US2023083120A1PendingUtilityA1

System and method for encryption key management, federation and distribution

Assignee: FORNETIX LLCPriority: Oct 7, 2013Filed: Oct 17, 2022Published: Mar 16, 2023
Est. expiryOct 7, 2033(~7.2 yrs left)· nominal 20-yr term from priority
H04L 63/20H04L 63/062G06F 16/245
72
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods are described for orchestrating a security object, including, for example, defining and storing a plurality of policies in a database coupled to a policy engine and receiving, by the policy engine, the security object and at least one object attribute associated with the security object. In addition, the policy engine determines the acceptability of the security object based, at least in part, on the at least one object attribute and at least one of the plurality of policies corresponding to the at least one object attribute. The security object to at least one communication device associated with the policy engine is distributed when the security object is determined to be acceptable. The at least one communication device establishes communication based, at least in part, on the security object.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method, comprising:
 generating a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and   processing the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
 requesting one or more of the at least one security object from one or more key sources; and 
 determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and 
 distributing the one or more of the at least one security object to one of the at least one device. 
   
     
     
         2 . The method of  claim 1 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a communication transaction between a first device of the at least one device and a second device of the at least one device. 
     
     
         3 . The method of  claim 1 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a device of the at least one device. 
     
     
         4 . The method of  claim 1 , wherein the at least one device comprises a plurality of devices, and the command queue correspond to multiple key sources issuing the at least one security object to the plurality of devices. 
     
     
         5 . The method of  claim 1 , wherein the command queue is generated in response to determining a key management event. 
     
     
         6 . The method of  claim 5 , wherein the key management event is determined periodically based on time. 
     
     
         7 . The method of  claim 5 , wherein the key management event comprises detecting a cyber-attack, security breach, or change to the at least one policy. 
     
     
         8 . The method of  claim 1 , comprising storing the plurality of commands in a database. 
     
     
         9 . The method of  claim 1 , comprising:
 determining that a device of the at least one device is inactive; and   in response to determining that the device is inactive, storing a command of the plurality of commands in a database, the command is for key management for the device.   
     
     
         10 . A server, comprising:
 a memory;   a processor coupled to the memory, wherein the processor is configured to:
 generate a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and 
 process the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
 requesting one or more of the at least one security object from one or more key sources; 
 determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and 
 distributing the one or more of the at least one security object to one of the at least one device. 
 
   
     
     
         11 . The server of  claim 10 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a communication transaction between a first device of the at least one device and a second device of the at least one device. 
     
     
         12 . The server of  claim 10 , wherein each of the plurality of commands corresponds to providing the at least one security objection for a device of the at least one device. 
     
     
         13 . The server of  claim 10 , wherein the at least one device comprises a plurality of devices, and the command queue correspond to multiple key sources issuing the at least one security object to the plurality of devices. 
     
     
         14 . The server of  claim 10 , wherein the command queue is generated in response to determining a key management event. 
     
     
         15 . The server of  claim 14 , wherein the key management event is determined periodically based on time. 
     
     
         16 . The server of  claim 14 , wherein the key management event comprises detecting a cyber-attack, security breach, or change to the at least one policy. 
     
     
         17 . The server of  claim 10 , wherein the processor is configured to store the plurality of commands in a database. 
     
     
         18 . The server of  claim 10 , comp wherein the processor is configured to rising:
 determine that a device of the at least one device is inactive; and   in response to determining that the device is inactive, store a command of the plurality of commands in a database, the command is for key management for the device.   
     
     
         19 . A non-transitory computer-readable medium comprising computer-readable instructions, such that, when executed, causes a processor to:
 generate a command queue comprising a plurality of commands, the plurality of commands comprise providing at least one security object to at least one device; and   process the command queue, wherein processing the command queue comprises, for each of the plurality of commands:
 requesting one or more of the at least one security object from one or more key sources; 
 determining whether the one or more of the at least one security object is secure for encrypting data based, at least in part, on at least one of a plurality of policies; and 
 distributing the one or more of the at least one security object to one of the at least one device. 
   
     
     
         20 . The non-transitory computer-readable medium of  claim 19 , wherein the processor is caused to:
 determine that a device of the at least one device is inactive; and   in response to determining that the device is inactive, store a command of the plurality of commands in a database, the command is for key management for the device.

Join the waitlist — get patent alerts

Track US2023083120A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.