Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects

US 20080133514A1
Filed: 12/04/2006
Published: 06/05/2008
Est. Priority Date: 12/04/2006
Status: Active Grant

First Claim

Patent Images

1. A method for managing cryptographic objects in a computer system, the method comprising:

establishing a storage table for the cryptographic objects, the storage table including rows corresponding to respective ones of the cryptographic objects and a plurality of columns associated with the rows, the columns corresponding to available attributes capable of being associated with any of the cryptographic objects; and

storing actual attributes of the cryptographic objects in ones of the plurality of columns that correspond to respective ones of the available attributes,wherein the storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.

157 Citations

22 Claims

1. A method for managing cryptographic objects in a computer system, the method comprising:
- establishing a storage table for the cryptographic objects, the storage table including rows corresponding to respective ones of the cryptographic objects and a plurality of columns associated with the rows, the columns corresponding to available attributes capable of being associated with any of the cryptographic objects; and
  
  storing actual attributes of the cryptographic objects in ones of the plurality of columns that correspond to respective ones of the available attributes,wherein the storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising searching the storage table for one or more of the cryptographic objects based on one or more of the available attributes.
  - 3. The method of claim 1, further comprising:
    - searching the storage table for one or more of the cryptographic objects based on one or more of the available attributes; and
      
      locating ones of the cryptographic objects having actual attributes corresponding to the one or more of the available attributes used in the searching.
  - 4. The method of claim 1, wherein the available attributes include one or more of attribute value pairs and user-defined attributes.
  - 5. The method of claim 1, wherein the storage table includes a standard query language (SQL) database table.
  - 6. The method of claim 1, wherein the available attributes are defined in accordance with a PKCS #11 standard.
  - 7. The method of claim 1, wherein the available attributes include a pathname of the cryptographic objects.
  - 8. The method of claim 1, wherein the available attributes include a provider name of the cryptographic objects.
  - 9. The method of claim 1, wherein the available attributes include a method of a provider of the cryptographic objects.
  - 10. The method of claim 1, wherein the available attributes include an enabled method of a provider of the cryptographic objects.
  - 11. The method of claim 1, wherein the available attributes include a disabled method of a provider of the cryptographic objects.
  - 12. An apparatus configured to implement the method of claim 1.
  - 13. A computer readable medium comprising instructions readable by a processor for causing a processor to implement the method of claim 1.

14. A cryptography module in a computer having an operating system, the operating system capable of facilitating the execution of an application requiring a cryptographic object, the application requesting the cryptographic object using a security library accessible through the operating system, the cryptography module comprising:
- a storage table capable of storing a plurality of cryptographic objects each having at least a portion of a set of available attributes, the storage table accessible using a standard query language (SQL), the storage table organized such that a row is allocated to the each of the plurality of cryptographic objects and a column is allocated to each of the available attributes; and
  
  a translator for translating a first command associated with one of the plurality of cryptographic objects, the first command constructed in accordance with a cryptography standard, into a second command constructed in accordance with the SQL,wherein at least one of the first and the second command is constructed using at least one of the available attributes.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The cryptography module of claim 14, wherein the command includes one of a CREATE_OBJECT command, a COPY_OBJECT command, a DELETE_OBJECT command, a FIND_OBJECT command, a GET_ATTRIB_VALUE command, and a SET_ATTRIBUTE_VALUE command.
  - 16. The cryptographic module of claim 14, wherein the translator is configured to be compliant with a government standard including a federal information processing standard (FIPS).
  - 17. The cryptographic module of claim 14, wherein the plurality of cryptographic objects include public key cryptography standard (PKCS) #11 objects.
  - 18. The cryptographic module of claim 14, wherein the storage table is further organized to be capable of adding a new column corresponding to a new attribute associated with all of the plurality of cryptographic objects.
  - 19. The cryptographic module of claim 14, wherein the application includes one of a web browser, a cryptography application, and an email client.
  - 20. The cryptographic module of claim 14, wherein the storage table is stored on a token coupled to the computer.

21. A client in a computer system executing an application requiring a cryptographic object, the application requesting the cryptographic object using a request constructed from a security library accessible through an operating system associated with the client, the client comprising:
- a token interface;
  
  a system interface coupled to the computer system; and
  
  a processor coupled to the token interface and the system interface, the processor configured to;
  
  organize a storage table for storage in a token coupled to the token interface, the storage table storing a cryptographic object having at least a portion of a set of available attributes associated with a cryptographic standard, the storage table accessible using a standard query language (SQL), the storage table organized such that a row is allocated to the cryptographic object and a column is allocated to each of the available attributes; and
  
  translate the request from the security library for the cryptographic object to a SQL request for the cryptographic object using at least one of the portion of the set of available attributes.
- View Dependent Claims (22)
- - 22. The client of claim 21, wherein the processor is further configured to further organize the storage table to add an additional column to the storage table, the additional column allocated to a new attribute associated with one of the cryptographic standard, a revised version of the cryptographic standard, a new cryptographic standard, and a user-defined attribute.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert

Granted Patent

US 8,693,690 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/6
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/602 Providing cryptographic fac...

Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

157 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

157 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links