Organizing an extensible table for storing cryptographic objects
First Claim
1. A method comprising:
- generating, by a processor, a single storage table for cryptographic objects, wherein the single storage table comprises rows corresponding to the cryptographic objects and columns corresponding to available attributes capable of being associated with any of the cryptographic objects, wherein the cryptographic objects are defined by a plurality of different cryptographic standards;
storing actual attributes of the cryptographic objects in at least one of the columns that correspond to the associated available attributes,receiving a new cryptographic object;
determining that the new cryptographic object is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; and
storing, in view of the determining, the new cryptographic object in the single storage table by;
adding a new column to the single storage table that corresponds to the new attribute of the new cryptographic object; and
storing a null value in the rows associated with the new column corresponding to the cryptographic objects currently stored in the single storage table.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method and apparatus, including a client and security token, for managing cryptographic objects, such as public key cryptography standard (PKCS)#11 objects, in a computer system. A storage table for the cryptographic objects is established including rows for the cryptographic objects and columns corresponding to available attributes capable of being associated with the cryptographic objects. Actual attributes of the cryptographic objects are stored in ones of the plurality of columns corresponding to respective ones of the available attributes. The storage table is extensible such that additional columns are added corresponding to new attributes capable of being associated with the cryptographic objects.
219 Citations
22 Claims
-
1. A method comprising:
-
generating, by a processor, a single storage table for cryptographic objects, wherein the single storage table comprises rows corresponding to the cryptographic objects and columns corresponding to available attributes capable of being associated with any of the cryptographic objects, wherein the cryptographic objects are defined by a plurality of different cryptographic standards; storing actual attributes of the cryptographic objects in at least one of the columns that correspond to the associated available attributes, receiving a new cryptographic object; determining that the new cryptographic object is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; and storing, in view of the determining, the new cryptographic object in the single storage table by; adding a new column to the single storage table that corresponds to the new attribute of the new cryptographic object; and storing a null value in the rows associated with the new column corresponding to the cryptographic objects currently stored in the single storage table. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A non-transitory computer readable medium comprising instructions for causing a processing device to perform operations comprising:
-
maintaining, by a cryptography module executed by the processing device, a single storage table capable of storing cryptographic objects each having at least a portion of available attributes, wherein the single storage table is accessible using a standard query language (SQL), and wherein the single storage table is organized such that a row is allocated to the each of the cryptographic objects and a column is allocated to each of the available attributes, and wherein the cryptographic objects are defined by a plurality of different cryptographic standards; determining that a new cryptographic object to be added to the single storage table is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; storing, in view of the determining, the new cryptographic object in the single storage table by; adding a new column to the single storage table that corresponds to a new attribute of a new cryptographic object that is associated with a cryptographic standard not yet represented in the single storage table; and storing a null value in each row associated with the new column corresponding to the cryptographic objects currently stored in single storage table; receiving, by the cryptography module from an application using a security library, a request in accordance with one of the cryptography standards, the request for one of the cryptographic objects and comprising a first command; and translating the first command associated with the requested cryptographic object, the first command constructed in accordance with the one of the cryptography standards, into a second command constructed in accordance with the SQL, wherein at least one of the first or the second command is constructed using at least one of the available attributes. - View Dependent Claims (13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
a token interface; and a processor coupled to the token interface, the processor to; organize a single storage table for storage in a token coupled to the token interface, wherein the single storage table stores cryptographic objects each having at least a portion of a set of available attributes associated with a cryptographic standard of a plurality of cryptographic standard represented in the single storage table, wherein the single storage table is accessible using a standard query language (SQL), and wherein the single storage table is organized such that a row is allocated to each of the cryptographic objects and a column is allocated to each of the available attributes; determine that a new cryptographic object to be added to the single storage table is defined by a cryptographic standard not represented in the single storage table and comprises a new attribute of the new cryptographic standard that does not have a corresponding column in the single storage table; store, in view of the determining, the new cryptographic object in the single storage table by; adding a new column to the single storage table that corresponds to a new attribute of a new cryptographic object that is associated with a cryptographic standard not yet represented in the single storage table; and storing a null value in each row associated with the new column corresponding to the cryptographic objects currently stored in single storage table; receive, by the cryptography module from an application using a security library, a request for one of the cryptographic objects in accordance with one of the plurality of cryptography standards; and translate the request from the security library for the one of the cryptographic objects to a SQL request for the one of the cryptographic objects using at least one of the portion of the set of available attributes. - View Dependent Claims (20, 21, 22)
-
Specification