key management system;
  
  a hashing module configured to hash a key encryption key to obtain a key encryption key hash;
  
  an encryption module configured to decrypt data and encrypt data using the key encryption key, the key encryption key hash, and a key decryption key associated with the key encryption key; and
  
  a serialization module de-serializing and serializing data obtained from the memory, the encryption module, and the serialization module, wherein the key encryption key comprises a key encryption key PIN, a key encryption key SALT, and a key encryption key ITERATION.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The network system of claim 11, wherein the key management system further comprises:
    - an encoding module for encoding data.
  - 18. The network system of claim 11, wherein the hashing module uses an MD5 hashing function.
  - 19. The network system of claim 11, wherein the encryption module further comprises a key generation tool.
  - 20. The network system of claim 19, wherein the key generation tool comprises a symmetric algorithm.
  - 21. The network system of claim 19, wherein the key generation tool comprises an asymmetric algorithm.

26. A network system for key management, comprising:
- a server;
  
  a key management system providing process logic for key management system initialization located on the server;
  
  a key management system storage providing a secure data storage for the key management system;
  
  an application using the key management system to manage an application key;
  
  an interface providing a means for inputting data into the key management system; and
  
  a client computer operatively connected to the server, wherein the client computer comprises a user interface to manage the key management system, wherein the key management system comprises;
  
  a memory storing data within the key management system;
  
  a hashing module configured to hash a key encryption key to obtain a key encryption key hash;
  
  an encryption module configured to decrypt data using the key encryption key and the key encryption key hash; and
  
  a serialization module de-serializing data obtained from the memory, the encryption module, and the serialization module, wherein the key encryption key comprises a key encryption key PIN, a key encryption key SALT, and a key encryption key ITERATION.

27-35. -35. (canceled)

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Schlumberger Technology Corporation (SLB)
Original Assignee
Schlumberger Technology Corporation (SLB)
Inventors
Lam, Chui-Shan, Syed, Jameel

Application Number

US11/648,088
Publication Number

US 20070127722A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06Q 10/103   Workflow collaboration or p...

G06Q 20/027   involving a payment switch ...

G06Q 20/3829   involving key management

H04L 63/06   for supporting key manageme...

H04L 63/12   Applying verification of th...

H04L 9/0822   using key encryption key

H04L 9/0891   Revocation or update of sec...

Method and apparatus for managing a key management system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for managing a key management system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links