Unified storage and management of cryptographic keys and certificates

US 9,276,742 B1
Filed: 04/01/2015
Issued: 03/01/2016
Est. Priority Date: 09/25/2014
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a cryptographic resource including a first artifact in a first format having a first metadata set, the first format being a pretty good privacy (PGP) canonical format;

converting the first artifact to a second artifact having a second format;

storing the second artifact in a repository; and

responsive to a request for the first artifact, creating a third artifact based on the second artifact;

wherein;

the repository cannot store the first artifact, at least in part, because the first artifact is formatted according to the first format;

the second artifact being formatted according to the second format retains the first metadata set of the first artifact;

the repository configured to store the second artifact, at least in part, because the second artifact is formatted according to the second format;

the third artifact is a functional copy of the first artifact, the third artifact functionally replaces the first artifact;

the second format is a standard format of the repository; and

the first format and the second format are distinct formats.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Cryptographic resources, such as those including PGP keys and certificates, are transformed such that they are understood by certificate repositories, such as in a format understood by the Java JAVA tools of JAVA KEYSTORE (JKS). JAVA is one example of a general-purpose computer programming language that is concurrent, class-based, object-oriented. JAVA KEYSTORE is one example of a repository of security certificates, such as authorization certificates and public key certificates, used for instance in SSL encryption. The transformation of the cryptographic resources is completed such that the necessary metadata for retrieving the original cryptographic resources, or artifacts thereof, are retained. In that way, cryptographic resources are effectively hidden within the certificate repository until needed. The security program applies an algorithm to generate keys for JKS storage such that the keys “masquerade” in a JKS canonical format until the time in which the resources are needed to be in a PGP canonical format.

Citations

6 Claims

1. A method comprising:
- receiving a cryptographic resource including a first artifact in a first format having a first metadata set, the first format being a pretty good privacy (PGP) canonical format;
  
  converting the first artifact to a second artifact having a second format;
  
  storing the second artifact in a repository; and
  
  responsive to a request for the first artifact, creating a third artifact based on the second artifact;
  
  wherein;
  
  the repository cannot store the first artifact, at least in part, because the first artifact is formatted according to the first format;
  
  the second artifact being formatted according to the second format retains the first metadata set of the first artifact;
  
  the repository configured to store the second artifact, at least in part, because the second artifact is formatted according to the second format;
  
  the third artifact is a functional copy of the first artifact, the third artifact functionally replaces the first artifact;
  
  the second format is a standard format of the repository; and
  
  the first format and the second format are distinct formats.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, further comprising:
    - encrypting a file using the third artifact.
  - 3. The method of claim 1, wherein:
    - the third artifact is formatted according to the first format;
      
      the third artifact having the first metadata set.
  - 4. The method of claim 1, wherein:
    - the cryptographic resource is a pretty good privacy (PGP) key ring set;
      
      the first artifact is a PGP key pair including a PGP private key and a PGP public key;
      
      the first format is a PGP format;
      
      the second artifact is a key pair; and
      
      the second format is selected from a group consisting of;
      
      a secure socket layer (SSL) protocol and a transport layer security (TLS) protocol.
  - 5. The method of claim 4, further comprising:
    - extracting the PGP private key from a secret key ring; and
      
      extracting the PGP public key from a public key ring;
      
      wherein;
      
      the step of converting the first artifact to a second artifact having a second format includes building an SSL certificate from a PGP certificate.
  - 6. The method of claim 4, wherein the repository is a JAVA KEYSTORE (JKS) repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Krishnan, Subramanian, Panchal, Nikunj R.
Primary Examiner(s)
Das, Chameli

Application Number

US14/676,084
Time in Patent Office

335 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 9/0894 Escrow, recovery or storing...

H04L 9/3263 involving certificates, e.g...

Unified storage and management of cryptographic keys and certificates

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

6 Claims

Specification

Solutions

Use Cases

Quick Links

Unified storage and management of cryptographic keys and certificates

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

6 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links