Methods and system for a key recovery plan

US 20080022086A1
Filed: 06/06/2006
Published: 01/24/2008
Est. Priority Date: 06/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method of recovering subject keys and/or certificates for a token, comprising:

obtaining a unique identifier associated with the token,associating the token with a plurality of subject keys and with a first status of a plurality of statuses, the statuses including a lost status state and an other status state; and

determining, in response to the token being in the lost status state, a key recovery plan to at least one of recover the plurality of subject keys and retrieve the certificates associated with the token.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer readable mediums are provided for recovering subject keys and/or certificates for a token. A unique identifier associated with the token is obtained. The token is associated with subject keys and with a first status of statuses, the statuses including a lost status state and an other status state. In response to the token being in the lost status state, a key recovery plan is determined to recover at least one of the subject keys and the certificates associated with the token.

152 Citations

View as Search Results

22 Claims

1. A method of recovering subject keys and/or certificates for a token, comprising:
- obtaining a unique identifier associated with the token,associating the token with a plurality of subject keys and with a first status of a plurality of statuses, the statuses including a lost status state and an other status state; and
  
  determining, in response to the token being in the lost status state, a key recovery plan to at least one of recover the plurality of subject keys and retrieve the certificates associated with the token.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the key recovery plan includes information identifying a subset of subject keys of the plurality of subject keys to be recovered and actions to recover the subset of subject keys in response to the lost status state.
  - 3. The method of claim 1, wherein the key recovery plan further includes information identifying actions to be performed on information associated with the token in response to the lost status state.
  - 4. The method of claim 1, further comprising providing the key recovery plan.
  - 5. The method of claim 1, wherein the key recovery plan further comprises:
    - generating a new subject key and certificate to be associated with the token;
      
      recovering a prior subject key associated with the token; and
      
      managing a certificate associated with the prior subject key.
  - 6. The method of claim 1, further comprising, in response to the lost status state indicating that the token was destroyed, recovering at least one subject key of the plurality of subject keys.
  - 7. The method of claim 1, further comprising, in response to the lost status state indicating that the token was compromised:
    - generating a new subject key to replace at least one subject key of the plurality of subject keys; and
      
      revoking a certificate associated with the at least one subject key.
  - 8. The method of claim 1, further comprising, in response to the lost status state indicating that the token is on hold:
    - generating a replacement token; and
      
      placing the token in an on-hold mode;
      
      wherein the replacement token can be self-expiring, andwherein the certificates corresponding to the token are revoked.
  - 9. The method of claim 1, further comprising authenticating the user associated with the token, before performing the determining.
  - 10. An apparatus configured to perform the method of claim 1.
  - 11. A computer-readable medium comprising computer-executable instructions for performing the method of claim 1.

12. A computer system that determines a key recovery plan to recover subject keys and/or certificates for tokens, said system comprising:
- a first unit to obtain a status of a token, wherein the status is a first status of a plurality of statuses including a lost status state;
  
  a second unit to associate the status with the token;
  
  a third unit, in response to the token being associated with the lost status state, to associate one of a plurality of reasons with the token, wherein respective reasons have associated therewith respective actions to be performed for respective subject keys associated with the token; and
  
  a fourth unit, in response to the token being in the lost status state, to initiate the performance of the respective actions for the respective subject keys associated with the token.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The system of claim 12, wherein the fourth unit initiates, in response to the lost status state, the performance of actions to be performed on information associated with the token.
  - 14. The system of claim 12, wherein the actions include at least one of generating a new subject key and certificate to be associated with the token, recovering a prior subject key associated with the token, and managing a certificate associated with the prior subject key.
  - 15. The system of claim 12, wherein the respective subject keys associated with the token include a signing key and an encryption key.
  - 16. The system of claim 12, wherein the token is associated with a unique identifier, wherein a plurality of tokens can be associated with a particular subject.
  - 17. The system of claim 16, wherein the plurality of statuses further include an active status state and an inactive status state, and wherein only one token associated with a particular subject can have an active status state, further comprising not allowing use of the token if the token is not in an active status state.
  - 18. The system of claim 12, further comprising, in response to the lost status state:
    - changing the reason associated with the token; and
      
      initiating the performance of the respective actions for the respective reasons for the respective subject keys associated with the token.
  - 19. The system of claim 12, further comprising authenticating the user associated with the token, before the initiating the performance of the action.

20. A computer-readable medium comprising instructions for execution by a computer, the instructions including a computer-implemented method for managing a subject key and/or certificate for a token, the instructions for implementing:
- (A) interacting with a subject to indicate a first status of the plurality of statuses, the statuses including a temporarily lost state, a permanently lost state, and a destroyed state;
  
  (B) interacting with the subject to indicate a token to be associated with the first status; and
  
  (C) updating the first status and an indication of the token.
- View Dependent Claims (21, 22)
- - 21. The computer-readable medium of claim 20, further comprising instructions to change the first status to a different status of the plurality of statuses.
  - 22. The computer-readable medium of claim 20, further comprising instructions to authenticate the subject associated with the token.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Kannan, Chandrasekar, Ho, Shuk Yee, Fu, Christina, Kwan, Nang Kon

Granted Patent

US 8,364,952 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

H04L 9/0891 Revocation or update of sec...

H04L 9/0897 involving additional device...

Methods and system for a key recovery plan

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

152 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Methods and system for a key recovery plan

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

152 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others