Systems and methods for management and auto-generation of encryption keys
First Claim
Patent Images
1. An encryption key management system, comprising:
- a key manager to determine when an application program requesting one or more keys is authorized to receive the one or more keys and to produce a map of the one or more keys, wherein the key manager is responsive to a request from the application program for all keys in a key set or a key set group to produce a map of all keys in the key set or the key set group, respectively, and the key manager is responsive to a request for latest versions of keys in the key set or key set group to produce a map of the latest versions of keys in the key set or the key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event, wherein the key manager is to determine whether the application program is within a scope specified for the key set, the scope being the scope of authorized access to the key set, wherein determining whether the application program is within the scope specified for the key set comprises determining whether the application program is associated with a grouping that is associated with the key set;
a key scheduler to schedule at least one key generation event at a pre-determinable time;
a key generator to generate at least one key of the one or more keys at a scheduled key generation event wherein keys generated by the key generator are associated with a key set and a key set group and wherein the key set comprises one or more keys and the key set group comprises one or more key sets; and
a key store comprising memory to store the at least one key along with attributes of the at least one key so that each key is associated with a set of attributes of the key.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems, methods and media for managing and generating encryption keys are disclosed. In one embodiment, a processor executes encryption key processing computer code to receive requests for keys from an application program. The processor determines whether the requesting application program executes on a node or server that is within the scope of machines authorized to receive the requested keys. If authorized, the processor produces a key map and sends the key map to the application program, enabling the application program to access one or more keys in the key map. The keys are updated automatically according to a specifiable schedule.
-
Citations
20 Claims
-
1. An encryption key management system, comprising:
-
a key manager to determine when an application program requesting one or more keys is authorized to receive the one or more keys and to produce a map of the one or more keys, wherein the key manager is responsive to a request from the application program for all keys in a key set or a key set group to produce a map of all keys in the key set or the key set group, respectively, and the key manager is responsive to a request for latest versions of keys in the key set or key set group to produce a map of the latest versions of keys in the key set or the key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event, wherein the key manager is to determine whether the application program is within a scope specified for the key set, the scope being the scope of authorized access to the key set, wherein determining whether the application program is within the scope specified for the key set comprises determining whether the application program is associated with a grouping that is associated with the key set; a key scheduler to schedule at least one key generation event at a pre-determinable time; a key generator to generate at least one key of the one or more keys at a scheduled key generation event wherein keys generated by the key generator are associated with a key set and a key set group and wherein the key set comprises one or more keys and the key set group comprises one or more key sets; and a key store comprising memory to store the at least one key along with attributes of the at least one key so that each key is associated with a set of attributes of the key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for managing encryption keys, comprising:
-
receiving, by an encryption key processor, a call from an application program to provide at least one key associated with a key set or key set group, wherein a key set comprises at least one key and a key set group comprises at least one key set; determining, by the encryption key processor, if the application program is within a scope specified for the associated key set or key set group, the scope being the scope of authorized access to the key set or key set group, wherein determining if the application program is within the scope specified for the key set or key set group comprises determining whether the application program is associated with a grouping that is associated with the key set or key set group; if the application is within the scope, then producing, by the encryption key processor, a map of the at least one key associated with the key set or key set group, wherein producing the map comprises producing a map of all keys in the key set or the key set group responsive to a request from the application program for all keys in the key set or the key set group, respectively, and producing a map of the latest versions of keys in the key set or the key set group responsive to a request for latest versions of keys in the key set or key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event; and generating, by the encryption key processor, the at least one key to include in the key set or key set group according to a specifiable schedule. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product comprising a non-transitory computer useable storage medium having a computer readable program, wherein the computer readable program when executed on a computer causes the computer to:
-
receive a request from an application program to provide one or more keys in a key set or key set group, wherein a key set comprises at least one key and a key set group comprises at least one key set; determine if the application program is within a scope specified for the key set or key set group, the scope being the scope of authorized access to the key set or key set group, wherein determining if the application program is within the scope specified for the key set or key set group comprises determining whether the application program is associated with a grouping that is associated with the key set or key set group; if the application is within the specified scope, then produce a map of the one or more keys, wherein producing the map comprises producing a map of all keys in the key set or the key set group responsive to a request from the application program for all keys in the key set or the key set group, respectively, and producing a map of the latest versions of keys in the key set or the key set group responsive to a request for latest versions of keys in the key set or key set group, respectively, wherein the map of all keys comprises a map with the latest versions of keys and earlier versions of keys and wherein the latest versions of keys comprises versions of keys last generated at a scheduled key generation event; and generate new keys for a key set according to a predetermined schedule. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification