Geo-fencing cryptographic key material
First Claim
1. A method for altering the status of cryptographic key material, the method comprising:
- receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication;
create a geo-fence attribute set comprising;
a geo-fence describing at least one geographic area;
a policy containing at least one condition under which the validity state is valid for authentication or invalid for authentication; and
a delegate identifier identifying at least one entity authorized to perform a task on behalf of the holder of the geo-fence key material;
cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; and
deploy the geo-fence key material to a system.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
39 Citations
20 Claims
-
1. A method for altering the status of cryptographic key material, the method comprising:
-
receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication; create a geo-fence attribute set comprising; a geo-fence describing at least one geographic area; a policy containing at least one condition under which the validity state is valid for authentication or invalid for authentication; and a delegate identifier identifying at least one entity authorized to perform a task on behalf of the holder of the geo-fence key material; cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; and deploy the geo-fence key material to a system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system comprising:
a processor and executable instructions accessible on a computer-readable medium that, when executed, cause the processor to perform operations comprising; receive a request, from a subscriber, to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication; create a geo-fence attribute set comprising; a geo-fence describing at least one geographic area; and at least one condition under which the geo-fence key material validity state will be set to valid or invalid; cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; deploy the geo-fence key material to a system. - View Dependent Claims (10, 11, 12, 13)
-
14. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication; determine whether a template is available from an authorized entity that contains a template geo-fence attribute set; responsive to a template being available; retrieve the template geo-fence attribute set from the template and set geo-fence attribute information to the retrieved template geo-fence attribute set responsive to a template not being available; retrieve geo-fence attribute information from information provided by a subscriber; create a geo-fence attribute set from the geo-fence attribute information, the geo-fence attribute set comprising; a geo-fence describing at least one geographic area; and at least one condition under which the state associated with the geo-fence key material will be set to valid and/or invalid; cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; deploy the geo-fence key material to a system of the subscriber. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification