Method and apparatus for centralizing processing of key and certificate life cycle management

US 6,055,636 A
Filed: 01/27/1998
Issued: 04/25/2000
Est. Priority Date: 01/27/1998
Status: Expired due to Term

First Claim

Patent Images

1. A method for centralized processing of key and certificate life cycle management, the method comprises the steps of:

a) detecting security activation;

b) when the security activation is detected, accessing a repository of security information to retrieve relevant security information;

c) interpreting the relevant security information to determine when local security parameters have been identified to be changed;

d) when the local security parameters have been identified to be changed, updating the local security parameters to produce updated local security parameters;

e) receiving access requests from a plurality of software applications, wherein the access requests are each requesting that data created via a corresponding one of the plurality of software applications be secured; and

f) securing the data based on one of the local security parameters and the updated local security parameters.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for centralizing the processing of key and certificate life-cycle management is accomplished when security activation of a communication device has been detected. Security activation may occur at log-on of the secure communication device (e.g., a personal computer equipped with a security application, or applications), at activation of a security application, or at re-authentication of a security application. Once the security activation has been detected, the secured communication device accesses a depository of security information to retrieve relevant security information. The secured communication device then interprets the relevant security information to determine when local security parameters are to be changed. When local security parameters (e.g., encryption key pair, a corresponding encryption public key certificate, a signing key pair, and/or a corresponding verification public key certificate) are to be changed, the local security parameters are updated. Having done this, the secured communication device is then receptive to receiving access requests from a plurality of software applications. The access requests are each requesting that data created by a corresponding one of the plurality of software application be secured via the security application. In response to the request, the data is secured based on either the updated local security parameters or the existing local security parameters.

73 Citations

View as Search Results

26 Claims

1. A method for centralized processing of key and certificate life cycle management, the method comprises the steps of:
- a) detecting security activation;
  
  b) when the security activation is detected, accessing a repository of security information to retrieve relevant security information;
  
  c) interpreting the relevant security information to determine when local security parameters have been identified to be changed;
  
  d) when the local security parameters have been identified to be changed, updating the local security parameters to produce updated local security parameters;
  
  e) receiving access requests from a plurality of software applications, wherein the access requests are each requesting that data created via a corresponding one of the plurality of software applications be secured; and
  
  f) securing the data based on one of the local security parameters and the updated local security parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1 further comprises, within step (f),securing, by a first process, data generated by software applications in a first set of the plurality of software applications, wherein the first set of the plurality of applications interfaces with the first process via a first application programmatic interface;
    - andsecuring, by a second process, data generated by software applications in a second set of the plurality of software applications, wherein the second set of the plurality of software applications interfaces with the second process via a second application programmatic interface, wherein the first and second security processes utilize the local security parameters or the updated local security parameters to secure the data.
  - 3. The method of claim 2 further comprises:
    - securing, by the first process, the data generated by the software applications in the first set based on a first cryptographic service;
      
      securing, by the second process, the data generated by the software applications in the second set based on a second cryptographic service, wherein the first and second processes obtain the local security parameters on a read-only basis.
  - 4. The method of claim 3 further comprises:
    - monitoring the repository of security information for a change to the relevant security information;
      
      when the change is detected, retrieving at least a changed portion of the relevant security information;
      
      updating the local security parameters with the at a changed portion of the relevant security information.
  - 5. The method of claim 4 further comprises requesting, by the first process, notification of the updating of the local security parameters.
  - 6. The method of claim 1 further comprises, within step c), interpreting at least one of an encryption key pair, a corresponding encryption public key certificate, a signing key pair, and a corresponding verification public key certificate as the local security parameters.
  - 7. The method of claim 6 further comprises identifying the change to be at least one of:
    - i) key recovery of the encryption key pair,ii) expiration of the encryption key pair, the signing key pair, the encryption public key certificate, or the corresponding verification public key certificate;
      
      iii) revocation of the encryption key pair or the signing key pair;
      
      iv) re-issue of the encryption public key certificate or the verification public key certificate; and
      
      v) creation of the encryption key pair or the signing key pair.
  - 8. The method of claim 1 further comprises, within step c), interpreting at least one of verification public key certificate of a certification authority, administrative function, and security policy information as the local security parameters.
  - 9. The method of claim 1 further comprises, within step (a), detecting the security activation as at least one of:
    - log-on of a computing device, log-on to a security application, and re-authentication of the security application.
  - 10. The method of claim 9 further comprises, within step (b), accessing at least one of:
    - the computing device, a managerial entity, a certification authority, an administrative entity, and directory as the repository of security information.

11. A method for centralized processing of key and certificate life cycle management, the method comprises the steps of:
- a) detecting security activation;
  
  b) when the security activation is detected, obtaining relevant security information;
  
  c) updating local security parameters with at least a portion of the relevant security information to produce updated local security parameters;
  
  d) receiving access requests from a plurality of software applications, wherein the access requests are each requesting that data created via a corresponding one of the plurality of software applications be secured; and
  
  e) securing the data based on the updated local security parameters.
- View Dependent Claims (12, 13, 14)
- - 12. The method of claim 11 further comprises, within step (b), obtain the relevant security information by at least one of retrieval from a repository, creating the relevant security information, and determining the relevant security information from a plurality of security parameters based on received security selection inputs.
  - 13. The method of claim 11 further comprises, within step (e),securing, by a first process, data generated by software applications in a first set of the plurality of software applications, wherein the first set of the plurality of applications interfaces with the first process via a first application programmatic interface;
    - andsecuring, by a second process, data generated by software applications in a second set of the plurality of software applications, wherein the second set of the plurality of software applications interfaces with the second process via a second application programmatic interface, wherein the first and second security processes utilize the local security parameters or the updated local security parameters to secure the data.
  - 14. The method of claim 11 further comprises, within step (a), detecting the security activation as at least one of log-on of a computing device, log-on to a security application, and re-authentication of the security application.

15. A secure communication device that includes key and certificate life cycle management, the secure communication device comprises:
- security activation module operably coupled to detect security activation of the secure communication device;
  
  security parameter module operably coupled to the security activation module, wherein the security parameter module obtains relevant security information of the secure communication device when the security activation is detected, and wherein the security parameters module updates local security information based on the relevant security information;
  
  security service provider module operably coupled to the security parameter module; and
  
  application programmatic interface operably coupled to the security service provider module and a plurality of software applications, wherein, when one of the plurality of software applications has data to be secured, the application programmatic interface operably couples the one of the plurality of software applications with the security service provider module, and wherein the security service provider module secures the data based on the local security parameters.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The secure communication device of claim 15 further comprises:
    - the application programmatic interface including a first application programmatic interface and a second application programmatic interface;
      
      the security service provider module including a first secure processing module and a second secure processing module, wherein the first application programmatic interface operably couples a first set of the plurality of software applications to the first secure processing module and the second application programmatic interface operably couples a second set of the plurality of software applications to the second secure processing module, and wherein the first and second processing modules utilize the local security parameters to secure data of the first and second sets of the plurality of software applications, respectively.
  - 17. The secure communication device of claim 15 further comprises the local security information including at least one of:
    - an encryption key pair, a corresponding encryption public key certificate, a signing key pair, and a corresponding verification public key certificate.
  - 18. The secure communication device of claim 17 further comprises the security parameter module updating the local security information based on at least one ofi) key recovery of the encryption key pair,ii) expiration of the encryption key pair, the signing key pair, the encryption public key certificate, or the corresponding verification public key certificate;
    - iii) revocation of the encryption key pair or the signing key pair;
      
      iv) re-issue of the encryption public key certificate or the verification public key certificate; and
      
      v) creation of the encryption key pair or the signing key pair.
  - 19. The secure communication device of claim 15 further comprises, within the security parameter module, an interface that interfaces with a repository of security information.
  - 20. The secure communication device of claim 15 further comprises, within the security parameter module, an input module that receives input commands that select the relevant secure information from a plurality of security parameters.

21. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to centralize processing of key and certificate life cycle management, the digital storage medium comprises:
- first storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to detect security activation;
  
  second storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to access a repository of security information to retrieve relevant security information when the security activation is detected;
  
  third storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to interpret the relevant security information to determine when local security parameters have been identified to be changed;
  
  fourth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to update the local security parameters to produce updated local security parameters when the local security parameters have been identified to be changed;
  
  fifth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive access requests from a plurality of software applications, wherein the access requests are each requesting that data created via a corresponding one of the plurality of software applications be secured; and
  
  sixth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to secure the data based on one of;
  
  the local security parameters and the updated local security parameters.
- View Dependent Claims (22, 23, 26)
- - 22. The digital storage medium of claim 21 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - secure, by a first process, data generated by software applications in a first set of the plurality of software applications, wherein the first set of the plurality of applications interfaces with the first process via a first application programmatic interface; and
      
      secure, by a second process, data generated by software applications in a second set of the plurality of software applications, wherein the second set of the plurality of software applications interfaces with the second process via a second application programmatic interface, wherein the first and second security processes utilize the local security parameters or the updated local security parameters to secure the data.
  - 23. The digital storage medium of claim 21 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - monitor the repository of security information for a change to the relevant security information;
      
      retrieve at least a changed portion of the relevant security information when the change is detected, andupdate the local security parameters with the at a changed portion of the relevant security information.
  - 26. The digital storage medium of claim 21 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to:
    - secure, by a first process, data generated by software applications in a first set of the plurality of software applications, wherein the first set of the plurality of applications interfaces with the first process via a first application programmatic interface; and
      
      secure, by a second process, data generated by software applications in a second set of the plurality of software applications, wherein the second set of the plurality of software applications interfaces with the second process via a second application programmatic interface, wherein the first and second security processes utilize the local security parameters or the updated local security parameters to secure the data.

24. A digital storage medium for storing programming instructions that, when read by a processing unit, causes the processing unit to centralize processing of key and certificate life cycle management, the digital storage medium comprises:
- first storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to detecting security activation;
  
  second storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain relevant security information when the security activation is detected;
  
  third storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to update local security parameters with at least a portion of the relevant security information to produce updated local security parameters;
  
  fourth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to receive access requests from a plurality of software applications, wherein the access requests are each requesting that data created via a corresponding one of the plurality of software applications be secured; and
  
  fifth storage means for storing programming instructions that, when read by the processing unit, causes the processing unit to secure the data based on the updated local security parameters.
- View Dependent Claims (25)
- - 25. The digital storage medium of claim 24 further comprises means for storing programming instructions that, when read by the processing unit, causes the processing unit to obtain the relevant security information by at least one of:
    - retrieval from a repository, creating the relevant security information, and determining the relevant security information from a plurality of security parameters based on received security selection inputs.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entnist Technologies Limited, Entrust Incorporated (Entrust Corp.)
Original Assignee
Entrust Technologies Limited
Inventors
Hillier, Stephen William, Dilkie, Ramon Jonathan Lee, Rosenquist, Gerrard Eric
Primary Examiner(s)
Sheikh, Ayaz R.
Assistant Examiner(s)
PANCHOLI, JIGAR K

Application Number

US09/013,875
Time in Patent Office

819 Days
Field of Search

713/200, 713/201
US Class Current

726/34
CPC Class Codes

G06F 21/31 User authentication

G06F 2211/008 Public Key, Asymmetric Key,...

Method and apparatus for centralizing processing of key and certificate life cycle management

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for centralizing processing of key and certificate life cycle management

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links