System and method for managing the lifecycle of encryption keys

US 20080319909A1
Filed: 06/25/2007
Published: 12/25/2008
Est. Priority Date: 06/25/2007
Status: Abandoned Application

First Claim

Patent Images

1. A system for managing a lifecycle of an encryption key comprising:

a workflow engine operable to implement a workflow;

a data store comprising a plurality of workflows logically connected to the workflow engine, wherein each of the plurality of workflows comprise computer instructions for automatically implementing one or more steps in the lifecycle of the encryption key; and

a web service module, logically connected to the workflow engine and operable to distribute the encryption key to a plurality of targets comprising different operating platforms.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Automatically managing the lifecycle of encryption keys. The systems and methods include a workflow engine and workflows that implement actions that generate, maintain, replace, and destroy encryption keys. Workflows may trigger other workflows to automate each step in an encryption key'"'"'s lifecycle. The systems and methods include reporting on and auditing of the entire hierarchy of keys managed by the system.

Citations

20 Claims

1. A system for managing a lifecycle of an encryption key comprising:
- a workflow engine operable to implement a workflow;
  
  a data store comprising a plurality of workflows logically connected to the workflow engine, wherein each of the plurality of workflows comprise computer instructions for automatically implementing one or more steps in the lifecycle of the encryption key; and
  
  a web service module, logically connected to the workflow engine and operable to distribute the encryption key to a plurality of targets comprising different operating platforms.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1 further comprising a reporting module.
  - 3. The system of claim 1 further comprising a secure workstation logically connected to the workflow engine and operable to implement a workflow using the workflow engine.
  - 4. The system of claim 1 wherein the workflow engine is logically connected to a web service.
  - 5. The system of claim 4 further comprising a secure web portal comprising an interface operable to implement a workflow using the workflow engine through a browser.
  - 6. The system of claim 1 further comprising one or more targets for encryption keys, connected to the workflow engine by a network, wherein the targets comprise components of the payment card industry.
  - 7. The system of claim 6 wherein the workflow engine is further operable to determine a hierarchy of each encryption key located at the one or more targets and report the hierarchy.
  - 8. The system of claim 7 wherein the data store comprises workflows for managing each step of the lifecycle of the encryption key.

9. A method for managing a lifecycle of an encryption key with a key management system, comprising the steps of:
- instantiating a workflow to generate an encryption key in response to a request;
  
  automatically generating the encryption key with the workflow;
  
  automatically transmitting the encryption key to a target; and
  
  continually maintaining the encryption key comprising an automated maintenance function.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9 wherein the step of automatically transmitting the encryption key to a target includes the step of receiving authorization to transmit the key.
  - 11. The method of claim 9 further comprising the step of archiving the encryption key.
  - 12. The method of claim 11 further comprising the step of archiving information comprising characteristics of the encryption key.
  - 13. The method of claim 9 further comprising the steps of:
    - instantiating a first workflow to maintain the encryption key; and
      
      instantiating a second workflow to destroy the encryption key, wherein instantiating the first workflow and instantiating the second workflow comprise an automatic response to a triggering event.
  - 14. The method of claim 13 wherein the triggering event comprises a pre-scheduled time.

15. A method for managing a lifecycle of an encryption key comprising the steps of:
- receiving an instruction to remove an existing encryption key from a target;
  
  automatically instantiating a workflow to replace the existing encryption key in response to the instruction;
  
  automatically generating a replacement encryption key by using the workflow;
  
  automatically transmitting the replacement encryption key to the target;
  
  automatically removing the existing encryption key from the target; and
  
  continually maintaining the encryption key comprising an automated maintenance function.
- View Dependent Claims (16, 17)
- - 16. The method of claim 15 wherein the step of automatically removing the existing encryption key from the target comprises overwriting the existing encryption key.
  - 17. The method of claim 15 wherein the instruction to remove the existing encryption key from the target comprises a security breach of the target and the workflow automatically identifies one or more existing keys affected by the security breach.

18. A system for managing a lifecycle of an encryption key used in the payment card industry comprising:
- a workflow engine operable to implement a workflow;
  
  a data store comprising a plurality of workflows logically connected to the workflow engine, wherein each of the plurality of workflows comprise one or more program files for automatically implementing one or more steps in the lifecycle of the encryption key;
  
  a secure workstation logically connected to the workflow engine and operable to implement a workflow using the workflow engine and further operable to enable data input during implementation of workflow; and
  
  one or more targets for encryption keys, connected to the workflow engine by a network.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18 wherein the secure workstation comprises a computer connected to a secure web portal.
  - 20. The system of claim 18 wherein at least one workflow is operable to transmit an encryption key to one of the targets.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Total System Services Incorporated (Global Payments Incorporated)
Original Assignee
Total System Services Incorporated (Global Payments Incorporated)
Inventors
Perkins, George S., Sway, Richard E.

Application Number

US11/821,692
Publication Number

US 20080319909A1
Time in Patent Office

Days
Field of Search
US Class Current

705/50
CPC Class Codes

G06Q 10/00   Administration; Management

H04L 63/068   using time-dependent keys, ...

H04L 67/02   based on web technology, e....

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

System and method for managing the lifecycle of encryption keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for managing the lifecycle of encryption keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links