Rule-based validity of cryptographic key material
First Claim
1. A method for altering the validity status of cryptographic key material, the method comprising:
- storing a rules based attribute set comprising a rule set defining conditions under which a validity state associated with cryptographic key material will be set to a valid or invalid state, the rule set comprising at least one of;
times at which the cryptographic key material should be valid and/or invalid;
quorum information; and
geo-fence information describing a geographic region that a system attempting to use the cryptographic key material must be located within or outside of for the cryptographic key material to be valid and/or invalid;
associating the rules based attribute set with cryptographic key material used for authenticated communications;
creating a rules evaluation message comprising information allowing compliance with the rule set to be determined; and
sending the rules evaluation message to a rules compliance service.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
40 Citations
20 Claims
-
1. A method for altering the validity status of cryptographic key material, the method comprising:
-
storing a rules based attribute set comprising a rule set defining conditions under which a validity state associated with cryptographic key material will be set to a valid or invalid state, the rule set comprising at least one of; times at which the cryptographic key material should be valid and/or invalid; quorum information; and geo-fence information describing a geographic region that a system attempting to use the cryptographic key material must be located within or outside of for the cryptographic key material to be valid and/or invalid; associating the rules based attribute set with cryptographic key material used for authenticated communications; creating a rules evaluation message comprising information allowing compliance with the rule set to be determined; and sending the rules evaluation message to a rules compliance service. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; memory coupled to the processor; instructions stored in the memory that, when executed by the processor, cause the system to; store a rules based key material comprising; a rules based attribute set comprising a rule set defining conditions under which cryptographic key material will be honored for authenticated communications, the rule set comprising at least one of; times at which the cryptographic key material should be valid and/or invalid; quorum information specifying a minimum number of key instances in a set of key instances that must be in a designated state for the cryptographic key material to be valid and/or invalid; and geo-fence information describing a geographic region that a system attempting to use the cryptographic key material must be located within or outside of for the cryptographic key material to be valid and/or invalid; and associated cryptographic key material used for authenticated communications; identify a triggering event to trigger determination of whether the rules based key material is valid or invalid; responsive to the occurrence of the triggering event; create a rules evaluation message comprising information allowing compliance with the rule set to be determined; and send the rules evaluation message to a rules compliance service for evaluation in order to allow the rules compliance service to identify whether the rules based key material is set to a valid state or an invalid state. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
access a rules based key material comprising; a rules based attribute set comprising a rule set defining conditions under which cryptographic key material will be honored for authenticated communications, the rule set comprising at least one of; times at which the cryptographic key material should be valid and/or invalid; quorum information specifying a minimum number of key instances in a set of key instances that must be in a designated state for the cryptographic key material to be valid and/or invalid; and geo-fence information describing a geographic region that a system attempting to use the cryptographic key material must be located within or outside of for the cryptographic key material to be valid and/or invalid; and associated cryptographic key material used for authenticated communications; identify a triggering event to trigger determination of whether the rules based key material is valid or invalid; responsive to the occurrence of the triggering event; create a rules evaluation message comprising information allowing compliance with the rule set to be determined; and send the rules evaluation message to a rules compliance service for evaluation in order to allow the rules compliance service to identify whether the rules based key material is set to a valid state or an invalid state. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification