Secure key management
First Claim
1. A computer program product for secure key management, the computer program product comprising:
- a non-transitory computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method, comprising;
creating a token and populating a payload section of the token with key material;
selecting a wrapping method from a plurality of supported wrapping methods that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method, and wherein the plurality of supported wrapping methods comprises advanced encryption standard key wrap (AESKW), Rivest Shamir Adelman (RSA) with Optimal Asymmetric Encryption Padding (OAEP), data encryption standard (DES), Elliptic Curve, and message authentication code (MAC); and
wrapping the key material and binding key control information to the key material in the token, the key control information including information relating to usage and management of the key material, wherein the token comprises the key control information, the payload section and a description of the wrapping method, the description of the wrapping method being in a selected section of the token, where sections of the token are known by a party accessing the token, the description of the wrapping method corresponding to one of the plurality of supported wrapping methods wherein the key control information further comprises a label for the token that is recoverable from the token, the label comprising an unencrypted user-specified name of the token, andthe information relating to management of the key material comprises extensible fields that are configured to describe a history and life cycle of the key material and allow updates to the extensible fields after receiving the token by the party accessing the token, and wherein a policy specifying when to retire the token and allowable methods for wrapping the token is configured to be created after receiving the token by the party accessing the token based on the extensible fields.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for implementing computer security is provided. The system includes a computer processor and an application configured to execute on the computer processor, the application implementing a method that includes creating a token and populating a payload section of the token with key material and selecting a wrapping method that specifies how the key material is securely bound to key control information. A structure of the key control information in the token is independent of the wrapping method. Implementing computer security also includes wrapping the key material and binding key control information to the key material in the token. The key control information includes information relating to usage and management of the key material.
50 Citations
10 Claims
-
1. A computer program product for secure key management, the computer program product comprising:
-
a non-transitory computer readable storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for performing a method, comprising; creating a token and populating a payload section of the token with key material; selecting a wrapping method from a plurality of supported wrapping methods that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method, and wherein the plurality of supported wrapping methods comprises advanced encryption standard key wrap (AESKW), Rivest Shamir Adelman (RSA) with Optimal Asymmetric Encryption Padding (OAEP), data encryption standard (DES), Elliptic Curve, and message authentication code (MAC); and wrapping the key material and binding key control information to the key material in the token, the key control information including information relating to usage and management of the key material, wherein the token comprises the key control information, the payload section and a description of the wrapping method, the description of the wrapping method being in a selected section of the token, where sections of the token are known by a party accessing the token, the description of the wrapping method corresponding to one of the plurality of supported wrapping methods wherein the key control information further comprises a label for the token that is recoverable from the token, the label comprising an unencrypted user-specified name of the token, and the information relating to management of the key material comprises extensible fields that are configured to describe a history and life cycle of the key material and allow updates to the extensible fields after receiving the token by the party accessing the token, and wherein a policy specifying when to retire the token and allowable methods for wrapping the token is configured to be created after receiving the token by the party accessing the token based on the extensible fields. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for secure key management, comprising:
-
a computer processor; and an application configured to execute on the computer processor, the application implementing a method, the method comprising; creating a token and populating a payload section of the token with key material; selecting a wrapping method from a plurality of supported wrapping methods that specifies how the key material is securely bound to key control information, wherein a structure of the key control information in the token is independent of the wrapping method, and wherein the plurality of supported wrapping methods comprises advanced encryption standard key wrap (AESKW), Rivest Shamir Adelman (RSA) with Optimal Asymmetric Encryption Padding (OAEP), data encryption standard (DES), Elliptic Curve, and message authentication code (MAC); and wrapping the key material and binding key control information to the key material in the token, the key control information including information relating to usage and management of the key material, wherein the token comprises the key control information, the payload section and a description of the wrapping method, the description of the wrapping method being in a selected section of the token, where sections of the token are known by a party accessing the token, the description of the wrapping method corresponding to one of the plurality of supported wrapping methods wherein the key control information further comprises a label for the token that is recoverable from the token, the label comprising an unencrypted user-specified name of the token, and the information relating to management of the key material comprises extensible fields that are configured to describe a history and life cycle of the key material and allow updates to the extensible fields after receiving the token by the party accessing the token, and wherein a policy specifying when to retire the token and allowable methods for wrapping the token is configured to be created after receiving the token by the party accessing the token based on the extensible fields. - View Dependent Claims (8, 9, 10)
-
Specification