Using a PKCS module for opening multiple databases

US 8,909,916 B2
Filed: 11/30/2009
Issued: 12/09/2014
Est. Priority Date: 11/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining that a public key cryptography standard (PKCS)-based module, executed from a memory by a processing device, is initialized from opening a first database;

identifying a second database to be opened from a request from an application to access security data that is stored in the second database; and

creating, by the processing device, a slot, via the PKCS-based module, to open the second database using the PKCS-based module that is already initialized from opening the first database without shutting down the PKCS-based module.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security initialization system obtains load data that identifies a first database storing security data to be opened. The initialization system determines that a PKCS-based module for opening the first database is already initialized, where the PKCS-based module is already initialized from previously opening a second database. The initialization system causes the PKCS-based module to create a slot to open the first database, without shutting down the PKCS-based module, in response to determining that the PKCS-based module is already initialized.

Citations

20 Claims

1. A method comprising:
- determining that a public key cryptography standard (PKCS)-based module, executed from a memory by a processing device, is initialized from opening a first database;
  
  identifying a second database to be opened from a request from an application to access security data that is stored in the second database; and
  
  creating, by the processing device, a slot, via the PKCS-based module, to open the second database using the PKCS-based module that is already initialized from opening the first database without shutting down the PKCS-based module.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the PKCS-based module is a PKCS #11-based module.
  - 3. The method of claim 1, wherein identifying the second database comprises:
    - receiving load data that identifies the second database, the load data being based on user-configurable policy information.
  - 4. The method of claim 3, wherein the user-configurable policy information is stored in a lightweight directory access protocol (LDAP)-based database.
  - 5. The method of claim 3, wherein the user-configurable policy information identifies the second database to be opened in view of at least one of server type, application type, application name, or user.
  - 6. The method of claim 3, wherein the load data comprises at least one of a name of the second database to be opened, a location of the second database, or an access type for the second database.
  - 7. The method of claim 3, wherein receiving the load data comprises:
    - receiving an initialization request from the application to access the security data that is stored in the second database;
      
      opening a system database in response to receiving the initialization request, wherein the system database identifies a module database interface;
      
      accessing, via the module database interface, user-configurable policy information stored in an LDAP-based database; and
      
      obtaining the load data to open the second database.
  - 8. The method of claim 7, wherein the initialization request is received from a web browsing application, a cryptography application, or an email application.
  - 9. The method of claim 1, wherein determining that the PKCS-based module is initialized comprises:
    - attempting to initialize the PKCS-based module; and
      
      receiving an error code indicating that the PKCS-based module is already initialized.
  - 10. The method of claim 1, wherein the PKCS-based module is a soft-token module to open one or more databases storing the security data.
  - 11. The method of claim 1, wherein the PKCS-based module is a Privacy Enhanced Mail (PEM) module to open a database storing a PEM file.
  - 12. The method of claim 1, wherein the security data comprises at least one of a key, a certificate, or a Privacy Enhanced Mail (PEM) file.

13. A system comprising:
- a memory; and
  
  a processing device coupled to the memory to;
  
  determine that a public key cryptography standard (PKCS)-based module executed from the memory by the processing device is initialized from opening a first database,identify a second database to be opened from a request from an application to access security data that is stored in the second database, andcreate, via the PKCS-based module, a slot to open the second database using the PKCS-based module that is already initialized from opening the first database without shutting down the PKCS-based module.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The system of claim 13, wherein the PKCS-based module is a PKCS #11-based module.
  - 15. The system of claim 13, wherein identifying the second database comprises:
    - receiving load data that identifies the second database, the load data being in view of user-configurable policy information.
  - 16. The system of claim 15, wherein the user-configurable policy information is stored in a lightweight directory access protocol (LDAP)-based database.
  - 17. The system of claim 15, wherein the user-configurable policy information identifies the second database to be opened in view of at least one of server type, application type, application name, or user.
  - 18. The system of claim 13, wherein the load data comprises at least one of a name of the second database to be opened, a location of the second database, or an access type for the second database.
  - 19. The system of claim 13, wherein the security data comprises at least one of a key, a certificate, or a Privacy Enhanced Mail (PEM) file.

20. A non-transitory computer-readable storage medium comprising instructions that, when executed by a processing device, cause the processing device to perform a set of operations comprising:
- determining that a public key cryptography standard (PKCS) #11-based module, executed by the processing device, is initialized from opening a first database;
  
  identifying a second database to be opened from a request from an application to access security data that is stored in the second database; and
  
  creating, by the processing device, a slot, via the PKCS-module, to open the second database using the PKCS-based module that is already initialized from opening the first database without shutting down the PKCS-based module.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
Relyea, Robert
Primary Examiner(s)
CERVETTI, DAVID GARCIA

Application Number

US12/627,865
Publication Number

US 20110131407A1
Time in Patent Office

1,835 Days
Field of Search

713/164, 713/167, 713/152, 726/9
US Class Current

713/152
CPC Class Codes

G06F 21/602   Providing cryptographic fac...

G06F 21/6218   to a system of files or obj...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0823   using certificates cryptogr...

H04L 63/102   Entity profiles

H04L 63/107   wherein the security polici...

H04L 63/168   above the transport layer

H04L 9/30   Public key, i.e. encryption...

Using a PKCS module for opening multiple databases

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Using a PKCS module for opening multiple databases

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links