Techniques for managing heterogeneous key stores
First Claim
Patent Images
1. A method implemented and residing in a non-transitory machine-readable medium and for processing on a machine, comprising:
- receiving, by the machine, a key instruction in a first format, the key instruction is directed to a first key store and a second key store, and the first and second key stores use disparate interfaces from one another and use second and third formats, respectively to process instructions, the disparate interfaces are disparate Applicant Programming Interfaces (API'"'"'s) from one another and that are incompatible with one another, each API directed to a particular key store;
sending, by the machine, the key instruction in the first format to a first agent that is in communication with the first key store, the first agent translates the key instruction from the first format to the second format and processes the key instruction against the first key store using a first API of the first key store; and
forwarding, by the machine, the key instruction in the first format to a second agent that is in communication with the second key store, the second agent translates the key instruction from the first format to the third format and processes the key instruction against the second key store using a second API of the second key store.
3 Assignments
0 Petitions
Accused Products
Abstract
Techniques for managing heterogeneous key stores are presented. A centralized key management service receives key instructions in a generic format. These key instructions are communicated to distributed key agents distributed over a network. The key agents translate the key instructions into native formats expected by distributed key stores. The key agents then process the key instructions in the native formats against the distributed key stores on behalf of the centralized key management service.
50 Citations
20 Claims
-
1. A method implemented and residing in a non-transitory machine-readable medium and for processing on a machine, comprising:
-
receiving, by the machine, a key instruction in a first format, the key instruction is directed to a first key store and a second key store, and the first and second key stores use disparate interfaces from one another and use second and third formats, respectively to process instructions, the disparate interfaces are disparate Applicant Programming Interfaces (API'"'"'s) from one another and that are incompatible with one another, each API directed to a particular key store; sending, by the machine, the key instruction in the first format to a first agent that is in communication with the first key store, the first agent translates the key instruction from the first format to the second format and processes the key instruction against the first key store using a first API of the first key store; and forwarding, by the machine, the key instruction in the first format to a second agent that is in communication with the second key store, the second agent translates the key instruction from the first format to the third format and processes the key instruction against the second key store using a second API of the second key store. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method implemented and residing in a non-transitory machine-readable medium and for executing on a machine, comprising:
-
receiving, by the machine, a key instruction from a master key management service, the key instruction is in a first format; translating, by the machine, the key instruction from the first format to a native format associated with a first key store the native format expected by an Application Programming Interface of the first key store that is different from what is used with the master key management service and that is different from other key stores managed by the key management service, each of the Application programming interfaces are disparate from and incompatible with one another; processing, by the machine, the key instruction in the native format against the first key store; and reporting, by the machine, that the key instruction processed against the first key store to the master key management service. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system, comprising:
-
a server machine configured with a centralized key management service implemented in a non-transitory machine-readable medium and for executing on the server; and client machines, each client machine configured with a distributed key agent and each distributed key agent implemented in a non-transitory machine-readable medium and for executing on that distributed key agent'"'"'s client machine, the centralized key management service is to present a unified administrative interface to administrators to perform key instructions in a generic format, and the centralized key management service is to securely communicate the key instructions to the distributed key agents in the generic format, and each distributed key agent is to translate the key instructions into native formats recognized by distributed key stores and to further process the key instructions in those native formats on the distributed key stores on behalf of the centralized key management service, each native format associated with a particular distributed key store and that distributed key store'"'"'s Application Programming Interface (API), and each API is disparate from and incompatible with remaining API'"'"'s. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification