System and methods for opportunistic cryptographic key management on an electronic device
First Claim
Patent Images
1. A method for cryptographic key generation and management comprising:
- configuring a first computing device to select a cryptographic key management mode, wherein selecting the cryptographic key management mode includes dynamically selecting the cryptographic key management mode according to an option prioritization, wherein option prioritization defines a priority of available key management modes and is based on cryptographic key management policy rules;
prior to generating a cryptographic key for use by the first computing device, generating by the first computing device a security capability score of the first computing device, wherein the security capability score is based on a combination of hardware capabilities, platform enabled capabilities, and qualitative capabilities of the first computing device, wherein the security capability score is generated in part based on indirectly determined capabilities;
in response to generating the security capability score, automatically selecting the cryptographic key management mode comprising a generation mode and a storage mode, wherein the generation mode is one of an on-device generation mode, a remote cloud generation mode, and a second computing device generation mode, wherein the storage mode is one of a hardware security mode, a platform security mode, and a secured storage mode;
determining by the first computing device whether to generate the cryptographic key on the first computing device based on the security capability score of the first computing device and the selected key management mode, wherein;
(i) if the security capability score of the first computing device satisfies a threshold, then generating the cryptographic key on the first computing device, and(ii) if the security capability score of the first computing device does not satisfy the threshold, then generating the cryptographic key at a remote cloud service or at a second computing device; and
storing the cryptographic key based on the key management mode;
selectively allowing and disallowing retrieval or use of the cryptographic key based on the selected cryptographic key management mode and a security measure.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.
142 Citations
13 Claims
-
1. A method for cryptographic key generation and management comprising:
-
configuring a first computing device to select a cryptographic key management mode, wherein selecting the cryptographic key management mode includes dynamically selecting the cryptographic key management mode according to an option prioritization, wherein option prioritization defines a priority of available key management modes and is based on cryptographic key management policy rules; prior to generating a cryptographic key for use by the first computing device, generating by the first computing device a security capability score of the first computing device, wherein the security capability score is based on a combination of hardware capabilities, platform enabled capabilities, and qualitative capabilities of the first computing device, wherein the security capability score is generated in part based on indirectly determined capabilities; in response to generating the security capability score, automatically selecting the cryptographic key management mode comprising a generation mode and a storage mode, wherein the generation mode is one of an on-device generation mode, a remote cloud generation mode, and a second computing device generation mode, wherein the storage mode is one of a hardware security mode, a platform security mode, and a secured storage mode; determining by the first computing device whether to generate the cryptographic key on the first computing device based on the security capability score of the first computing device and the selected key management mode, wherein; (i) if the security capability score of the first computing device satisfies a threshold, then generating the cryptographic key on the first computing device, and (ii) if the security capability score of the first computing device does not satisfy the threshold, then generating the cryptographic key at a remote cloud service or at a second computing device; and storing the cryptographic key based on the key management mode; selectively allowing and disallowing retrieval or use of the cryptographic key based on the selected cryptographic key management mode and a security measure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCisco Technology, Inc. (Cisco Systems, Inc.)
-
Original AssigneeDuo Security Incorporated (Cisco Systems, Inc.)
-
InventorsOberheide, Jon, Song, Douglas
-
Primary Examiner(s)Hirl, Joseph P
-
Assistant Examiner(s)BEHESHTI SHIRAZI, SAYED ARESH
-
Application NumberUS14/524,758Publication NumberTime in Patent Office1,065 DaysField of Search380 44US Class CurrentCPC Class CodesH04L 9/0861 Generation of secret inform...H04L 9/0869 involving random numbers or...H04L 9/0877 using additional device, e....H04L 9/0897 involving additional device...
