Organizing an extensible table for storing cryptographic objects

US 8,693,690 B2
Filed: 12/04/2006
Issued: 04/08/2014
Est. Priority Date: 12/04/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

generating, by a processor, a single storage table for cryptographic objects, wherein the single storage table comprises rows corresponding to the cryptographic objects and columns corresponding to available attributes capable of being associated with any of the cryptographic objects, wherein the cryptographic objects are defined by a plurality of different cryptographic standards;

storing actual attributes of the cryptographic objects in at least one of the columns that correspond to the associated available attributes,receiving a new cryptographic object;

determining that the new cryptographic object is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; and

storing, in view of the determining, the new cryptographic object in the single storage table by;

adding a new column to the single storage table that corresponds to the new attribute of the new cryptographic object; and

storing a null value in the rows associated with the new column corresponding to the cryptographic objects currently stored in the single storage table.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.

219 Citations

22 Claims

1. A method comprising:
- generating, by a processor, a single storage table for cryptographic objects, wherein the single storage table comprises rows corresponding to the cryptographic objects and columns corresponding to available attributes capable of being associated with any of the cryptographic objects, wherein the cryptographic objects are defined by a plurality of different cryptographic standards;
  
  storing actual attributes of the cryptographic objects in at least one of the columns that correspond to the associated available attributes,receiving a new cryptographic object;
  
  determining that the new cryptographic object is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; and
  
  storing, in view of the determining, the new cryptographic object in the single storage table by;
  
  adding a new column to the single storage table that corresponds to the new attribute of the new cryptographic object; and
  
  storing a null value in the rows associated with the new column corresponding to the cryptographic objects currently stored in the single storage table.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising searching the single storage table for one or more of the cryptographic objects in view of one or more of the available attributes.
  - 3. The method of claim 1, further comprising:
    - searching the single storage table for one or more of the cryptographic objects in view of one or more of the available attributes; and
      
      locating a matching cryptographic object from the cryptographic objects having actual attributes corresponding to the one or more of the available attributes used in the searching.
  - 4. The method of claim 1, wherein the available attributes comprise at least one of attribute value pairs or user-defined attributes.
  - 5. The method of claim 1, wherein the single storage table comprises a standard query language (SQL) database table.
  - 6. The method of claim 1, wherein the available attributes are defined in accordance with a PKCS #11 standard.
  - 7. The method of claim 1, wherein the available attributes comprise a pathname of the cryptographic objects.
  - 8. The method of claim 1, wherein the available attributes comprise a provider name of the cryptographic objects.
  - 9. The method of claim 1, wherein the available attributes comprise a method of a provider of the cryptographic objects.
  - 10. The method of claim 1, wherein the available attributes comprise an enabled method of a provider of the cryptographic objects.
  - 11. The method of claim 1, wherein the available attributes comprise a disabled method of a provider of the cryptographic objects.

12. A non-transitory computer readable medium comprising instructions for causing a processing device to perform operations comprising:
- maintaining, by a cryptography module executed by the processing device, a single storage table capable of storing cryptographic objects each having at least a portion of available attributes, wherein the single storage table is accessible using a standard query language (SQL), and wherein the single storage table is organized such that a row is allocated to the each of the cryptographic objects and a column is allocated to each of the available attributes, and wherein the cryptographic objects are defined by a plurality of different cryptographic standards;
  
  determining that a new cryptographic object to be added to the single storage table is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table;
  
  storing, in view of the determining, the new cryptographic object in the single storage table by;
  
  adding a new column to the single storage table that corresponds to a new attribute of a new cryptographic object that is associated with a cryptographic standard not yet represented in the single storage table; and
  
  storing a null value in each row associated with the new column corresponding to the cryptographic objects currently stored in single storage table;
  
  receiving, by the cryptography module from an application using a security library, a request in accordance with one of the cryptography standards, the request for one of the cryptographic objects and comprising a first command; and
  
  translating the first command associated with the requested cryptographic object, the first command constructed in accordance with the one of the cryptography standards, into a second command constructed in accordance with the SQL, wherein at least one of the first or the second command is constructed using at least one of the available attributes.
- View Dependent Claims (13, 14, 15, 16, 17, 18)
- - 13. The non-transitory computer readable medium of claim 12, wherein the first command comprises one of a CREATE_OBJECT command, a COPY OBJECT command, a DELETE OBJECT command, a FIND OBJECT command, a GET_ATTRIBVALUE command, and a SET_ATTRIBUTE_VALUE command.
  - 14. The non-transitory computer readable medium of claim 12, wherein the cryptographic module is compliant with a government standard comprising a federal information processing standard (FIPS).
  - 15. The non-transitory computer readable medium of claim 12, wherein the cryptographic objects comprise public key cryptography standard (PKCS) #11 objects.
  - 16. The non-transitory computer readable medium of claim 12, wherein the operations further comprise:
    - adding an additional new column to the single storage table corresponding to an additional new attribute associated with the cryptographic objects.
  - 17. The non-transitory computer readable medium of claim 12, wherein the application comprises at least one of a web browser, a cryptography application, or an email client.
  - 18. The non-transitory computer readable medium of claim 12, wherein the single storage table is maintained on a token.

19. A system comprising:
- a token interface; and
  
  a processor coupled to the token interface, the processor to;
  
  organize a single storage table for storage in a token coupled to the token interface, wherein the single storage table stores cryptographic objects each having at least a portion of a set of available attributes associated with a cryptographic standard of a plurality of cryptographic standard represented in the single storage table, wherein the single storage table is accessible using a standard query language (SQL), and wherein the single storage table is organized such that a row is allocated to each of the cryptographic objects and a column is allocated to each of the available attributes;
  
  determine that a new cryptographic object to be added to the single storage table is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table;
  
  store, in view of the determining, the new cryptographic object in the single storage table by;
  
  adding a new column to the single storage table that corresponds to a new attribute of a new cryptographic object that is associated with a cryptographic standard not yet represented in the single storage table; and
  
  storing a null value in each row associated with the new column corresponding to the cryptographic objects currently stored in single storage table;
  
  receive, by the cryptography module from an application using a security library, a request for one of the cryptographic objects in accordance with one of the plurality of cryptography standards; and
  
  translate the request from the security library for the one of the cryptographic objects to a SQL request for the one of the cryptographic objects using at least one of the portion of the set of available attributes.
- View Dependent Claims (20, 21, 22)
- - 20. The system of claim 19, wherein the new attribute is associated with at least one of a revised version of the cryptographic standard, a new cryptographic standard, or a user-defined attribute.
  - 21. The system of claim 19, wherein the available attributes comprise at least one of attribute value pairs, user-defined attributes, a pathname of the cryptographic objects, a provider name of the cryptographic objects, a method of a provider of the cryptographic objects, an enabled method of a provider of the cryptographic objects, or a disabled method of a provider of the cryptographic objects.
  - 22. The system of claim 19, wherein the available attributes are defined in accordance with a PKCS #11 standard.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert
Primary Examiner(s)
Poltorak, Peter

Application Number

US11/566,640
Publication Number

US 20080133514A1
Time in Patent Office

2,682 Days
Field of Search

None
US Class Current

380/277
CPC Class Codes

G06F 21/34 involving the use of extern...

G06F 21/602 Providing cryptographic fac...

Organizing an extensible table for storing cryptographic objects

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

219 Citations

22 Claims

Specification

Use Cases

Quick Links

Others

Organizing an extensible table for storing cryptographic objects

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

219 Citations

22 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others