SYSTEMS AND METHODS FOR A TEMPLATE-BASED ENCRYPTION MANAGEMENT SYSTEM
First Claim
1. A computer-implemented method for generating and sending a cryptographic key, comprising:
- receiving from a server-based application a request to generate and send the cryptographic key to a client device, the request sent in a template format that includes a plurality of parameters for generating a key pair from which the cryptographic key is obtained;
executing a template for generating the key pair within a security boundary, the template comprising pre-defined data including a generation algorithm, a key size, and a plurality of key generation attributes; and
retrieving a private key in an unencrypted form from the generated key pair to be sent as the cryptographic key to the client device specified by at least one of the parameters.
1 Assignment
0 Petitions
Accused Products
Abstract
An encryption management system provides a solution for embedded system device authentication, secure server-to-device communications, and encryption key management. It reduces implementation times and costs associated with using cryptography for authentication and data privacy with embedded systems applications by freeing application developers from having to develop, manage, or update security-based features in their server-based applications. The template-based approach of the system provides highly customable and accessible security functionalities. To utilize services provided by the encryption management system in some embodiments, calling applications provide input parameters and function calls in the form of a template at runtime, and the output in the form of encrypted and secured messages are either sent to the client devices automatically or returned to the calling applications. As such, security functionalities and objects, though segregated in the encryption management system to provide enhanced protection, can still be easily accessed and can be updated without recompiling the calling applications.
36 Citations
26 Claims
-
1. A computer-implemented method for generating and sending a cryptographic key, comprising:
-
receiving from a server-based application a request to generate and send the cryptographic key to a client device, the request sent in a template format that includes a plurality of parameters for generating a key pair from which the cryptographic key is obtained; executing a template for generating the key pair within a security boundary, the template comprising pre-defined data including a generation algorithm, a key size, and a plurality of key generation attributes; and retrieving a private key in an unencrypted form from the generated key pair to be sent as the cryptographic key to the client device specified by at least one of the parameters. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer-implemented method for applying cryptographic functions to a message, the method comprising:
-
receiving a message and a plurality of parameters in a template format from an application server; applying a template to the message, the template comprising a transform element, the transform element specifying a list of functions among which is at least one cryptographic function that applies cryptographic processing to the message; and outputting the cryptographically processed message. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A encryption management system for applying cryptographic functions to a message, the encryption management system comprising:
-
a secure object database for storing a plurality of keys and objects; and a template engine that causes a template to be applied, within a security boundary, to data from a calling application to create a cryptographically processed output message, wherein the template uses the keys and objects stored in the secure object database, and wherein the template allows cryptographic functions to be accessed by the calling application through a consistent application programming interface. - View Dependent Claims (20, 21, 22)
-
-
23. A computer-implemented method for enchiphering and sending a cryptographic key, comprising:
-
receiving a request from a server application, the request being in a template format and including a plurality of parameters for enchiphering the cryptographic key; and responding to the request by at least; selecting a enchiphering key from a secure object database; selecting a target key to be enchiphered; applying a standard or custom cryptographic enchiphering algorithm to the target key using the enchiphering key; concatenating additional message data defined in the template to the enchiphered key to create an output message; applying a secure channel algorithm encipherment to the output message containing enchiphered key; and sending secured message to a client device specified by at least one of the parameters.
-
-
24. A method for encrypting product design data sent to workstations in a manufacturing line, comprising:
-
constructing a template in response to a request to invoke the template from a workstation in the manufacturing line, the request including non-sensitive data used in the manufacturing a product device; executing the template to generate a unique image, the unique image comprising product design data used to program the product device; embedding a cryptographic keyset into the unique image; encrypting the unique image with a key associated with the product device; and sending the encrypted unique image to the workstation.
-
-
25. A method for encrypting media content distributed over a network, comprising:
-
receiving a request to invoke a template from a media server that has received a request for media content from a requesting device, the request comprising an authorization to distribute the media content and the media content; executing the template, the executing further comprising; encrypting the media content with a keyset; and enchiphering the keyset with a unique key associated with the requesting device; sending the encrypted media content to the requesting device; and sending the enchiphered keyset to the requesting device to enable the requesting device to decrypt the encrypted media content. - View Dependent Claims (26)
-
Specification