USING A PKCS MODULE FOR OPENING MULTIPLE DATABASES

US 20110131407A1
Filed: 11/30/2009
Published: 06/02/2011
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by a client computing system programmed to perform the following, comprising:

obtaining, by the client computing system, load data that identifies a first database storing security data to be opened;

determining, by the client computing system, that a public key cryptography standard (PKCS)-based module for opening the first database is already initialized, wherein the PKCS-based module is already initialized from previously opening a second database; and

causing, by the client computing system, the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security initialization system obtains load data that identifies a first database storing security data to be opened. The initialization system determines that a PKCS-based module for opening the first database is already initialized, where the PKCS-based module is already initialized from previously opening a second database. The initialization system causes the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.

Citations

20 Claims

1. A method, implemented by a client computing system programmed to perform the following, comprising:
- obtaining, by the client computing system, load data that identifies a first database storing security data to be opened;
  
  determining, by the client computing system, that a public key cryptography standard (PKCS)-based module for opening the first database is already initialized, wherein the PKCS-based module is already initialized from previously opening a second database; and
  
  causing, by the client computing system, the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the PKCS-based module is a PKCS #11-based module.
  - 3. The method of claim 1, wherein the load data is based on user-configurable policy information.
  - 4. The method of claim 3, wherein the user-configurable policy information is stored in a lightweight database base access protocol (LDAP)-based database.
  - 5. The method of claim 3, wherein the user-configurable policy information identifies a database to be opened based on at least one of:
    - server type, application type, application name, and user.
  - 6. The method of claim 1, wherein the load data includes a name of the database to be opened, a location of the database, and an access type for the database.
  - 7. The method of claim 1, wherein obtaining the load data comprises:
    - receiving an initialization request to access security data stored in a database;
      
      opening a system database in response to receiving the initialization request, wherein the system database identifies a module database interface;
      
      causing the module database interface to access user-configurable policy information stored in an LDAP-based database; and
      
      obtaining the load data for opening the database from the module database interface.
  - 8. The method of claim 7, wherein the initialization request is received from one of:
    - a web browsing application, a cryptography application, and an email application.
  - 9. The method of claim 1, wherein determining that the PKCS-based module is already initialized comprises:
    - attempting to initialize the PKCS-based module; and
      
      receiving an error code indicating that the PKCS-based module is already initialized.
  - 10. The method of claim 1, wherein the PKCS-based module is a soft-token module for opening a database storing the security data.
  - 11. The method of claim 1, wherein the PKCS-based module is a Privacy Enhanced Mail (PEM) module for opening a database storing a PEM file.
  - 12. The method of claim 1, wherein the security data comprises at least one of:
    - a key, a certificate, and a Privacy Enhanced Mail (PEM) file.

13. A system comprising:
- a persistent storage unit to store load data that identifies a first database to be opened for accessing security data; and
  
  a client coupled to the persistent storage unit to determine that a public key cryptography standard (PKCS)-based module for opening the first database is already initialized, wherein the PKCS-based module is already initialized from previously opening a second database, and to cause the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining the PKCS-based module is already initialized.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the PKCS-based module is a PKCS #11-based module.
  - 15. The system of claim 13, wherein the load data is based on user-configurable policy information.
  - 16. The system of claim 13, wherein the user-configurable policy information is stored in a lightweight data access protocol (LDAP)-based database.
  - 17. The system of claim 15, wherein the user-configurable policy information identifies a database to be opened based on at least one of:
    - server type, application type, application name, and user.
  - 18. The system of claim 13, wherein the load data includes a name of the database to be opened, a location of the database, and an access type for the database.
  - 19. The system of claim 13, wherein the security data comprises at least one of:
    - a key, a certificate, and a Privacy Enhanced Mail (PEM) file.

20. A computer-readable storage medium including instructions that, when executed by a computer system, cause the computer system to perform a set of operations comprising:
- obtaining load data that identifies a first database storing security data to be opened;
  
  determining that a public key cryptography standard (PKCS) #11-based module for opening the first database is already initialized, wherein the PKCS-based module is already initialized from previously opening a second database; and
  
  causing the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert

Granted Patent

US 8,909,916 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/152
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/168   above the transport layer

H04L 9/30   Public key, i.e. encryption...

USING A PKCS MODULE FOR OPENING MULTIPLE DATABASES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USING A PKCS MODULE FOR OPENING MULTIPLE DATABASES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links