Geo-fencing cryptographic key material
First Claim
1. A method executed by a system having cryptographic key material used for authenticated communications comprising:
- storing, by the system in a machine-readable media, a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which the cryptographic key material will be honored for authenticated communications;
associating the geo-fence attribute set with the cryptographic key material used for authenticated communications;
creating a geo-location update message comprising a current geographic location of the system; and
sending the geo-location update message, over a digital network, to a geo-location update service which ascertains whether to change a validity state of the cryptographic key material to suspended when the current geographic location is outside the at least one geographic region and to reinstated when the current geographic location is inside the at least one geographic location and to a default state when the current geographic location is unknown for a period of time.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
-
Citations
20 Claims
-
1. A method executed by a system having cryptographic key material used for authenticated communications comprising:
-
storing, by the system in a machine-readable media, a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which the cryptographic key material will be honored for authenticated communications; associating the geo-fence attribute set with the cryptographic key material used for authenticated communications; creating a geo-location update message comprising a current geographic location of the system; and sending the geo-location update message, over a digital network, to a geo-location update service which ascertains whether to change a validity state of the cryptographic key material to suspended when the current geographic location is outside the at least one geographic region and to reinstated when the current geographic location is inside the at least one geographic location and to a default state when the current geographic location is unknown for a period of time. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor and executable instructions accessible on a machine-readable medium that, when executed, cause the processor to perform operations comprising; store a geo-fence attribute set comprising geo-fence information defining at least one geographic region within which cryptographic key material will be honored for authenticated communications; associate the geo-fence attribute set with cryptographic key material used for authenticated communications; create a geo-location update message comprising a current geographic location of the system; and send the geo-location update message to a geo-location update service which evaluates a revocation status of the cryptographic key material and; sets the revocation status to a default state when the current geographic location is unknown for a pre-defined time interval; sets the revocation status to reinstated when the current geographic location is within the at least one geographic region; and sets the revocation status to suspended when the current geographic location is outside the at least one geographic region. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a system machine, cause the system machine to perform operations comprising:
-
access a geo-fence attribute set comprising a geo-fence defining at least one geographic region within which cryptographic key material will be honored for authenticated communications; associate the geo-fence attribute set with cryptographic key material used for authenticated communications; create a geo-location update message comprising a current geographic location of the system; open a secure communication link to a geo-location update service; and send the geo-location update message to the geo-location update service via the secure communication link which; changes a validity state with the cryptographic material to reinstated when the current geo-location is within the at least one geographic region; changes the validity state associated with the cryptographic material to suspended when the current geo-location is outside the at least one geographic region; and which sets the validity state to suspended when the geo-location update message has not been received within a period of time. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification