Rule-based validity of cryptographic key material
First Claim
1. A method for altering the status of cryptographic key material, the method comprising:
- receiving, by a processor via a network, a rule evaluation message from a system having presently deployed cryptographic key material used for authenticated communication, the rule evaluation message including information to allow the recipient to determine compliance with at least one rule included in a rule based attribute set associated with the presently deployed cryptographic key material;
accessing the rule based attribute set associated with the presently deployed cryptographic key material;
evaluating compliance of the system with the at least one rule;
responsive to the evaluation of the at least one rule, setting a status of the cryptographic key material to either a suspended state when the system is not in compliance with the at least one rule where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state when the system is in compliance with the at least one rule where the cryptographic key material will be honored to validate the system in an authenticates session.
7 Assignments
0 Petitions
Accused Products
Abstract
In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
-
Citations
20 Claims
-
1. A method for altering the status of cryptographic key material, the method comprising:
-
receiving, by a processor via a network, a rule evaluation message from a system having presently deployed cryptographic key material used for authenticated communication, the rule evaluation message including information to allow the recipient to determine compliance with at least one rule included in a rule based attribute set associated with the presently deployed cryptographic key material; accessing the rule based attribute set associated with the presently deployed cryptographic key material; evaluating compliance of the system with the at least one rule; responsive to the evaluation of the at least one rule, setting a status of the cryptographic key material to either a suspended state when the system is not in compliance with the at least one rule where the cryptographic key material will not be honored to validate the system in an authenticated session or a reinstated state when the system is in compliance with the at least one rule where the cryptographic key material will be honored to validate the system in an authenticates session. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising:
-
a processor; memory coupled to the processor; instructions stored in the memory that, when executed by the processor, cause the system to; receive, by a processor via a network, a rule evaluation message from a device having presently deployed cryptographic key material used for authenticated communication; access a rule based attribute set associated with the cryptographic key material comprising; a first rule set including a first rule; a second rule set a second rule; conditions under which the device is in compliance with the first rule; and conditions under which the device is in compliance with the second rule; evaluate compliance of the device with at least the first rule or the second rule; and responsive to the evaluation, causing the status of the cryptographic key material to be set to either a suspended state or a reinstated state. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A machine-readable medium having executable instructions encoded thereon, which, when executed by at least one processor of a machine, cause the machine to perform operations comprising:
-
access a rule based attribute set associated with presently deployed rule based key material comprising the attribute set and related cryptographic key information, the rule based attribute set comprising a first rule set comprising at least one of a timing schedule, quorum information and geo-fence information, the first rule set defining conditions under which the cryptographic key information will be honored for authenticated communication by a first system with a second system; evaluate compliance of the first system with the first rule set; and responsive to the evaluation, cause the status of the cryptographic key material to be set to either a suspended state or a reinstated state such that the first system can initiate authenticated communications when the first system is in compliance with the first rule set and the first system cannot initiate authenticated communications when the first system is not in compliance with the first rule set. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification