Rule-based validity of cryptographic key material
First Claim
1. A method for creating rule based cryptographic key material, the method comprising:
- receiving a request to create a rule based cryptographic key material;
creating a rule based attribute set comprising at least one rule set defining conditions under which an associated state of the rule based cryptographic key material will be set to valid so that the rule based cryptographic key material will be honored for authenticated communications or set to invalid so that the rule based cryptographic key material will not be honored for authenticated communications, the at least one rule set comprising at least one of;
times at which the rule based cryptographic key material should be valid and/or invalid;
quorum information; and
geo-fence information;
causing an association between the rule based attribute set and cryptographic key material to create the rule based key material;
deploying the rule based key material to a system.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
38 Citations
20 Claims
-
1. A method for creating rule based cryptographic key material, the method comprising:
-
receiving a request to create a rule based cryptographic key material; creating a rule based attribute set comprising at least one rule set defining conditions under which an associated state of the rule based cryptographic key material will be set to valid so that the rule based cryptographic key material will be honored for authenticated communications or set to invalid so that the rule based cryptographic key material will not be honored for authenticated communications, the at least one rule set comprising at least one of; times at which the rule based cryptographic key material should be valid and/or invalid; quorum information; and geo-fence information; causing an association between the rule based attribute set and cryptographic key material to create the rule based key material; deploying the rule based key material to a system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
a processor and executable instructions accessible on a machine-readable medium that, when executed, cause the system to perform operations comprising; receive a request to create a rule based cryptographic key material; create a rule based attribute set comprising at least one rule set defining conditions under which an associated state of the rule based cryptographic key material is set to valid so that the rule based cryptographic key material is honored for authenticated communications or set to invalid so that the rule based cryptographic key material is not honored for authenticated communications, the at least one rule set comprising at least one of; times at which the rule based cryptographic key material should be valid and/or invalid; quorum information; and geo-fence information; cause an association between the rule based attribute set and cryptographic key material to create the rule based key material; deploy the rule based key material to a system. - View Dependent Claims (10, 11, 12, 13)
-
14. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
receive a request to create a rule based cryptographic key material; create a rule based attribute set comprising at least one rule set defining conditions under which a state associated with the rule based cryptographic key material will be set to valid so that the rule based cryptographic key material is honored for authenticated communications or set to invalid so that the rule based cryptographic key material is not honored for authenticated communications, the at least one rule set comprising at least one of; times at which the rule based cryptographic key material should be valid and/or invalid; quorum information; and geo-fence information; cause an association between the rule based attribute set and cryptographic key material to create the rule based key material; deploy the rule based key material to a system. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification