Centralized policy management for security keys

摘要

Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into key sets and trust sets. Policies may apply at any level within the key store. Policies and associated keys may be grouped and organized to manage groups of keys according to common policies and to present complex relationships to a user. Lower level keys may inherit policy properties from higher levels. Higher levels may be locked to preclude changes at lower levels. Policies may include a variety of properties/fields to facilitate key management. Policies may determine what actions are taken with respect to a key or group of keys.

主权项

1. A method comprising:
receiving, using a centralized key management system, key file information associated with a plurality of keys; storing, by the centralized key management system, the key file information in a plurality of key objects, such that each key object contains information associated with one of the plurality of keys; associating the plurality of key objects with at least one key set object such that each of the at least one key set objects has at least one associated key object resulting in at least one hierarchy of objects defined by each of the at least one key set objects and its at least one associated key object, each of the at least one key set objects representing a group of keys that are managed together; and associating at least one policy object with each of the at least one key set objects, the at least one policy object defining parameters to manage the group of keys represented by the associated key set object.