Geo-fencing cryptographic key material

US 9,647,998 B2
Filed: 03/21/2014
Issued: 05/09/2017
Est. Priority Date: 03/21/2014
Status: Active Grant

First Claim

Patent Images

1. A method for altering the status of cryptographic key material, the method comprising:

receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication;

create a geo-fence attribute set comprising;

a geo-fence describing at least one geographic area;

a policy containing at least one condition under which the validity state is valid for authentication or invalid for authentication; and

a delegate identifier identifying at least one entity authorized to perform a task on behalf of the holder of the geo-fence key material;

cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; and

deploy the geo-fence key material to a system.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

39 Citations

View as Search Results

20 Claims

1. A method for altering the status of cryptographic key material, the method comprising:
- receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication;
  
  create a geo-fence attribute set comprising;
  
  a geo-fence describing at least one geographic area;
  
  a policy containing at least one condition under which the validity state is valid for authentication or invalid for authentication; and
  
  a delegate identifier identifying at least one entity authorized to perform a task on behalf of the holder of the geo-fence key material;
  
  cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material; and
  
  deploy the geo-fence key material to a system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - determining whether template information is available;
      
      responsive to template information being available, utilizing the template information to create the geo-fence attribute set.
  - 3. The method of claim 1 wherein the at least one condition comprises a time period and wherein the status of the geo-fence key material is set to suspended if a geo-location update message was not received during the time period.
  - 4. The method of claim 1 further comprising receive a request to determine a state of the geo-fence key material and identify whether the state is suspended or reinstated.
  - 5. The method of claim 4 wherein determining the state of the geo-fence key material comprises evaluating conditions defined in the geo-fence attribute set that identify when the state of the geo-fence key material should be suspended and when the state of the geo-fence key material should be reinstated.
  - 6. The method of claim 5 wherein the conditions comprise whether the system resides inside or outside the geo-fence.
  - 7. The method of claim 1, wherein causing the association between the cryptographic key material and the geo-fence attribute set comprises creating a certificate.
  - 8. The method of claim 1, wherein causing the association between the cryptographic key material and the geo-fence attribute set comprises causing storage of the geo-fence key material on the system.

9. A system comprising:
- a processor and executable instructions accessible on a computer-readable medium that, when executed, cause the processor to perform operations comprising;
  
  receive a request, from a subscriber, to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication;
  
  create a geo-fence attribute set comprising;
  
  a geo-fence describing at least one geographic area; and
  
  at least one condition under which the geo-fence key material validity state will be set to valid or invalid;
  
  cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material;
  
  deploy the geo-fence key material to a system.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein the operations further comprise accessing a template comprising the geo-fence attribute set, the template provided by an authorized entity separate from the subscriber.
  - 11. The system of claim 9 wherein the at least one condition is part of a policy that defines when the validity state of the geo-fence key material is set to invalid and/or when the state of the geo-fence key material is set to valid.
  - 12. The system of claim 9 wherein the instructions further cause the system to:
    - receive a request to set a state of the geo-fence key material to suspended or to set the state of the geo-fence key material to reinstated.
  - 13. The system of claim 9 wherein the instructions further cause the system to:
    - receive a message that triggers;
      
      evaluation of a state of the geo-fence key material; and
      
      responsive to the evaluation, sets the state to suspended or to reinstated.

14. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
- receive a request to create a geo-fence key material used to authenticate a first system to a second system, the geo-fence key material having an associated validity state identifying whether the geo-fence key material is valid for authentication or invalid for authentication;
  
  determine whether a template is available from an authorized entity that contains a template geo-fence attribute set;
  
  responsive to a template being available;
  
  retrieve the template geo-fence attribute set from the template and set geo-fence attribute information to the retrieved template geo-fence attribute set responsive to a template not being available;
  
  retrieve geo-fence attribute information from information provided by a subscriber;
  
  create a geo-fence attribute set from the geo-fence attribute information, the geo-fence attribute set comprising;
  
  a geo-fence describing at least one geographic area; and
  
  at least one condition under which the state associated with the geo-fence key material will be set to valid and/or invalid;
  
  cause an association between the geo-fence attribute set and cryptographic key material to create the geo-fence key material;
  
  deploy the geo-fence key material to a system of the subscriber.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The machine-readable medium of claim 14 wherein the at least one condition is part of a policy that identifies when a status of the cryptographic key material is to be set to either a suspended state where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state where the cryptographic key material will be honored to validate the system in an authenticates session.
  - 16. The machine-readable medium of claim 14 wherein to deploy the geo-fence key material to the system, the executable instructions cause the machine to perform operations comprising:
    - cause storage of the geo-fence attribute set on the system at least one of either an SSH private use header or as part of SSH key options.
  - 17. The machine-readable medium of claim 14 wherein to cause the association between the geo-fence attribute set and the cryptographic key material, the executable instructions cause the machine to perform operations comprising create a certificate comprising the geo-fence attribute set and at least a portion of the cryptographic key material.
  - 18. The machine-readable medium of claim 14 wherein the executable instructions cause the machine to perform further operations comprising:
    - receive a request to change the validity status of the geo-fence key material to a state indicating the cryptographic key material will not be honored to validate the system in an authenticated session.
  - 19. The machine-readable medium of claim 17 wherein the executable instructions cause the machine to perform further operations comprising:
    - receive a request to change the validity status of the geo-fence key material to a state indicating the cryptographic key material will be honored to validate the system in an authenticated session.
  - 20. The machine-readable medium of claim 18 wherein the executable instructions cause the machine to perform at least one further operations comprising:
    - remove an identifier associated with the cryptographic key material on a second system;
      
      orreplace the identifier associated with the cryptographic key material on the second system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Venafi,Inc.
Original Assignee
Venafi,Inc.
Inventors
Ronca, Remo
Primary Examiner(s)
Gee, Jason K

Application Number

US14/221,981
Publication Number

US 20150271155A1
Time in Patent Office

1,145 Days
Field of Search

713168
US Class Current
CPC Class Codes

H04L 63/0492   by using a location-limited...

H04L 63/062   for key distribution, e.g. ...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/0876   based on the identity of th...

H04L 63/107   wherein the security polici...

H04L 9/0872   using geo-location informat...

H04L 9/321   involving a third party or ...

H04L 9/3263   involving certificates, e.g...

H04W 12/041   Key generation or derivation

H04W 4/021   Services related to particu...

H04W 4/80   Services using short range ...

Geo-fencing cryptographic key material

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

39 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Geo-fencing cryptographic key material

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links