CERTIFICATE POLICY MANAGEMENT TOOL

US 20120117608A1
Filed: 11/09/2010
Published: 05/10/2012
Est. Priority Date: 11/09/2010
Status: Abandoned Application

First Claim

Patent Images

1. A certificate policy management tool suite, comprising:

a plurality of PKI management components including;

at least one processor comprising;

a certificate policy parser;

a certificate policy creation engine;

a certificate policy query engine;

an audit engine; and

wherein the certificate policy parser, the certificate policy creation engine, the certificate policy query engine, and the audit engine interoperate to automate certificate policy creation, interpretation, assessment, and enforcement.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A certificate policy management tool (100) is provided which targets the automated creation of customized certificate policies and the management of these policies within a public key infrastructure (PKI). A certificate policy parser 108, a certificate policy creation engine (110), a policy query engine (112), and an audit engine (114) interoperate to automate certificate policy creation, interpretation, and enforcement.

34 Citations

View as Search Results

26 Claims

1. A certificate policy management tool suite, comprising:
- a plurality of PKI management components including;
  
  at least one processor comprising;
  
  a certificate policy parser;
  
  a certificate policy creation engine;
  
  a certificate policy query engine;
  
  an audit engine; and
  
  wherein the certificate policy parser, the certificate policy creation engine, the certificate policy query engine, and the audit engine interoperate to automate certificate policy creation, interpretation, assessment, and enforcement.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The certificate policy management tool suite of claim 1, wherein the certificate policy creation is customized based on user input to the certificate policy creation engine.
  - 3. The certificate policy management tool suite of claim 1, wherein the certificate policy parser reads in and parses standard certificate policies containing standard public safety options and constraints.
  - 4. The certificate policy management tool suite of claim 3, wherein the certificate policy creation engine determines allowable combinations of certificate policy options based on the user inputs and constraints contained within the standard certificate policies thereby generating organization-specific operational certificate policies.
  - 5. The certificate policy management tool suite of claim 4, wherein the certificate policy query engine generates a PKI management rule set in response to queries based on data obtained from the organization-specific operational certificate policies.
  - 6. The certificate policy management tool suite of claim 4, wherein the certificate policy query engine generates a PKI management rule set in response to changes in the organization-specific operational certificate policies.
  - 7. The certificate policy management tool suite of claim 1, wherein the audit engine compares first and second separate sets of certificate policies, and generates a report, identifying differences and incompatibilities.
  - 8. The certificate policy management tool suite of claim 7, wherein the audit engine audits the certificate policy management tool to verify whether the first and second separate sets of certificate policies conform to each other.
  - 9. The certificate policy management tool suite of claim 7, wherein the audit engine further generates rules that map the policies of the first certificate policy set to the policies of the second certificate policy set.
  - 10. The certificate policy management tool suite of claim 7, wherein the first set of certificate policies comprises external organization operational policies, and the second set of certificate polices comprises parsed standard certificate policies.
  - 11. The certificate policy management tool suite of claim 7, wherein the first set of certificate policies comprises external organization operational policies, and the second set of certificate polices comprises organization-specific operational certificate policies.

12. A method for managing certificate policies within a public key infrastructure (PKI):
- comprising;
  
  parsing standard certificate policies into combinations of certificate policy options meeting predetermined constraints;
  
  providing the certificate policy options as user selectable certificate policy options;
  
  creating customized certificate policies based on user selection of the selectable certificate policy options;
  
  generating a PKI management rule set with which to manage the PKI; and
  
  auditing the customized certificate policy to verify conformance with the predetermined constraints set by the standard certificate policies.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the steps of generating PKI management rule set is triggered by receiving a certificate policy query pertaining to the customized certificate policy or changes to the customized certificate policy.
  - 14. The method of claim 12, wherein the step of parsing standard certificate policies into combinations of certificate policy options meeting predetermined constraints comprises parsing a set of standard certificate policy creation rule text files.
  - 15. The method of claim 14, wherein the step of parsing standard certificate policies into combinations of certificate policy options meeting predetermined constraints further comprises:
    - modifying a policy creation rule database (PCRD) schema based on the policy creation rule text files.
  - 16. The method of claim 14, wherein the step of providing the certificate policy options as user selectable certificate policy options comprises:
    - populating content from the policy creation rule text files into the (PCRD).
  - 17. The method of claim 13, wherein the step of receiving a query pertaining to the customized certificate policy, comprises:
    - receiving application level policy related queries pertaining to the customized certificate policy; and
      
      generating one or more database queries based on the received queries.
  - 18. The method of claim 12, wherein the step of generating a rule set with which to manage the PKI, comprises:
    - retrieving certificate policy data from the customized certificate policy;
      
      creating a rule set based on the retrieved certificate policy data; and
      
      mapping the rule set into an application specific message.
  - 19. The method of claim 12, wherein the step of auditing further comprises:
    - generating an audit report indicating differences between external organization certificates operational policies, standard certificate policies and the customized certificate policies.

20. A certificate policy management tool suite having at least one processor operating to:
- create a certificate policy by;
  
  reading, by a certificate policy creation engine, a current set of certificate policy options from a certificate policy creation rules database (PCRD), the certificate policy engine and PCRD being used to manage a public key infrastructure (PKI);
  
  providing the current set of certificate options to a user;
  
  accepting user input in response to the current set of options;
  
  mapping user input to appropriate certificate policy options;
  
  storing the mapped certificate policy options;
  
  forming a next set of certificate policy options based on the user input and constraints defined in the PCRD; and
  
  iteratively repeating providing, accepting, mapping, storing, and forming until an acceptable set of options are formed thereby generating a customized certificate policy.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The certificate policy management tool suite having the at least one processor of claim 20, further operating to:
    - receive, at a policy query engine, application level certificate policy related queries pertaining to the customized certificate policy from other PKI components within the PKI;
      
      generate one or more database queries based on the received queries;
      
      retrieve certificate policy data from operational policy database in response to the one or more database queries;
      
      create a rule set based on the retrieved data and the requesting PM components; and
      
      map the rule set into an application specific response.
  - 22. The certificate policy management tool suite having the at least one processor of claim 21, further operating to:
    - detect, at a policy query engine, changes to the customized certificate policy;
      
      retrieve certificate policy data from the operational policy database;
      
      create a rule set based on the retrieved certificate policy data and the requesting PKI components; and
      
      map the rule set into an application specific message.
  - 23. The certificate policy management tool suite having the at least one processor of claim 21, wherein the application level policy related queries contain requests for PKI policy configuration data.
  - 24. The certificate policy management tool suite having the at least one processor of claim 21, wherein the application level policy related queries contain requests for certificate lifecycle management (CLM) operation approval.
  - 25. The certificate policy management tool suite having the at least one processor of claim 20, further operating to:
    - create the current set of certificate policy options by;
      
      parsing a set of standard certificate policy creation rule text files;
      
      modifying the PCRD database schema based on the certificate policy creation rule text file;
      
      populating the content of these files into the certificate policy creation rule database (PCRD); and
      
      creating metadata, defining a new schema which can be used by other PKI components.
  - 26. The certificate policy management tool suite having the at least one processor of claim 20, wherein the customized certificate policy comprises an organization-specific operational certificate policy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Motorola Solutions, Inc.
Original Assignee
Motorola, Inc. (Motorola Solutions, Inc.)
Inventors
Metke, Anthony R., Himawan, Erwin, Thomas, Shanthi E.

Application Number

US12/942,374
Publication Number

US 20120117608A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0823 using certificates cryptogr...

H04L 63/20 for managing network securi...

CERTIFICATE POLICY MANAGEMENT TOOL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

CERTIFICATE POLICY MANAGEMENT TOOL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links