Method and apparatus for secure communication

US 8,291,227 B2
Filed: 02/02/2007
Issued: 10/16/2012
Est. Priority Date: 02/02/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, by a browser of a client device, instructions associated with a website provided by a server, wherein the instructions invoke a cryptographic routine;

generating, by the client device, a key for the website according to the cryptographic routine;

tagging, by the client device, the key with a marker associating the key with the website to produce a tagged key, wherein the marker identifies the website with which the instructions are associated and comprises a key export privilege;

storing the tagged key in a memory associated with the browser; and

exporting cryptographic data to another server providing another website if the key export privilege of the tagged key permits export of the cryptographic data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a device, method and/or computer-readable medium for secure communication between a client device and a server, the client device includes a browser for accessing a website provided by the server, the client device generates a key according to a key generating cryptographic routine; tags the key with a marker associating the key with the website; and stores the tagged key in a memory associated with the browser.

33 Citations

View as Search Results

23 Claims

1. A method comprising:
- receiving, by a browser of a client device, instructions associated with a website provided by a server, wherein the instructions invoke a cryptographic routine;
  
  generating, by the client device, a key for the website according to the cryptographic routine;
  
  tagging, by the client device, the key with a marker associating the key with the website to produce a tagged key, wherein the marker identifies the website with which the instructions are associated and comprises a key export privilege;
  
  storing the tagged key in a memory associated with the browser; and
  
  exporting cryptographic data to another server providing another website if the key export privilege of the tagged key permits export of the cryptographic data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the marker comprises information from a certificate associated with the website.
  - 3. The method of claim 1, further comprising:
    - generating cryptographic data based upon the tagged key;
      
      associating the cryptographic data with the tagged key; and
      
      storing the cryptographic data in the memory.
  - 4. The method of claim 1, further comprising:
    - receiving a cryptographic operation request from the another website provided by the another server to generate the cryptographic data based upon the tagged key; and
      
      generating the cryptographic data based upon the tagged key if the marker of the tagged key is associated with the another website.
  - 5. The method of claim 1, further comprising:
    - performing a cryptographic data routine to generate the cryptographic data based upon the tagged key, wherein the cryptographic data routine comprises one of;
      
      a digital signature generation routine, a data encryption routine, a data decryption routine and a digital signature verification routine;
      
      associating the cryptographic data with the tagged key; and
      
      storing the cryptographic data in the memory.

6. A method comprising:
- accessing, by a browser of a client device, a website provided by a server to obtain a script;
  
  interpreting, by the browser, the script associated with the website during the accessing, wherein the script comprises a cryptographic operation;
  
  generating, by the client device, a key for the website in response to the interpreting the script comprising the cryptographic operation during the access to the website;
  
  tagging, by the client device, the key with a marker associating the key with the website to produce a tagged key, wherein the marker identifies the website with which the script is associated and comprises a key export privilege;
  
  storing the tagged key in a memory associated with the browser; and
  
  exporting cryptographic data to another server providing another website if the key export privilege of the tagged key permits export of the cryptographic data.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, wherein the marker comprises information from a certificate associated with the website.
  - 8. The method of claim 6, wherein the key export privilege defines conditions for permitting export of the cryptographic data generated based upon the tagged key.
  - 9. The method of claim 6, further comprising:
    - generating the cryptographic data based upon the tagged key;
      
      tagging the cryptographic data with the marker; and
      
      storing the cryptographic data in the memory.
  - 10. The method of claim 6, further comprising:
    - generating the cryptographic data based upon the tagged key;
      
      tagging the cryptographic data with the marker; and
      
      transmitting the cryptographic data to the server providing the website.
  - 11. The method of claim 6, further comprising:
    - generating the cryptographic data based upon the tagged key; and
      
      transmitting the cryptographic data to the server providing the website.
  - 12. The method of claim 6, further comprising:
    - receiving a cryptographic operation request from the another website provided by the another server to generate the cryptographic data based upon the tagged key; and
      
      generating the cryptographic data based upon the tagged key if the marker of the tagged key is associated with identification data of the another website.
  - 13. The method of claim 6, further comprising:
    - generating the cryptographic data based upon the tagged key; and
      
      transmitting the cryptographic data to the another server providing the another website if the marker of the tagged key from which the cryptographic data was generated is associated with the another website.
  - 14. The method of claim 6, further comprising:
    - performing one of digital signature generation, data encryption, data decryption and digital signature verification based upon the tagged key to generate the cryptographic data; and
      
      storing the cryptographic data in the memory.

15. A client device comprising:
- a browser;
  
  an interface for connecting with a server; and
  
  a processor coupled to the interface, the processor configured to;
  
  access a script on a website provided by the server, wherein the script comprises a cryptographic operation;
  
  interpret the script, including the cryptographic operation;
  
  generate a key for the website containing the script according to the cryptographic operation while interpreting the script;
  
  tag the key with a marker associating the key with the website to produce a tagged key, wherein the marker identifies the website with which the script is associated and comprises a key export privilege;
  
  store the tagged key in a memory associated with the browser; and
  
  export cryptographic data to the server providing the website if the key export privilege of the tagged key permits export of the cryptographic data.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22)
- - 16. The client device of claim 15, wherein the processor is further configured to:
    - generate the cryptographic data based upon the tagged key; and
      
      export the cryptographic data to the server if the marker of the tagged key is associated with the website provided by the server.
  - 17. The client device of claim 15, wherein the processor is further configured to:
    - generate the cryptographic data based upon the tagged key in response to another script of another website provided by another server if the marker of the tagged key is associated with the another website; and
      
      export the cryptographic data to the another server.
  - 18. The client device of claim 15, wherein the marker for tagging the key comprises identification data of the website of the interpreted script to define the server providing the website as an entity to which data generated based upon the tagged key can be exported.
  - 19. The client device of claim 15, wherein the marker for tagging the key comprises information from a certificate associated with the website of the interpreted script, wherein the information from the certificate comprises identification data of one or more trusted entities, wherein data generated based upon the tagged key can be exported to the one or more trusted entities.
  - 20. The client device of claim 15, wherein the marker for tagging the key comprises a domain, and wherein websites associated with the domain are defined as entities to which data generated based upon the tagged key can be exported.
  - 21. The client device of claim 15, wherein the processor is further configured to perform one of data encryption, data decryption, digital signature generation and digital signature verification to generate cryptographic data based upon the tagged key.
  - 22. The client device of claim 15, wherein the marker further comprises a tag variable identifying one or more websites and an export_mode variable defining conditions for permitting export of data generated based upon the tagged key.

23. A non-transitory computer readable storage medium storing instructions which, when executed, cause a processor to perform a method comprising:
- generating a key in response to an interpreted first script associated with a first website, wherein the key is assigned to the first website;
  
  tagging the key with a marker associating the key with the first website to produce a tagged key, wherein the marker identifies the website with which the script is associated and comprises a key export privilege;
  
  storing the tagged key in a memory associated with a browser on the client device;
  
  generating cryptographic data based upon the tagged key in response to an interpreted second script associated with a second website if the second website is associated with the marker of the tagged key; and
  
  exporting the cryptographic data to a second server providing the second website if the tagged key is associated with the second website and if the key export privilege permits export of the cryptographic data to the second server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Parkinson, Steven William
Primary Examiner(s)
Vu, Kim
Assistant Examiner(s)
BEHESHTI SHIRAZI, SAYED ARESH

Application Number

US11/670,664
Publication Number

US 20100275025A1
Time in Patent Office

2,083 Days
Field of Search

713/176, 380/277, 380/278, 380/279
US Class Current

713/176
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

H04L 9/3247 involving digital signatures

Method and apparatus for secure communication

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for secure communication

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links