System and method for encryption key management, federation and distribution
Abstract
Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method, comprising:
generating a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and processing the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
requesting one or more of the at least one security object from one or more key sources; and
determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and
distributing the one or more of the at least one security object to one of the at least one device.
2 . The method of claim 1 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a communication transaction between a first device of the at least one device and a second device of the at least one device.
3 . The method of claim 1 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a device of the at least one device.
4 . The method of claim 1 , wherein the at least one device comprises a plurality of devices, and the command queue correspond to multiple key sources issuing the at least one security object to the plurality of devices.
5 . The method of claim 1 , wherein the command queue is generated in response to determining a key management event.
6 . The method of claim 5 , wherein the key management event is determined periodically based on time.
7 . The method of claim 5 , wherein the key management event comprises detecting a cyber-attack, security breach, or change to the at least one policy.
8 . The method of claim 1 , comprising storing the plurality of commands in a database.
9 . The method of claim 1 , comprising:
determining that a device of the at least one device is inactive; and in response to determining that the device is inactive, storing a command of the plurality of commands in a database, the command is for key management for the device.
10 . A server, comprising:
a memory; a processor coupled to the memory, wherein the processor is configured to:
generate a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and
process the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
requesting one or more of the at least one security object from one or more key sources;
determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and
distributing the one or more of the at least one security object to one of the at least one device.
11 . The server of claim 10 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a communication transaction between a first device of the at least one device and a second device of the at least one device.
12 . The server of claim 10 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a device of the at least one device.
13 . The server of claim 10 , wherein the at least one device comprises a plurality of devices, and the command queue correspond to multiple key sources issuing the at least one security object to the plurality of devices.
14 . The server of claim 10 , wherein the command queue is generated in response to determining a key management event.
15 . The server of claim 14 , wherein the key management event is determined periodically based on time.
16 . The server of claim 14 , wherein the key management event comprises detecting a cyber-attack, security breach, or change to the at least one policy.
17 . The server of claim 10 , wherein the processor is configured to store the plurality of commands in a database.
18 . The server of claim 10 , comp wherein the processor is configured to rising:
determine that a device of the at least one device is inactive; and in response to determining that the device is inactive, store a command of the plurality of commands in a database, the command is for key management for the device.
19 . A non-transitory computer-readable medium comprising computer-readable instructions, such that, when executed, causes a processor to:
generate a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and process the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
requesting one or more of the at least one security object from one or more key sources;
determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and
distributing the one or more of the at least one security object to one of the at least one device.
20 . The non-transitory computer-readable medium of claim 19 , wherein the processor is caused to:
determine that a device of the at least one device is inactive; and in response to determining that the device is inactive, store a command of the plurality of commands in a database, the command is for key management for the device.Join the waitlist — get patent alerts
Track US2023083120A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.