Managing use of security keys

US 9,774,446 B1
Filed: 12/31/2012
Issued: 09/26/2017
Est. Priority Date: 12/31/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising executing, on at, least one processor, the steps of:

receiving a current request for use of a key that serves as part of a data security system, wherein the current request comprises a current location and a current time and a device identifier identifying a device associated with the current request;

upon receiving the current request, determining at least one policy pertaining to security management of the key to apply to the current request, wherein the at least one policy requires a risk analysis of the current request, further wherein the at least one policy indicates a limit that limits a number of times the key or keys that are part of the data security system can be accessed by the device or a group of devices;

applying the at least one policy to the current request, wherein the said application of the at least one policy comprises analyzing the current, location and the current time and a history in connection with previous requests;

determining a first level of riskiness in connection with the current request based on the application of the at least one policy, wherein the first level of riskiness indicates a high risk in connection with the current request; and

based on the first level of riskiness, determining to refuse permission to use the key, wherein the said determination includes creating a new limit to replace the limit in order to reduce the number of times the key or keys that are part of the data security system can be accessed by the device or the group of devices.

View all claims

18 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is used in managing use of security keys. Based on a request for use of a key that serves as part of a data security system, a set of criteria to apply to the request is determined. The set of criteria pertain to security management of the key that is subject of the request. The set of criteria is applied to the request; and a result is determined based on the application of the set of criteria.

Citations

12 Claims

1. A computer-implemented method, comprising executing, on at, least one processor, the steps of:
- receiving a current request for use of a key that serves as part of a data security system, wherein the current request comprises a current location and a current time and a device identifier identifying a device associated with the current request;
  
  upon receiving the current request, determining at least one policy pertaining to security management of the key to apply to the current request, wherein the at least one policy requires a risk analysis of the current request, further wherein the at least one policy indicates a limit that limits a number of times the key or keys that are part of the data security system can be accessed by the device or a group of devices;
  
  applying the at least one policy to the current request, wherein the said application of the at least one policy comprises analyzing the current, location and the current time and a history in connection with previous requests;
  
  determining a first level of riskiness in connection with the current request based on the application of the at least one policy, wherein the first level of riskiness indicates a high risk in connection with the current request; and
  
  based on the first level of riskiness, determining to refuse permission to use the key, wherein the said determination includes creating a new limit to replace the limit in order to reduce the number of times the key or keys that are part of the data security system can be accessed by the device or the group of devices.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein a key manager releases the key according to the policy that includes a rule that indicates that additional authentication factors are necessary.
  - 3. The method of claim 1, wherein the policy is applied in a security token.
  - 4. The method of claim 1, wherein the policy is applied in a mobile device storing the key with hardware implementing an access policy based on a third party cloud service and a trustworthy time base.
  - 5. The method of claim 1, wherein a device is directed to decrypt sensitive data encrypted under the key, and the device requests the key from a key manager for decryption.
  - 6. The method of claim 1, wherein according to the policy a device cannot get access to more than a maximum number of keys within a short time frame.

7. A system, comprising:
- a processor and memory;
  
  the system configured to;
  
  receive a current request for use of a key that serves as part of a data security system, wherein the current request comprises a current location and a current time and a device identifier identifying a device associated with the current request;
  
  upon receiving the current request, determine at least one policy pertaining to security management of the key to apply to the current request, wherein the at least one policy requires a risk analysis of the current request, further wherein the at least one policy indicates a limit that limits a number of times the key or keys that are part of the data security system can be accessed by the device or a group of devices;
  
  apply the at least one policy to the current request, wherein the said application of the at least one policy comprises analyzing the current location and the current time and a history in connection with previous requests;
  
  determine a first level of riskiness in connection with the current request based on the application of the at least one policy, wherein the first level of riskiness indicates a high risk in connection with the current request; and
  
  based on the first level of riskiness, determine to refuse permission to use the key, wherein the said determination includes creating a new limit to replace the limit in order to reduce the number of times the key or keys that are part of the data security system can be accessed by the device or the group of devices.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The system of claim 7, wherein a key manager releases the key according to the policy that includes a rule that indicates that additional authentication factors are necessary.
  - 9. The system of claim 7, wherein the policy is applied in a security token.
  - 10. The system of claim 7, wherein the policy is applied in a mobile device storing the key with hardware implementing an access policy based on a third party cloud service and a trustworthy time base.
  - 11. The system of claim 7, wherein a device is directed to decrypt sensitive data encrypted under the key, and the device requests the key from a key manager for decryption.
  - 12. The system of claim 7, wherein according to the policy a device cannot get access to more than a maximum number of keys within a short time frame.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RSA Security LLC (Symphony Technology Group LLC)
Original Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Inventors
Van Dijk, Marten E., Morneau, Todd A., Duane, William M.
Primary Examiner(s)
Simitoski, Michael

Application Number

US13/731,455
Time in Patent Office

1,730 Days
Field of Search

380277, 705 44, 726 6
US Class Current
CPC Class Codes

H04L 9/0816   Key establishment, i.e. cry...

H04L 9/083   involving central third par...

H04L 9/088   Usage controlling of secret...

H04L 9/0897   involving additional device...

Managing use of security keys

First Claim

18 Assignments

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Managing use of security keys

First Claim

18 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links