Systems and methods for management and auto-generation of encryption keys

US 7,822,206 B2
Filed: 10/26/2006
Issued: 10/26/2010
Est. Priority Date: 10/26/2006
Status: Expired due to Fees

First Claim

Patent Images

1. An encryption key management system, comprising:

a key manager to determine when an application program requesting one or more keys is authorized to receive the one or more keys and to produce a map of the one or more keys, wherein the key manager is responsive to a request from the application program for all keys in a key set or a key set group to produce a map of all keys in the key set or the key set group, respectively, and the key manager is responsive to a request for latest versions of keys in the key set or key set group to produce a map of the latest versions of keys in the key set or the key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event, wherein the key manager is to determine whether the application program is within a scope specified for the key set, the scope being the scope of authorized access to the key set, wherein determining whether the application program is within the scope specified for the key set comprises determining whether the application program is associated with a grouping that is associated with the key set;

a key scheduler to schedule at least one key generation event at a pre-determinable time;

a key generator to generate at least one key of the one or more keys at a scheduled key generation event wherein keys generated by the key generator are associated with a key set and a key set group and wherein the key set comprises one or more keys and the key set group comprises one or more key sets; and

a key store comprising memory to store the at least one key along with attributes of the at least one key so that each key is associated with a set of attributes of the key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods and media for managing and generating encryption keys are disclosed. In one embodiment, a processor executes encryption key processing computer code to receive requests for keys from an application program. The processor determines whether the requesting application program executes on a node or server that is within the scope of machines authorized to receive the requested keys. If authorized, the processor produces a key map and sends the key map to the application program, enabling the application program to access one or more keys in the key map. The keys are updated automatically according to a specifiable schedule.

Citations

20 Claims

1. An encryption key management system, comprising:
- a key manager to determine when an application program requesting one or more keys is authorized to receive the one or more keys and to produce a map of the one or more keys, wherein the key manager is responsive to a request from the application program for all keys in a key set or a key set group to produce a map of all keys in the key set or the key set group, respectively, and the key manager is responsive to a request for latest versions of keys in the key set or key set group to produce a map of the latest versions of keys in the key set or the key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event, wherein the key manager is to determine whether the application program is within a scope specified for the key set, the scope being the scope of authorized access to the key set, wherein determining whether the application program is within the scope specified for the key set comprises determining whether the application program is associated with a grouping that is associated with the key set;
  
  a key scheduler to schedule at least one key generation event at a pre-determinable time;
  
  a key generator to generate at least one key of the one or more keys at a scheduled key generation event wherein keys generated by the key generator are associated with a key set and a key set group and wherein the key set comprises one or more keys and the key set group comprises one or more key sets; and
  
  a key store comprising memory to store the at least one key along with attributes of the at least one key so that each key is associated with a set of attributes of the key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the key manager is to determine whether the application program is within a scope specified for the key set, wherein determining whether the application program is within the scope specified for the key set comprises determining whether the application program is associated with a Process if the scope is the Process, determining whether the application program is associated with a Node representing all processes on a particular machine if the scope is the Node, determining whether the application program is associated with a Node Group representing more than one Node if the scope is the Node Group, determining whether the application program is associated with a Cluster representing a grouping of processes related to a specific application if the scope is the Cluster, or determining whether the application program is associated with a Cell representing a group of Nodes that comprise an entire environment if the scope is the Cell.
  - 3. The system of claim 2, wherein the key manager is to determine a scope to specify a node or server where which the application program must reside during execution to be authorized to receive the one or more keys requested by the key manager.
  - 4. The system of claim 2, wherein the key manager is to determine a scope associated with a key set group that is at least as narrow as the narrowest scope associated with a key set within the key set group.
  - 5. The system of claim 1, wherein the key store stores key attributes that include a version number of each key in a key set or key set group.
  - 6. The system of claim 1, wherein the key manager is to determine if the location of the application program that is requesting one or more keys is within a scope specified for the specified key set or key set group.
  - 7. The system of claim 1, wherein the key manager is to execute a method for retrieving all keys in a key set or key set group.
  - 8. The system of claim 1, wherein the key manager is to execute a method for retrieving only the latest keys in a key set or key set group.

9. A method for managing encryption keys, comprising:
- receiving, by an encryption key processor, a call from an application program to provide at least one key associated with a key set or key set group, wherein a key set comprises at least one key and a key set group comprises at least one key set;
  
  determining, by the encryption key processor, if the application program is within a scope specified for the associated key set or key set group, the scope being the scope of authorized access to the key set or key set group, wherein determining if the application program is within the scope specified for the key set or key set group comprises determining whether the application program is associated with a grouping that is associated with the key set or key set group;
  
  if the application is within the scope, then producing, by the encryption key processor, a map of the at least one key associated with the key set or key set group, wherein producing the map comprises producing a map of all keys in the key set or the key set group responsive to a request from the application program for all keys in the key set or the key set group, respectively, and producing a map of the latest versions of keys in the key set or the key set group responsive to a request for latest versions of keys in the key set or key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event; and
  
  generating, by the encryption key processor, the at least one key to include in the key set or key set group according to a specifiable schedule.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The method of claim 9, further comprising associating with a key an alias with a version number, wherein the latest version of a key in a key set is the version of the key last generated according to the schedule.
  - 11. The method of claim 10, wherein all versions of the same key have the same alias prefix.
  - 12. The method of claim 9, wherein a call from an application program to provide keys associated with a key set group may be a specific call to produce a map of only the latest keys in a key set.
  - 13. The method of claim 9, wherein the scope may specify a node or server where which the application program must reside when requesting a key to be authorized to receive the requested key.
  - 14. The method of claim 9, wherein a scope associated with a key set group is at least as narrow as the narrowest scope associated with a key set within the key set group.

15. A computer program product comprising a non-transitory computer useable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
- receive a request from an application program to provide one or more keys in a key set or key set group, wherein a key set comprises at least one key and a key set group comprises at least one key set;
  
  determine if the application program is within a scope specified for the key set or key set group, the scope being the scope of authorized access to the key set or key set group, wherein determining if the application program is within the scope specified for the key set or key set group comprises determining whether the application program is associated with a grouping that is associated with the key set or key set group;
  
  if the application is within the specified scope, then produce a map of the one or more keys, wherein producing the map comprises producing a map of all keys in the key set or the key set group responsive to a request from the application program for all keys in the key set or the key set group, respectively, and producing a map of the latest versions of keys in the key set or the key set group responsive to a request for latest versions of keys in the key set or key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event; and
  
  generate new keys for a key set according to a predetermined schedule.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer program product of claim 15, wherein the computer is further caused to store a version number for each key and to associate the version number of a key with the key.
  - 17. The computer program product of claim 15, wherein the computer is further caused by the application program to get the latest keys from a key set or key set group.
  - 18. The computer program product of claim 15, wherein the scope may specify a node or server where which the application program must reside during execution to be authorized to receive the requested keys.
  - 19. The computer program product of claim 15, wherein a scope associated with a key set group is at least as narrow as the narrowest scope associated with a key set within the key set group.
  - 20. The computer program product of claim 15, wherein all versions of the same key have the same alias prefix.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
DeMyers, Alaine, Botzum, Keys D., Rosiles, Mickella A., Chung, Hyen V., Birk, Peter D., Lee, Ut Van, Chao, Ching-Yun, Lentz, James L.
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
HOLDER, BRADLEY W

Application Number

US11/553,276
Publication Number

US 20080101610A1
Time in Patent Office

1,461 Days
Field of Search

380/277, 380/278, 380/279, 380/44
US Class Current

380/277
CPC Class Codes

H04L 2209/24   Key scheduling, i.e. genera...

H04L 9/0891   Revocation or update of sec...

H04L 9/16   the keys or algorithms bein...

Systems and methods for management and auto-generation of encryption keys

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for management and auto-generation of encryption keys

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links