Method and Apparatus for Organizing an Extensible Table for Storing Cryptographic Objects
First Claim
1. A method for managing cryptographic objects in a computer system, the method comprising:
- establishing a storage table for the cryptographic objects, the storage table including rows corresponding to respective ones of the cryptographic objects and a plurality of columns associated with the rows, the columns corresponding to available attributes capable of being associated with any of the cryptographic objects; and
storing actual attributes of the cryptographic objects in ones of the plurality of columns that correspond to respective ones of the available attributes,wherein the storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.
157 Citations
22 Claims
-
1. A method for managing cryptographic objects in a computer system, the method comprising:
-
establishing a storage table for the cryptographic objects, the storage table including rows corresponding to respective ones of the cryptographic objects and a plurality of columns associated with the rows, the columns corresponding to available attributes capable of being associated with any of the cryptographic objects; and storing actual attributes of the cryptographic objects in ones of the plurality of columns that correspond to respective ones of the available attributes, wherein the storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A cryptography module in a computer having an operating system, the operating system capable of facilitating the execution of an application requiring a cryptographic object, the application requesting the cryptographic object using a security library accessible through the operating system, the cryptography module comprising:
-
a storage table capable of storing a plurality of cryptographic objects each having at least a portion of a set of available attributes, the storage table accessible using a standard query language (SQL), the storage table organized such that a row is allocated to the each of the plurality of cryptographic objects and a column is allocated to each of the available attributes; and a translator for translating a first command associated with one of the plurality of cryptographic objects, the first command constructed in accordance with a cryptography standard, into a second command constructed in accordance with the SQL, wherein at least one of the first and the second command is constructed using at least one of the available attributes. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A client in a computer system executing an application requiring a cryptographic object, the application requesting the cryptographic object using a request constructed from a security library accessible through an operating system associated with the client, the client comprising:
-
a token interface; a system interface coupled to the computer system; and a processor coupled to the token interface and the system interface, the processor configured to; organize a storage table for storage in a token coupled to the token interface, the storage table storing a cryptographic object having at least a portion of a set of available attributes associated with a cryptographic standard, the storage table accessible using a standard query language (SQL), the storage table organized such that a row is allocated to the cryptographic object and a column is allocated to each of the available attributes; and translate the request from the security library for the cryptographic object to a SQL request for the cryptographic object using at least one of the portion of the set of available attributes. - View Dependent Claims (22)
-
Specification