System and methods for opportunistic cryptographic key management on an electronic device
First Claim
Patent Images
1. A method for cryptographic key generation, the method comprising:
- configuring a computing device to;
(a) select a cryptographic key generation mode among a plurality of cryptographic key generation modes, wherein the plurality of cryptographic key generation modes includes, at least, a first cryptographic key generation mode and a second cryptographic key generation mode, wherein the first and second cryptographic key generation modes are different, and(b) execute a cryptographic key generation according to the selected cryptographic key generation mode;
performing, by the computing device, a self-assessment of capabilities of the computing device to generate a cryptographic key that is useable by the computing device, wherein the self-assessment indicates a level of cryptographic key generation of a plurality of levels of cryptographic key generation, wherein performing the self-assessment by the computing device includes;
analyzing hardware compute processing capabilities and/or software computing features of the computing device, andusing results of the analyzing to generate a cryptographic key generation capability level of the computing device; and
identifying a minimum-security capability threshold, wherein;
(i) when the cryptographic key generation capability level satisfies the minimum-security capability threshold, selecting by the computing device the first cryptographic key generation mode, and(ii) when the cryptographic key generation capability level does not satisfy the minimum-security capability threshold, selecting by the computing device the second cryptographic key generation mode; and
generating the cryptographic key according to the selected cryptographic key generation mode.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for opportunistic cryptographic key management includes generating a security capability assessment on a first electronic device based on security capabilities of the device, selecting a key management mode based on the security capability assessment, generating a cryptographic key based on the key management mode, and storing the cryptographic key based on the key management mode.
-
Citations
20 Claims
-
1. A method for cryptographic key generation, the method comprising:
-
configuring a computing device to; (a) select a cryptographic key generation mode among a plurality of cryptographic key generation modes, wherein the plurality of cryptographic key generation modes includes, at least, a first cryptographic key generation mode and a second cryptographic key generation mode, wherein the first and second cryptographic key generation modes are different, and (b) execute a cryptographic key generation according to the selected cryptographic key generation mode; performing, by the computing device, a self-assessment of capabilities of the computing device to generate a cryptographic key that is useable by the computing device, wherein the self-assessment indicates a level of cryptographic key generation of a plurality of levels of cryptographic key generation, wherein performing the self-assessment by the computing device includes; analyzing hardware compute processing capabilities and/or software computing features of the computing device, and using results of the analyzing to generate a cryptographic key generation capability level of the computing device; and identifying a minimum-security capability threshold, wherein; (i) when the cryptographic key generation capability level satisfies the minimum-security capability threshold, selecting by the computing device the first cryptographic key generation mode, and (ii) when the cryptographic key generation capability level does not satisfy the minimum-security capability threshold, selecting by the computing device the second cryptographic key generation mode; and generating the cryptographic key according to the selected cryptographic key generation mode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for cryptographic key storage, the method comprising:
-
configuring a computing device to; (a) select a cryptographic key storage mode among a plurality of cryptographic key storage modes, wherein the plurality of cryptographic key storage modes includes, at least, a first cryptographic key storage mode and a second cryptographic key storage mode, wherein the first and second cryptographic key storage modes are different, and (b) execute a cryptographic key storage according to the selected cryptographic key storage mode; performing, by the computing device, a self-assessment of capabilities of the computing device to store a cryptographic key that is useable by the computing device, wherein the self-assessment indicates a level of cryptographic key storage of a plurality of levels of cryptographic key storage, wherein performing the self-assessment by the computing device includes; analyzing hardware compute storage capabilities and/or software storage features of the computing device, and using results of the analyzing to generate a cryptographic key storage capability level of the computing device; and identifying a minimum-security capability threshold, wherein; (i) when the cryptographic key storage capability level satisfies the minimum-security capability threshold, selecting by the computing device the first cryptographic key storage mode, and (ii) when the cryptographic key storage capability level does not satisfy the minimum-security capability threshold, selecting by the computing device the second cryptographic key storage mode; and storing the cryptographic key according to the selected cryptographic key storage mode.
-
-
20. A system for cryptographic key generation and storage with a limited computing device, the system comprising:
-
a multi-factor authentication service; a cryptographic key management system, wherein the cryptographic key management system enables a computing device to dynamically select a cryptographic key generation mode and a cryptographic key storage mode; a device capability profiler that tests and analyzes attributes and cryptographic key generation and storage capabilities of the computing device to determine capabilities of the computing device for generating and storing a cryptographic key, wherein; (i) during an instantiation of the key management system on the computing device, determining a cryptographic key capability level among a plurality of cryptographic key capability levels of the computing device; (ii) using a key generation request to determine a minimum cryptographic key capability level threshold, wherein the key generation request includes the minimum cryptographic key capability level threshold; (iii) when the cryptographic key capability level satisfies the minimum cryptographic key capability level threshold, selecting by the computing device a first cryptographic key generation and storage mode, wherein the first cryptographic key generation mode comprises generating and/or storing a cryptographic key using the computing device; (iv) when the cryptographic key capability level does not satisfy the minimum cryptographic key capability level threshold, selecting by the computing device the second cryptographic key generation and storage mode, wherein the second cryptographic key generation mode comprises generating and/or storing the cryptographic key using a remote computing device; and (v) generating and storing the cryptographic key according to the selected cryptographic key storage mode.
-
Specification