SYSTEM AND METHODS FOR OPPORTUNISTIC CRYPTOGRAPHIC KEY MANAGEMENT ON AN ELECTRONIC DEVICE

US 20160352516A1
Filed: 10/27/2014
Published: 12/01/2016
Est. Priority Date: 10/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method for opportunistic cryptographic key management comprising:

on a first electronic device, generating a security capability score based on hardware capabilities, platform enabled capabilities, and qualitative capabilities of the first electronic device, wherein the security capability score is generated in part based on indirectly determined capabilities;

selecting a key management mode, comprising a generation mode and a storage mode, based on the security capability score, wherein the generation mode is one of an on-device generation mode, a cloud generation mode, and a second device generation mode, wherein the storage mode is one of a hardware security mode, a platform security mode, and a secured storage mode;

generating a cryptographic key based on the key management mode; and

storing the cryptographic key based on the key management mode.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.

31 Citations

View as Search Results

20 Claims

1. A method for opportunistic cryptographic key management comprising:
- on a first electronic device, generating a security capability score based on hardware capabilities, platform enabled capabilities, and qualitative capabilities of the first electronic device, wherein the security capability score is generated in part based on indirectly determined capabilities;
  
  selecting a key management mode, comprising a generation mode and a storage mode, based on the security capability score, wherein the generation mode is one of an on-device generation mode, a cloud generation mode, and a second device generation mode, wherein the storage mode is one of a hardware security mode, a platform security mode, and a secured storage mode;
  
  generating a cryptographic key based on the key management mode; and
  
  storing the cryptographic key based on the key management mode.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1, further comprising providing key access based on the key management mode.
  - 3. The method of claim 2, further comprising providing an administrator control panel;
    - wherein the administrator control panel can be used to modify key management parameters.

4. A method for opportunistic cryptographic key management comprising:
- on a first electronic device, generating a security capability assessment based on security capabilities of the first electronic device;
  
  selecting a key management mode based on the security capability assessment;
  
  generating a cryptographic key based on the key management mode; and
  
  storing the cryptographic key based on the key management mode.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 5. The method of claim 4, wherein the cryptographic key is a private key of an asymmetric key pair.
  - 6. The method of claim 4, wherein the security capabilities comprise at least one of hardware capabilities, platform enabled capabilities, qualitative capabilities, and secondary device capabilities.
  - 7. The method of claim 6, wherein the security capabilities comprise presence of a hardware security module.
  - 8. The method of claim 6, wherein the security capabilities comprise device processing speed.
  - 9. The method of claim 6, wherein at least some of the security capabilities are determined indirectly through use of a lookup database.
  - 10. The method of claim 6, wherein generating a security capability assessment comprises generating a security capability score based on a scoring metric.
  - 11. The method of claim 10, wherein generating a cryptographic key comprises determining that the security capability score is above a threshold before generating the cryptographic key.
  - 12. The method of claim 4, wherein selecting a key management mode comprises selecting a generation mode from a set of modes comprising an on-device generation mode, a cloud generation mode, and a second device generation mode.
  - 13. The method of claim 4, wherein selecting a key management mode comprises selecting a storage mode from a set of modes comprising a hardware security mode, a platform security mode, and a secured storage mode.
  - 14. The method of claim 4, wherein generating a security capability assessment further comprises determining that a device has a hardware random number generation source.
  - 15. The method of claim 14, wherein generating a cryptographic key comprises generating a random number using the hardware random number generation source and generating the cryptographic key based on the random number.
  - 16. The method of claim 4, wherein generating a cryptographic key based on the key management mode.
  - 17. The method of claim 4, further comprising providing key access, wherein providing key access comprises enabling key access through use of an authentication method gate.
  - 18. The method of claim 17, wherein the authentication method gate requires use of a decoupled operating system.
  - 19. The method of claim 4, further comprising enforcing key policies based on security measures.
  - 20. The method of claim 4, further comprising providing an administrator control panel, wherein the administrator control panel enables modification of the key management mode.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Duo Security Incorporated (Cisco Systems, Inc.)
Inventors
Oberheide, Jon, Song, Douglas

Granted Patent

US 9,774,448 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 9/0861   Generation of secret inform...

H04L 9/0869   involving random numbers or...

H04L 9/0877   using additional device, e....

H04L 9/0897   involving additional device...

SYSTEM AND METHODS FOR OPPORTUNISTIC CRYPTOGRAPHIC KEY MANAGEMENT ON AN ELECTRONIC DEVICE

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SYSTEM AND METHODS FOR OPPORTUNISTIC CRYPTOGRAPHIC KEY MANAGEMENT ON AN ELECTRONIC DEVICE

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others