Enhancing provisioning for keygroups using key management interoperability protocol (KMIP)
    1.
    发明申请
    Enhancing provisioning for keygroups using key management interoperability protocol (KMIP) 审中-公开
    使用密钥管理互操作协议(KMIP)增强密钥组的配置

    公开(公告)号:US20130044882A1

    公开(公告)日:2013-02-21

    申请号:US13213191

    申请日:2011-08-19

    IPC分类号: H04L9/08

    CPC分类号: H04L9/0833 H04L9/088

    摘要: A key management protocol (such as Key Management Interoperability Protocol (KMIP)) is extended via set of one or more custom attributes to provide a mechanism by which clients pass additional metadata to facilitate enhanced key provisioning operations by a key management server. The protocol comprises objects, operations, and attributes. Objects are the cryptographic material (e.g., symmetric keys, asymmetric keys, digital certificates and so on) upon which operations are performed. Operations are the actions taken with respect to the objects, such as getting an object from a key management server, modifying attributes of an object and the like. Attributes are the properties of the object, such as the kind of object it is, the unique identifier for the object, and the like. According to this disclosure, a first custom server attribute has a value that specifies a keygroup name that can be used by the key management server to locate (e.g., during a Locate operation) key material associated with a named keygroup. A second custom server attribute has a value that specifies a keygroup name into which key material should be registered (e.g., during a Register operation) by the server. A third custom server attribute has a value that specifies a default keygroup that the server should use for the device passing a request that include the attribute. Using these one or more custom server attributes, the client taps into and consumes/contributes to the key management server's provisioning machinery.

    摘要翻译: 密钥管理协议(例如密钥管理互操作性协议(KMIP))通过一组或多个自定义属性进行扩展,以提供客户机通过附加元数据以促进密钥管理服务器的增强密钥提供操作的机制。 协议包括对象,操作和属性。 对象是执行操作的加密材料(例如,对称密钥,非对称密钥,数字证书等)。 操作是针对对象采取的操作,例如从密钥管理服务器获取对象,修改对象的属性等。 属性是对象的属性,例如对象的种类,对象的唯一标识符等。 根据本公开,第一自定义服务器属性具有指定密钥组名称的值,该密钥组名称可以由密钥管理服务器用来定位(例如,在定位操作期间)与命名密钥组相关联的密钥材料。 第二个自定义服务器属性具有指定密钥组名称的值,服务器应在其中注册密钥材料(例如,在注册操作期间)。 第三个自定义服务器属性具有一个值,该值指定服务器应用于传递包含该属性的请求的设备的默认密钥组。 使用这些一个或多个自定义服务器属性,客户端轻击并消费/贡献给密钥管理服务器的配置机制。

    Extending credential type to group key management interoperability protocol (KMIP) clients
    2.
    发明申请
    Extending credential type to group key management interoperability protocol (KMIP) clients 有权
    将凭证类型扩展到组密钥管理互操作性协议(KMIP)客户端

    公开(公告)号:US20130044878A1

    公开(公告)日:2013-02-21

    申请号:US13213161

    申请日:2011-08-19

    IPC分类号: H04L9/00 H04L9/32

    摘要: A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.

    摘要翻译: 扩展密钥管理协议(如KMIP)以提供扩展凭证类型,以将信息从客户端传递到服务器,以使服务器能够推断出各个客户端的预先配置的加密材料。 优选地,KMIP客户端代码将密码管理服务器的设备信息以流向服务器的KMIP请求的头部的值传送。 以这种方式,KMIP请求与特定设备或设备组的预先配置的加密材料相关联。

    Extending credential type to group Key Management Interoperability Protocol (KMIP) clients
    3.
    发明授权
    Extending credential type to group Key Management Interoperability Protocol (KMIP) clients 有权
    将凭证类型扩展到组密钥管理互操作性协议(KMIP)客户端

    公开(公告)号:US08798273B2

    公开(公告)日:2014-08-05

    申请号:US13213161

    申请日:2011-08-19

    摘要: A key management protocol (such as KMIP) is extended to provide an extended credential type to pass information from clients to the server to enable the server to deduce pre-provisioned cryptographic materials for the individual clients. Preferably, KMIP client code communicates device information to a key management server in a value in the headers of KMIP requests that flow to the server. In this manner, KMIP requests are associated with pre-provisioned cryptographic materials for particular devices or device groups.

    摘要翻译: 扩展密钥管理协议(如KMIP)以提供扩展凭证类型,以将信息从客户端传递到服务器,以使服务器能够推断出各个客户端的预先配置的加密材料。 优选地,KMIP客户端代码将密码管理服务器的设备信息以流向服务器的KMIP请求的头部的值传送。 以这种方式,KMIP请求与特定设备或设备组的预先配置的加密材料相关联。