×

Method and system for provision of cryptographic services

  • US 9,530,011 B2
  • Filed: 06/22/2010
  • Issued: 12/27/2016
  • Est. Priority Date: 06/22/2009
  • Status: Active Grant
First Claim
Patent Images

1. An encryption service system comprising:

  • an application programming interface (API) separating calling applications, cryptographic servers and key servers executed using a computer processor and configured to;

    receive encryption/decryption requests from one or more calling applications, each request comprising information identifying an encryption or decryption operation to be performed on specified data, and an identity of an origin of the data, and/or an identity of a target of the data, and wherein an encryption policy is determined at least in part on the basis of the identity of the origin and/or target;

    wherein the encryption policy defines a cryptographic mechanism;

    request an appropriate cryptographic server to perform the requested encryption/decryption; and

    send output data in response to the corresponding encryption/decryption requests; and

    the cryptographic server comprising a computer processor and configured to;

    authenticate the calling application and upon successful authentication, return an identifier token, an ID token, wherein the ID token is appended to an ID token chain by the API, and wherein the ID token comprises a reference to an attribute of the calling API, an expiration time for the ID token and mechanism to prevent replay of the ID token;

    generate said corresponding output data by applying the encryption or decryption operation to the specified data; and

    a key server operable to receive a key request from the cryptographic server and to reply with an encrypted key, wherein the key server is operable to send a query command to the cryptographic server, wherein the query command comprises a command to test if a specified key is being used or is resident at the cryptographic server; and

    wherein the cryptographic server is operable to receive a pre-fetch request from one of said calling applications through the API and to load a defined set of keys into a local key store in response thereto, wherein the keys that are loaded are grouped and flagged by the ID token, when the ID token is deleted the keys are removed from the local key store.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×