Methods and system for a key recovery plan

US 8,364,952 B2
Filed: 06/06/2006
Issued: 01/29/2013
Est. Priority Date: 06/06/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

storing a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;

receiving a unique identifier associated with the token;

identifying at least one of the subject keys associated with the token based on the unique identifier;

receiving an indication that the token was lost and a reason that the token was lost;

selecting, by a hardware processor, a key recovery plan based on the reason that the token was lost, wherein the key recovery plan identifies an action to be taken with the at least one subject key and wherein the action corresponds to the reason that the token was lost, and wherein the action to be taken is to recover at least one prior subject key associated with the same token; and

wherein the action further comprises;

generating a new subject key and certificate to be associated with the token and managing a certificate associated with the at least one prior subject key.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, systems and computer readable mediums are provided for recovering subject keys and/or certificates for a token. A unique identifier associated with the token is obtained. The token is associated with subject keys and with a first status of statuses, the statuses including a lost status state and an other status state. In response to the token being in the lost status state, a key recovery plan is determined to recover at least one of the subject keys and the certificates associated with the token.

216 Citations

17 Claims

1. A method comprising:
- storing a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receiving a unique identifier associated with the token;
  
  identifying at least one of the subject keys associated with the token based on the unique identifier;
  
  receiving an indication that the token was lost and a reason that the token was lost;
  
  selecting, by a hardware processor, a key recovery plan based on the reason that the token was lost, wherein the key recovery plan identifies an action to be taken with the at least one subject key and wherein the action corresponds to the reason that the token was lost, and wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises;
  
  generating a new subject key and certificate to be associated with the token and managing a certificate associated with the at least one prior subject key.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the key recovery plan further identifies a subset of the at least one subject key to be recovered and actions to recover the subset.
  - 3. The method of claim 1, wherein the key recovery plan further identifies actions to be performed on information associated with the token.
  - 4. The method of claim 1, further comprising providing the key recovery plan.
  - 5. The method of claim 1, wherein the reason that the token was lost is that the token was destroyed, and wherein the action comprises recovering the at least one subject key.
  - 6. The method of claim 1, wherein the reason that the token was lost is that the token was compromised, and wherein the action comprises:
    - generating a new subject key to replace the at least one subject key; and
      
      revoking a certificate associated with the at least one subject key.
  - 7. The method of claim 1, wherein the reason that the token was lost is that the token is on hold, and wherein the action comprises:
    - generating a replacement token; and
      
      placing the token in an on-hold mode,wherein the replacement token can be self-expiring, andwherein the certificates corresponding to the token are revoked.
  - 8. The method of claim 1, further comprising authenticating a user associated with the token, before performing the determining.

9. An apparatus comprising:
- a memory containing instructions; and
  
  a hardware processor configured to execute the instructions contained in the memory to;
  
  store a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receive a unique identifier associated with the token;
  
  identify at least one of the subject keys associated with the token based on the unique identifier;
  
  receive an indication that the token was lost and a reason that the token was lost;
  
  select a key recovery plan based on the reason that the token was lost, wherein the key recovery plan identifies an action to be taken with the at least one of the subject keys and wherein the action corresponds to the reason that the token was lost, and wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises;
  
  generating a new subject key and certificate to be associated with the token and managing a certificate associated with the at least one prior subject key.

10. A non-transitory computer-readable medium comprising instructions for causing the hardware processor to perform a method comprising:
- storing a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receiving a unique identifier associated with the token;
  
  identifying at least one of the subject keys associated with the token based on the unique identifier;
  
  receiving an indication that the token was lost and a reason that the token was lost;
  
  selecting, by a hardware processor, a key recovery plan based on the reason that the token was lost, wherein the key recovery plan identifies an action to be taken with the at least one subject key and wherein the action corresponds to the reason that the token was lost, and wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises;
  
  generating a new subject key and certificate to be associated with the token and managing a certificate associated with the at least one prior subject key.

11. A method comprising:
- storing a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receiving an indication that the token was lost and a reason that the token was lost;
  
  selecting, by a hardware processor, an action to be performed for the at least one of the subject keys associated with the token based on the reason that the token was lost;
  
  performing the action for the at least one of the subject keys associated with the token, wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises at least one of generating a new subject key and certificate to be associated with the token; and
  
  managing a certificate associated with the at least one prior subject key.
- View Dependent Claims (12, 13, 14, 15)
- - 12. The method of claim 11, wherein performing the action comprises perform the action on information associated with the token.
  - 13. The method of claim 11, wherein the at least one subject key associated with the token includes at least one of a signing key and an encryption key.
  - 14. The method of claim 11, further comprising:
    - receiving a new reason that the token is lost; and
      
      selecting a new action for the at least one subject key associated with the token based on the new reason that the token is lost.
  - 15. The method of claim 11, further comprising authenticating a user associated with the token, before performing the action.

16. An apparatus comprising:
- a memory containing instructions; and
  
  a hardware processor configured to execute the instructions contained in the memory to;
  
  store a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receive an indication that the token was lost and a reason that the token was lost;
  
  select an action to be performed for at least one of the subject keys associated with the token based on the reason that the token was lost;
  
  perform the action for the at least one of the subject keys associated with the token, wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises at least one of generating a new subject key and certificate to be associated with the token; and
  
  managing a certificate associated with the at least one prior subject key.

17. A non-transitory computer-readable medium comprising instructions for causing a hardware processor to perform a method comprising:
- storing a key recovery plan associated with a token comprising a plurality of lost status states, wherein each of the plurality of lost status states comprises at least one of a plurality of subject keys, an action to be taken for each of the plurality of subject keys or a token action;
  
  receiving an indication that the token was lost and a reason that the token was lost;
  
  selecting, by a hardware processor, an action to be performed for the at least one of the subject keys associated with the token based on the reason that the token was lost;
  
  performing the action for the at least one of the subject keys associated with the token, wherein the action to be taken is to recover at least one prior subject key associated with the same token; and
  
  wherein the action further comprises at least one of generating a new subject key and certificate to be associated with the token; and
  
  managing a certificate associated with the at least one prior subject key.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Ho, Shuk Yee, Fu, Christina, Kannan, Chandrasekar, Kwan, Nang Kon
Primary Examiner(s)
Gelagay, Shewaye

Application Number

US11/446,958
Publication Number

US 20080022086A1
Time in Patent Office

2,429 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

H04L 9/0891 Revocation or update of sec...

H04L 9/0897 involving additional device...

Methods and system for a key recovery plan

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

216 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

Methods and system for a key recovery plan

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

216 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others