Geo-fencing cryptographic key material
First Claim
1. A method performed by a geolocation update service for altering the status of cryptographic key material, the method comprising:
- accessing a time since a last geo-location update message was received from a system, the last geo-location update message indicating a previous location of the system;
identifying whether the last geo-location update was received within a predetermined length of time;
responsive to determining that the last geo-location update message was not received within the predetermined length of time, setting a validity state associated with cryptographic key material previously deployed to the system to a suspended state indicating that the cryptographic key material will not be honored to authenticate the system in an authenticated session;
receiving, by a processor via a network, a geo-location update message from the system identifying a current location of the system;
accessing a geo-fence attribute set associated with the cryptographic key material, the attribute set comprising geo-fence information that identifies at least one geographic region and a policy that identifies when a status of the cryptographic key material is to be set to either the suspended state where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state where the cryptographic key material will be honored to validate the system in an authenticated session;
evaluating the current location of the system relative to the geo-fence information;
responsive to the evaluation of the current location and the policy, setting the status of the cryptographic key material to the suspended state when the current location is not in compliance with the policy and setting the status of the cryptographic key material to the reinstated state when the current location is in compliance with the policy.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
-
Citations
20 Claims
-
1. A method performed by a geolocation update service for altering the status of cryptographic key material, the method comprising:
-
accessing a time since a last geo-location update message was received from a system, the last geo-location update message indicating a previous location of the system; identifying whether the last geo-location update was received within a predetermined length of time; responsive to determining that the last geo-location update message was not received within the predetermined length of time, setting a validity state associated with cryptographic key material previously deployed to the system to a suspended state indicating that the cryptographic key material will not be honored to authenticate the system in an authenticated session; receiving, by a processor via a network, a geo-location update message from the system identifying a current location of the system; accessing a geo-fence attribute set associated with the cryptographic key material, the attribute set comprising geo-fence information that identifies at least one geographic region and a policy that identifies when a status of the cryptographic key material is to be set to either the suspended state where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state where the cryptographic key material will be honored to validate the system in an authenticated session; evaluating the current location of the system relative to the geo-fence information; responsive to the evaluation of the current location and the policy, setting the status of the cryptographic key material to the suspended state when the current location is not in compliance with the policy and setting the status of the cryptographic key material to the reinstated state when the current location is in compliance with the policy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; memory coupled to the processor; instructions stored in the memory that, when executed by the processor, cause the system to; receive, by the processor via a network, a geo-location update message from a device having cryptographic key material used for authenticated communication, the geo;
location update message identifying a current location of the device;access a policy comprising; a geo-fence attribute set associated with the cryptographic key material, the geo-fence attribute set comprising a geo-fence that identifies at least one geographic region within which the cryptographic key material can be valid if a set of additional conditions are met; and the set of additional conditions representing conditions which, when combined with the current location of the device, a status of the cryptographic key material is to be set to either a suspended state where the cryptographic key material will not be honored to validate the device in an authenticated session or a reinstated state where the cryptographic key material will be honored to validate the device in an authenticated session when the device is located within the geographic region; cause the state of the cryptographic key material to be suspended if the current location of the device is outside the geographic region or if the device is located inside the geographic region and the conditions indicate the state should be suspended; and cause the state of the cryptographic key material to be reinstated if the current location of the system is within the geographic region and if the conditions indicate the state should be reinstated. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
setting a validity status associated with cryptographic key material to suspended if a prior geo-location update message comprising a previous location of a system was received longer than a predetermined time period before a current time; receive, by the processor via a network, a geo-location update message from the system identifying a current location of the system; access a policy comprising; a geo-fence attribute set associated with the cryptographic key material, the attribute set comprising a geo-fence that identifies at least one geographic region; and a set of conditions under which a status of the cryptographic key material is to be set to either a suspended state where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state where the cryptographic key material will be honored to validate the system in an authenticated session; cause the state of the cryptographic key material to be suspended if the current location of the system relative to the geo-fence or if the conditions indicate the state should be suspended; and cause the state of the cryptographic key material to be reinstated if the current location of the system relative to the geo-fence or the conditions indicate the state should be reinstated. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification