Extending credential type to group key management interoperability protocol (KMIP) clients
First Claim
Patent Images
1. A method for processing device type information certificate authentication process, comprising:
- receiving a client request for key material, the client request including a client-side certificate and a custom credential;
using the client-side certificate to authenticate the client;
using the custom credential to identify the client and determine whether key material for the client has been provisioned;
serving the key material to the client if the client has been identified by the custom credential and the key material for the client has been provisioned.
1 Assignment
0 Petitions
Accused Products
Abstract
A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.
-
Citations
25 Claims
-
1. A method for processing device type information certificate authentication process, comprising:
-
receiving a client request for key material, the client request including a client-side certificate and a custom credential; using the client-side certificate to authenticate the client; using the custom credential to identify the client and determine whether key material for the client has been provisioned; serving the key material to the client if the client has been identified by the custom credential and the key material for the client has been provisioned. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. Apparatus, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; receiving a client request for key material, the client request including a client-side certificate and a custom credential; using the client-side certificate to authenticate the client; using the custom credential to identify the client and determine whether key material for the client has been provisioned; serving the key material to the client if the client has been identified by the custom credential and the key material for the client has been provisioned. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 24)
-
-
17. A computer program product in a computer readable medium for use in a data processing system, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
receiving a client request for key material, the client request including a client-side certificate and a custom credential; using the client-side certificate to authenticate the client; using the custom credential to identify the client and determine whether key material for the client has been provisioned; serving the key material to the client if the client has been identified by the custom credential and the key material for the client has been provisioned. - View Dependent Claims (18, 19, 20, 21, 22, 23)
-
-
25. Client apparatus, comprising:
-
a processor; computer memory storing computer program instructions executed by the processor to generate and serve to a key management server apparatus a request including a request header, the request header including an extended credential that encodes information sufficient to enable the key management server apparatus to associate the request to pre-provisioned key material for one of;
a particular device, and a device group.
-
Specification