Cryptographic web service

US 9,749,301 B2
Filed: 09/04/2015
Issued: 08/29/2017
Est. Priority Date: 01/18/2007
Status: Expired due to Fees

First Claim

Patent Images

1. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:

at program computing equipment on which the program is implemented, calling a local cryptographic function from the program;

in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network based on an address of the cryptographic web service and a function definition for the called remote cryptographic function that are supplied to the program computing equipment from a web services registry in a web services description language file, wherein the information includes at least one data parameter;

at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally;

in response to determining that external authentication is required, before obtaining the key locally, passing authentication credentials of the program to an external authentication service for the external authentication;

after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication;

in response to determining the status of the external authentication as failing external authentication, generating an error entry in a log within the cryptographic web service;

at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required;

at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data; and

at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network.

32 Citations

9 Claims

1. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:
- at program computing equipment on which the program is implemented, calling a local cryptographic function from the program;
  
  in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network based on an address of the cryptographic web service and a function definition for the called remote cryptographic function that are supplied to the program computing equipment from a web services registry in a web services description language file, wherein the information includes at least one data parameter;
  
  at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally;
  
  in response to determining that external authentication is required, before obtaining the key locally, passing authentication credentials of the program to an external authentication service for the external authentication;
  
  after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication;
  
  in response to determining the status of the external authentication as failing external authentication, generating an error entry in a log within the cryptographic web service;
  
  at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required;
  
  at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data; and
  
  at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9)
- - 2. The method defined in claim 1 further comprising:
    - at the program computing equipment on which the program is implemented, generating parameters for the local cryptographic function, wherein the parameters include the at least one data parameter.
  - 3. The method defined in claim 1 wherein the web services interface at the program computing equipment comprises a simple object access protocol interface, the method further comprising:
    - at the program computing equipment on which the program is implemented, generating parameters for the local cryptographic function, wherein the parameters include the at least one data parameter; and
      
      encoding the parameters with the simple object access protocol interface on the program computing equipment.
  - 4. The method defined in claim 1 wherein the web services interface at the program computing equipment comprises a simple object access protocol interface and wherein the web services interface at the cryptographic web service comprises a simple object access protocol interface, the method further comprising:
    - at the program computing equipment on which the program is implemented, generating parameters for the local cryptographic function, wherein the parameters include the at least one data parameter;
      
      encoding the parameters with the simple object access protocol interface on the program computing equipment;
      
      receiving the encoded parameters with the simple object access protocol interface at the cryptographic web service; and
      
      decoding the encoded parameters with the simple object access protocol interface at the cryptographic web service.
  - 5. The method defined in claim 1 wherein the web services interface at the program computing equipment comprises a simple object access protocol interface and wherein the web services interface at the cryptographic web service comprises a simple object access protocol interface, the method further comprising:
    - at the program computing equipment on which the program is implemented, generating parameters for the local cryptographic function, wherein the parameters include the at least one data parameter;
      
      encoding the parameters with the simple object access protocol interface on the program computing equipment;
      
      receiving the encoded parameters with the simple object access protocol interface at the cryptographic web service;
      
      decoding the encoded parameters with the simple object access protocol interface at the cryptographic web service; and
      
      at the cryptographic web service, calling the remote cryptographic function with the decoded parameters.
  - 7. The method defined in claim 1 further comprising:
    - at the cryptographic web service, from authorization level information at the cryptographic web service, determining, for the program, a maximum allowed level of cryptographic functionality to be performed by the remote cryptographic function; and
      
      at the cryptographic web service, performing the called remote cryptographic function from the determined maximum allowed level of cryptographic functionality.
  - 8. The method defined in claim 1 further comprising:
    - at the cryptographic web service, from the program, requesting a desired level of cryptographic functionality to be performed by the remote cryptographic function;
      
      at the cryptographic web service, from authorization level information at the cryptographic web service, determining whether the program is authorized to have the cryptographic web service perform the remote cryptographic function with the desired level of cryptographic functionality; and
      
      at the cryptographic web service, if it is determined from the authorization level information at the cryptographic web service that the program is authorized to have the cryptographic web service perform the remote cryptographic function with the desired level of cryptographic functionality, performing the remote cryptographic function with the desired level of cryptographic functionality.
  - 9. The method defined in claim 1 further comprising:
    - at the cryptographic web service, from the program, requesting a desired level of cryptographic functionality to be performed by the remote cryptographic function;
      
      at the cryptographic web service, from authorization level information at the cryptographic web service, determining whether the program is authorized to have the cryptographic web service perform the remote cryptographic function with the desired level of cryptographic functionality; and
      
      at the cryptographic web service, if it is determined from the authorization level information at the cryptographic web service that the program is authorized to have the cryptographic web service perform the remote cryptographic function with the desired level of cryptographic functionality, performing the remote cryptographic function with the desired level of cryptographic functionality.

6. A method in which a program uses a cryptographic web service remotely over a communications network, comprising:
- at program computing equipment on which the program is implemented, calling a local cryptographic function from the program;
  
  in response to calling the local cryptographic function, calling a remote cryptographic function at the cryptographic web service that corresponds to the called local cryptographic function by sending information from a web services interface at the program computing equipment to a web services interface at the cryptographic web service over the communications network, wherein the information includes at least one data parameter, the web services interface at the program computing equipment comprises a simple object access protocol interface, and the web services interface at the cryptographic web service comprises a simple object access protocol interface;
  
  at the cryptographic web service, determining based on configuration information and authentication information stored within the cryptographic web service, whether external authentication is required before obtaining a key locally;
  
  at the cryptographic web service, obtaining the key locally in response to determining that external authentication is not required;
  
  at the cryptographic web service, determining whether the locally obtained key is stored at a key cache within the cryptographic web service;
  
  at the cryptographic web service, in response to determining that the locally obtained key is not stored at the key cache within the cryptographic web service, storing the locally obtained key at the key cache within the cryptographic web service;
  
  at the cryptographic web service, producing results for the called remote cryptographic function using a cryptographic engine, wherein the results are produced by the cryptographic engine using the locally obtained key, wherein the remote cryptographic function comprises encrypting the at least one data parameter to produce encrypted data;
  
  at the program computing equipment, receiving the results for the called remote cryptographic function from the cryptographic web service, wherein the results include the encrypted data;
  
  providing parameters for the local cryptographic function from the program, wherein the parameters include the at least one data parameter;
  
  encoding the parameters with the simple object access protocol interface on the program computing equipment;
  
  transmitting the encoded parameters to the simple object access protocol interface at the cryptographic web service from the simple object access protocol interface at the program computing equipment over the communications network in accordance with an address of the cryptographic web service and a function definition for the remote cryptographic function that are supplied in a web services description language file;
  
  at the cryptographic web service, verifying authentication credentials of the program to determine whether the program is authorized to access the cryptographic web service, wherein the authentication credentials of the program comprise identification information of the program;
  
  at the cryptographic web service, in response to determining that the program is not authorized to access the cryptographic web service, generating a first error entry in a log within the cryptographic web service;
  
  receiving the encoded parameters with the simple object access protocol interface at the cryptographic web service;
  
  decoding the encoded parameters with the simple object access protocol interface at the cryptographic web service;
  
  at the cryptographic web service, calling the remote cryptographic function with the decoded parameters;
  
  in response to calling the remote cryptographic function with the decoded parameters at the cryptographic web service, performing cryptographic operations with a cryptographic engine at the cryptographic web service using the decoded parameters, wherein the decoded parameters include input data for the cryptographic engine;
  
  in response to determining that the external authentication is required, before obtaining the key locally, passing the authentication credentials of the program to an external authentication service for the external authentication;
  
  after passing the authentication credentials of the program to the external authentication service for external authentication, receiving a response from the external authentication service to determine a status of the external authentication;
  
  in response to determining the status of the external authentication as a failed external authentication, generating a second error entry in the log within the cryptographic web service;
  
  at the cryptographic web service, verifying whether the program is authorized to perform an encryption operation based on authentication credentials of the program and stored configuration information within the cryptographic web service, wherein the authentication credentials of the program comprise identification information of the program, and wherein the stored configuration information within the cryptographic web service comprises information on types of authentication credentials that are required from the program; and
  
  at the cryptographic web service, in response to verifying that the program is not authorized to perform the encryption operation, generating a third error entry in the log within the cryptographic web service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
entIT Software LLC (Open Text Corporation)
Original Assignee
Voltage Security Incorporated (HP Inc.)
Inventors
Vaterlaus, Robert K., Pauker, Matthew J., Appenzeller, Guido
Primary Examiner(s)
Gergiso, Techane

Application Number

US14/846,649
Publication Number

US 20150381585A1
Time in Patent Office

725 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/0435   wherein the sending and rec...

H04L 63/0485   Networking architectures fo...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/08   for authentication of entit...

H04L 67/51   Discovery or management the...

Cryptographic web service

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Cryptographic web service

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links