Cryptographic web service
First Claim
1. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:
- at program computing equipment on which the program is implemented, calling a local cryptographic function from the program;
in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network based on an address of the cryptographic web service and a function definition for the called remote cryptographic function that are supplied to the program computing equipment from a web services registry in a web services description language file, wherein the information includes at least one data parameter;
at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally;
in response to determining that external authentication is required, before obtaining the key locally, passing authentication credentials of the program to an external authentication service for the external authentication;
after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication;
in response to determining the status of the external authentication as failing external authentication, generating an error entry in a log within the cryptographic web service;
at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required;
at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data; and
at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data.
4 Assignments
0 Petitions
Accused Products
Abstract
A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network.
32 Citations
9 Claims
-
1. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:
-
at program computing equipment on which the program is implemented, calling a local cryptographic function from the program; in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network based on an address of the cryptographic web service and a function definition for the called remote cryptographic function that are supplied to the program computing equipment from a web services registry in a web services description language file, wherein the information includes at least one data parameter; at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally; in response to determining that external authentication is required, before obtaining the key locally, passing authentication credentials of the program to an external authentication service for the external authentication; after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication; in response to determining the status of the external authentication as failing external authentication, generating an error entry in a log within the cryptographic web service; at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required; at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data; and at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data. - View Dependent Claims (2, 3, 4, 5, 7, 8, 9)
-
-
6. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:
-
at program computing equipment on which the program is implemented, calling a local cryptographic function from the program; in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network, wherein the information includes at least one data parameter, the web services interface at the program computing equipment comprises a simple object access protocol interface, and the web services interface at the cryptographic web service comprises a simple object access protocol interface; at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally; at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required; at the cryptographic web service, determining whether the locally obtained key is stored at a key cache within the cryptographic web service; at the cryptographic web service, in response to determining that the locally obtained key is not stored at the key cache within the cryptographic web service, storing the locally obtained key at the key cache within the cryptographic web service; at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data; at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data; providing parameters for the local cryptographic function from the program, wherein the parameters include the at least one data parameter; encoding the parameters with the simple object access protocol interface on the program computing equipment; transmitting the encoded parameters to the simple object access protocol interface at the cryptographic web service from the simple object access protocol interface at the program computing equipment over the communications network in accordance with an address of the cryptographic web service and a function definition for the remote cryptographic function that are supplied in a web services description language file; at the cryptographic web service, verifying authentication credentials of the program to determine whether the program is authorized to access the cryptographic web service, wherein the authentication credentials of the program comprise identification information of the program; at the cryptographic web service, in response to determining that the program is not authorized to access the cryptographic web service, generating a first error entry in a log within the cryptographic web service; receiving the encoded parameters with the simple object access protocol interface at the cryptographic web service; decoding the encoded parameters with the simple object access protocol interface at the cryptographic web service; at the cryptographic web service, calling the remote cryptographic function with the decoded parameters; in response to calling the remote cryptographic function with the decoded parameters at the cryptographic web service, performing cryptographic operations with a cryptographic engine at the cryptographic web service using the decoded parameters, wherein the decoded parameters include input data for the cryptographic engine; in response to determining that the external authentication is required, before obtaining the key locally, passing the authentication credentials of the program to an external authentication service for the external authentication; after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication; in response to determining the status of the external authentication as a failed external authentication, generating a second error entry in the log within the cryptographic web service; at the cryptographic web service, verifying whether the program is authorized to perform an encryption operation based on authentication credentials of the program and stored configuration information within the cryptographic web service, wherein the authentication credentials of the program comprise identification information of the program, and wherein the stored configuration information within the cryptographic web service comprises information on types of authentication credentials that are required from the program; and at the cryptographic web service, in response to verifying that the program is not authorized to perform the encryption operation, generating a third error entry in the log within the cryptographic web service.
-
Specification