| 发明名称 | Key usage policies for cryptographic keys | ||
| 摘要 | A computer program product for secure key management is provided. The computer program product includes a tangible storage medium readable by a processing circuit and storing instructions for execution by the processing circuit for creating a token and populating the token with key material, and binding key control information to the key material. The key control information includes information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material. | ||
| 申请公布号 | US8789210(B2) | 申请公布日期 | 2014.07.22 |
| 申请号 | US201113100693 | 申请日期 | 2011.05.04 |
| 申请人 | International Business Machines Corporation | 发明人 | Arnold Todd W.;Dames Elizabeth A.;Frehr Carsten D.;Kelly Michael J.;Kerr Kenneth B.;Kisley Richard V.;Rossman Eric D.;Smith Eric B. |
| 分类号 | G06F11/00 | 主分类号 | G06F11/00 |
| 代理机构 | Cantor Colburn LLP | 代理人 | Cantor Colburn LLP ;Chiu Steven |
| 主权项 | 1. A computer program product for secure key management, the computer program product comprising: a non-transient computer readable medium readable by a processing circuit and storing instructions for execution by the processing circuit for: creating a token and populating the token with key material; and cryptographically binding key control information to the key material such that the key material is accompanied with key binding material, which conforms to and is wrapped using a wrapping method indicated by token fields that are unchanged by a chosen wrapping method, the key control information including: information relating to usage of the key material populating one or more key usage fields that define attributes that limit actions that may be performed with the key material, wherein the key control information further comprises a key usage field count indicating a number of the key usage fields and each of the key usage fields comprises: a high order byte containing flag bits as an indicator, the high order flag bits comprising a first position defining a rule for export using a symmetric key, a second position defining a rule for export using an unauthenticated asymmetric key, a third position defining a rule for export using an authenticated asymmetric key, a fourth position defining a rule for export to a TR-31 format and a fifth position defining a rule for export in RAW format; and a low order byte containing flag bits as an indicator, the low order flag bits comprising a first position defining a rule for export using a DES key, a second position defining a rule for export using an AES key and a fifth position defining a rule of export using an RSA key, each of the indicators being independent and indicative of one key exchange that is performable with the key material. | ||
| 地址 | Armonk NY US | ||