Method and System for Identifying and Managing Keys

US 20090092252A1
Filed: 04/14/2008
Published: 04/09/2009
Est. Priority Date: 04/12/2007
Status: Abandoned Application

First Claim

Patent Images

1. A method of controlling use of an encryption key, wherein the encryption key resides in one or more key management servers in a key management system, the method comprising:

disabling the encryption key, wherein the disabling comprises;

deleting the encryption key from all cryptographic units; and

isolating the encryption key within the key management servers in the key management system, wherein isolating the encryption key comprises barring all access to the disabled encryption key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for managing encryption keys, wherein one of more of they keys incorporates a disabled state, and wherein the system further incorporates a namespace.

291 Citations

22 Claims

1. A method of controlling use of an encryption key, wherein the encryption key resides in one or more key management servers in a key management system, the method comprising:
- disabling the encryption key, wherein the disabling comprises;
  
  deleting the encryption key from all cryptographic units; and
  
  isolating the encryption key within the key management servers in the key management system, wherein isolating the encryption key comprises barring all access to the disabled encryption key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, further comprising:
    - determining whether the encryption key can be returned to a usable state, wherein the determining is performed by a user with appropriate credentials; and
      
      if the encryption key can be activated, activating the encryption key for use by the cryptographic units by restoring the key to a usable state.
  - 3. The method of claim 2, wherein a user with appropriate credentials comprises a key administrator or manager.
  - 4. The method of claim 2, wherein a usable state comprises any state higher than the disabled state.
  - 5. The method of claim 2, wherein a user with appropriate credentials is authorized to determine whether a disabled key can be activated with respect to a security policy associated with the encryption key.
  - 6. The method of claim 1, further comprising:
    - splitting the disabled key into two or more component shares, andstoring each component share, wherein rights to each component share are given to an administrator or manager, wherein no administrator or manager has rights to more than one component share.
  - 7. The method of claim 6, further comprising:
    - determining whether the encryption key can be returned to a usable state, wherein the determining is performed by a user with appropriate credentials; and
      
      restoring the encryption key to a usable state, wherein restoring the encryption key comprises restoring two or more of the component shares.
  - 9. The method of claim 6, wherein the prefix is “
    - km”
      
      or “
      
      kms”
      
      .
  - 10. The method of claim 6, wherein the realm element comprises a name of a zone of authority within the key management system.
  - 11. The method of claim 6, wherein the object element comprises an object space including any key under the control of the key management system.
  - 12. The method of claim 11, wherein the object space is named one of “
    - key”
      
      , “
      
      policy”
      
      , “
      
      client”
      
      , “
      
      group”
      
      , “
      
      pool”
      
      , “
      
      set”
      
      , “
      
      log”
      
      , “
      
      session”
      
      , or “
      
      .domain”
      
      .
  - 13. The method of claim 6, wherein the object element comprises an object space including one of any key management policy, client, group, pool, set, log, or session.
  - 14. The method of claim 6, wherein the object element comprises an object space reserved for the DNS domain.
  - 15. The method of claim 6, wherein the path element comprises a multi-element path.
  - 16. The method of claim 15, wherein the multi-element path defines a common default access control for the object.
  - 17. The method of claim 6, wherein mapping comprises using KMSS or KMCS.
  - 18. The method of claim 6, further comprising:
    - storing the object on one or more cryptographic units in the key management system.
  - 19. The method of claim 6, further comprising:
    - storing the object on one or more KM Clients in the key management system.
  - 20. The method of claim 6, further comprising:
    - distributing the object to one or more KM Clients in the key management system.

8. A method of identifying an object within a key management system, the method comprising:
- creating a GUID for the object, wherein the GUID is represented by a URI, the URI comprising a prefix, a realm element, an object element, and a path element;
  
  mapping the URI to one or more key management servers in the key management system; and
  
  storing the object on the one or more key management servers in the key management system.

21. A method of retrieving an object within a key management system, the method comprising:
- receiving a URI for the object;
  
  mapping the URI to one or more key management servers in the key management system; and
  
  retrieving the object from one of the one or more key management servers in the key management system.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein mapping comprises using KMSS or KMCS.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
nCipher Corporation Limited (Thales SA)
Original Assignee
nCipher Corporation Limited (Thales SA)
Inventors
Lockhart, Robert Adrian, Noll, Landon Curt

Application Number

US12/102,853
Publication Number

US 20090092252A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

H04L 63/06   for supporting key manageme...

H04L 9/083   involving central third par...

H04L 9/0891   Revocation or update of sec...

Method and System for Identifying and Managing Keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

291 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and System for Identifying and Managing Keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

291 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links