Geo-fencing cryptographic key material

US 9,654,922 B2
Filed: 03/21/2014
Issued: 05/16/2017
Est. Priority Date: 03/21/2014
Status: Active Grant

First Claim

Patent Images

1. A method executed by a system having cryptographic key material used for authenticated communications comprising:

storing, by the system in a machine-readable media, a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which the cryptographic key material will be honored for authenticated communications;

associating the geo-fence attribute set with the cryptographic key material used for authenticated communications;

creating a geo-location update message comprising a current geographic location of the system; and

sending the geo-location update message, over a digital network, to a geo-location update service which ascertains whether to change a validity state of the cryptographic key material to suspended when the current geographic location is outside the at least one geographic region and to reinstated when the current geographic location is inside the at least one geographic location and to a default state when the current geographic location is unknown for a period of time.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.

Citations

20 Claims

1. A method executed by a system having cryptographic key material used for authenticated communications comprising:
- storing, by the system in a machine-readable media, a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which the cryptographic key material will be honored for authenticated communications;
  
  associating the geo-fence attribute set with the cryptographic key material used for authenticated communications;
  
  creating a geo-location update message comprising a current geographic location of the system; and
  
  sending the geo-location update message, over a digital network, to a geo-location update service which ascertains whether to change a validity state of the cryptographic key material to suspended when the current geographic location is outside the at least one geographic region and to reinstated when the current geographic location is inside the at least one geographic location and to a default state when the current geographic location is unknown for a period of time.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising evaluating a geo-location relative to the geo-fence and including results of the evaluation in the geo-location update message.
  - 3. The method of claim 2 wherein the geo-location update message comprises information to determine validity of the evaluation.
  - 4. The method of claim 1 wherein the default state is invalid.
  - 5. The method of claim 1 further comprising opening a secure connection to the geo-location update service.
  - 6. The method of claim 1 further comprising delegating creating the geo-location update message to a geo-aware device.
  - 7. The method of claim 1, further comprising causing a geo-aware device to create the geo-location update message using a short range wireless technology.

8. A system comprising:
- a processor and executable instructions accessible on a machine-readable medium that, when executed, cause the processor to perform operations comprising;
  
  store a geo-fence attribute set comprising geo-fence information defining at least one geographic region within which cryptographic key material will be honored for authenticated communications;
  
  associate the geo-fence attribute set with cryptographic key material used for authenticated communications;
  
  create a geo-location update message comprising a current geographic location of the system; and
  
  send the geo-location update message to a geo-location update service which evaluates a revocation status of the cryptographic key material and;
  
  sets the revocation status to a default state when the current geographic location is unknown for a pre-defined time interval;
  
  sets the revocation status to reinstated when the current geographic location is within the at least one geographic region; and
  
  sets the revocation status to suspended when the current geographic location is outside the at least one geographic region.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The system of claim 8, wherein the geo-fence attribute set further comprises a Uniform Resource Identifier (URI) of the geo-location update service.
  - 10. The system of claim 8 wherein the geographic location of the system is encrypted and wherein the geo-fence attribute set further comprises an identity of a delegate to decrypt the geographic location.
  - 11. The system of claim 8 wherein the creation of the geographic update message is delegated to an associated geo-aware device.
  - 12. The system of claim 11 wherein the associated geo-aware device utilizes a short range wireless communication technology to communicate with the system and wherein the creation of the geographic update message is only delegated while the geo-aware device and the system are in communication using the short range wireless communication technology.

13. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a system machine, cause the system machine to perform operations comprising:
- access a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which cryptographic key material will be honored for authenticated communications;
  
  associate the geo-fence attribute set with cryptographic key material used for authenticated communications;
  
  create a geo-location update message comprising a current geographic location of the system;
  
  open a secure communication link to a geo-location update service; and
  
  send the geo-location update message to the geo-location update service via the secure communication link which;
  
  changes a validity state with the cryptographic material to reinstated when the current geo-location is within the at least one geographic region;
  
  changes the validity state associated with the cryptographic material to suspended when the current geo-location is outside the at least one geographic region; and
  
  which sets the validity state to suspended when the geo-location update message has not been received within a period of time.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The machine-readable medium of claim 13 wherein geo-fence attribute set further comprises a policy that identifies when the validity state of the cryptographic key material is to be set to either suspended where the cryptographic key material will not be honored to validate the system in an authenticated session or reinstated where the cryptographic key material will be honored to validate the system in an authenticated session.
  - 15. The machine-readable medium of claim 13 wherein the policy comprises a schedule that indicates the period of time.
  - 16. The machine-readable medium of claim 13 wherein to associate the geo-fence attribute set and the cryptographic key material, the executable instructions cause the system to perform operations comprising:
    - initiate creation of a certificate comprising the geo-fence attribute set and at least a portion of the cryptographic key material.
  - 17. The machine-readable medium of claim 13 wherein to associate the geo-fence attribute set and the cryptographic key material, the executable instructions cause the system to perform operations comprising:
    - initiate storage of the geo-fence attribute set on the system in at least one of either as part of a Secure Shell (SSH) private use header or as part of SSH key options.
  - 18. The machine-readable medium of claim 17 wherein the geolocation update message comprises results of an evaluation of the current geographic location of the system relative to the geo-fence.
  - 19. The machine-readable medium of claim 18 wherein the geo-location update message comprises information to allow the recipient of the geo-location update message to validate the evaluation.
  - 20. The machine-readable medium of claim 13 wherein the executable instructions cause the system to perform further operations comprising:
    - delegate creation of the geo-location update message to a second system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Venafi,Inc.
Original Assignee
Venafi,Inc.
Inventors
Ronca, Remo
Primary Examiner(s)
King, John B

Application Number

US14/221,919
Publication Number

US 20150271154A1
Time in Patent Office

1,152 Days
Field of Search

713618
US Class Current
CPC Class Codes

H04L 2209/80   Wireless

H04L 63/0428   wherein the data content is...

H04L 63/062   for key distribution, e.g. ...

H04L 63/107   wherein the security polici...

H04L 9/0872   using geo-location informat...

H04L 9/0891   Revocation or update of sec...

H04L 9/3226   using a predetermined code,...

H04L 9/3268   using certificate validatio...

H04W 12/03   Protecting confidentiality,...

H04W 12/0433   Key management protocols

H04W 12/069   using certificates or pre-s...

H04W 12/64   using geofenced areas

H04W 4/021   Services related to particu...

Geo-fencing cryptographic key material

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Geo-fencing cryptographic key material

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links