SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM

US 20090077371A1
Filed: 09/11/2008
Published: 03/19/2009
Est. Priority Date: 09/14/2007
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method for generating and sending a cryptographic key, comprising:

receiving from a server-based application a request to generate and send the cryptographic key to a client device, the request sent in a template format that includes a plurality of parameters for generating a key pair from which the cryptographic key is obtained;

executing a template for generating the key pair within a security boundary, the template comprising pre-defined data including a generation algorithm, a key size, and a plurality of key generation attributes; and

retrieving a private key in an unencrypted form from the generated key pair to be sent as the cryptographic key to the client device specified by at least one of the parameters.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An encryption management system provides a solution for embedded system device authentication, secure server-to-device communications, and encryption key management. It reduces implementation times and costs associated with using cryptography for authentication and data privacy with embedded systems applications by freeing application developers from having to develop, manage, or update security-based features in their server-based applications. The template-based approach of the system provides highly customable and accessible security functionalities. To utilize services provided by the encryption management system in some embodiments, calling applications provide input parameters and function calls in the form of a template at runtime, and the output in the form of encrypted and secured messages are either sent to the client devices automatically or returned to the calling applications. As such, security functionalities and objects, though segregated in the encryption management system to provide enhanced protection, can still be easily accessed and can be updated without recompiling the calling applications.

36 Citations

View as Search Results

26 Claims

1. A computer-implemented method for generating and sending a cryptographic key, comprising:
- receiving from a server-based application a request to generate and send the cryptographic key to a client device, the request sent in a template format that includes a plurality of parameters for generating a key pair from which the cryptographic key is obtained;
  
  executing a template for generating the key pair within a security boundary, the template comprising pre-defined data including a generation algorithm, a key size, and a plurality of key generation attributes; and
  
  retrieving a private key in an unencrypted form from the generated key pair to be sent as the cryptographic key to the client device specified by at least one of the parameters.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the parameters further comprise:
    - prefix data to the private key to be sent to the client device; and
      
      postfix data to the private key to be sent to the client device.
  - 3. The method of claim 2, further comprising:
    - combining the prefix data, the private key, and the postfix data to create a message block;
      
      applying a secure channel algorithm encipherment associated with the client device to the message block to create a secured message block; and
      
      sending the secured message block to the client device.
  - 4. A computer-readable medium having stored thereon executable code which, when executed by an encryption management system, causes the encryption management system to perform the method of claim 1.
  - 5. A computer system programmed to perform the method of claim 1.

6. A computer-implemented method for applying cryptographic functions to a message, the method comprising:
- receiving a message and a plurality of parameters in a template format from an application server;
  
  applying a template to the message, the template comprising a transform element, the transform element specifying a list of functions among which is at least one cryptographic function that applies cryptographic processing to the message; and
  
  outputting the cryptographically processed message.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 7. The method of claim 6 wherein the outputting comprises sending the cryptographically processed message to one or more client devices specified by one of the parameters.
  - 8. The method of claim 7 wherein the sending further comprises processing the cryptographically processed message in a secure channel algorithm.
  - 9. The method of claim 6 wherein the outputting further comprises sending the cryptographically processed message to a peer application.
  - 10. The method of claim 6 wherein the outputting further comprises returning the cryptographically processed message to the application server.
  - 11. The method of claim 6 wherein the functions comprise a generate key function.
  - 12. The method of claim 6 wherein the functions comprise a wrap key function.
  - 13. The method of claim 6 wherein the template further comprises one or more of a template name, an internal variable, an output variable, or a custom function.
  - 14. The method of claim 13 wherein an internal variable carries the output of a function to the input of another function.
  - 15. The method of claim 6 wherein the template is preloaded in binary form onto a secure object database.
  - 16. An encryption management system configured to perform the method of claim 6.
  - 17. A computer-readable medium having stored thereon executable code which, when executed by an encryption management system, causes the encryption management system to perform the method of claim 6.
  - 18. A computer system programmed to perform the method of claim 6.

19. A encryption management system for applying cryptographic functions to a message, the encryption management system comprising:
- a secure object database for storing a plurality of keys and objects; and
  
  a template engine that causes a template to be applied, within a security boundary, to data from a calling application to create a cryptographically processed output message,wherein the template uses the keys and objects stored in the secure object database, andwherein the template allows cryptographic functions to be accessed by the calling application through a consistent application programming interface.
- View Dependent Claims (20, 21, 22)
- - 20. The encryption management system of claim 19 further comprises a secure channel engine for processing the output message before it is sent to a client device specified by the calling application.
  - 21. The encryption management system of claim 19, wherein at least one of the functions in the application programming interface accepts as input a variable number of parameters.
  - 22. The encryption management system of claim 19, wherein the template engine applies functions specified in the template to external parameter data, literal data, or data output from an internal template function.

23. A computer-implemented method for enchiphering and sending a cryptographic key, comprising:
- receiving a request from a server application, the request being in a template format and including a plurality of parameters for enchiphering the cryptographic key; and
  
  responding to the request by at least;
  
  selecting a enchiphering key from a secure object database;
  
  selecting a target key to be enchiphered;
  
  applying a standard or custom cryptographic enchiphering algorithm to the target key using the enchiphering key;
  
  concatenating additional message data defined in the template to the enchiphered key to create an output message;
  
  applying a secure channel algorithm encipherment to the output message containing enchiphered key; and
  
  sending secured message to a client device specified by at least one of the parameters.

24. A method for encrypting product design data sent to workstations in a manufacturing line, comprising:
- constructing a template in response to a request to invoke the template from a workstation in the manufacturing line, the request including non-sensitive data used in the manufacturing a product device;
  
  executing the template to generate a unique image, the unique image comprising product design data used to program the product device;
  
  embedding a cryptographic keyset into the unique image;
  
  encrypting the unique image with a key associated with the product device; and
  
  sending the encrypted unique image to the workstation.

25. A method for encrypting media content distributed over a network, comprising:
- receiving a request to invoke a template from a media server that has received a request for media content from a requesting device, the request comprising an authorization to distribute the media content and the media content;
  
  executing the template, the executing further comprising;
  
  encrypting the media content with a keyset; and
  
  enchiphering the keyset with a unique key associated with the requesting device;
  
  sending the encrypted media content to the requesting device; and
  
  sending the enchiphered keyset to the requesting device to enable the requesting device to decrypt the encrypted media content.
- View Dependent Claims (26)
- - 26. The method of claim 25 wherein the keyset is retrieved from a secure object database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Valicore Technologies, Inc.
Original Assignee
Valicore Technologies, Inc.
Inventors
Dorsey, Jason James, McKee, Dean Edward, Vance, Joachim Patrick, Schetina, Erik Scott, Powell, Gregory Alan

Application Number

US12/209,033
Publication Number

US 20090077371A1
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

H04L 2209/60 Digital content management,...

H04L 9/083 involving central third par...

SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

36 Citations

26 Claims

Specification

Use Cases

Quick Links

Others

SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

36 Citations

26 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others