Calculating state of cryptographic objects and generating search filter for querying cryptographic objects

摘要

Mechanisms are provided for calculating state of cryptographic objects and generating search filters for querying cryptographic objects based on the given state or on the given combination of unique states. The mechanism to calculate a state of a cryptographic object allows an application or system to resolve the current state of any cryptographic object with the following set of state altering date values: initial date, activation date, deactivation date, compromise date, and destroy date. A processing module may retrieve the state meta-data and calculate the current state of a given cryptographic object. The current state may be, for example, one of the following: unknown, pre-active, active, deactivated, compromised, destroyed, and destroyed-compromised. The mechanism to generate a search filter may generate a search query language (SQL) search filter to query for cryptographic objects using the state altering date values stored for each object.

主权项

1. A method, in a data processing system, for managing cryptographic objects, the method comprising;
storing a set of state altering date values in state meta data associated with a cryptographic object in a data store, wherein the set of state altering date values comprises a plurality of state altering date values; retrieving the set of state altering date values from the data store; and determining a state of the cryptographic object based on a combination of the plurality of state altering date values, wherein the set of state altering date value comprises an initial date, an activation date, a deactivation date, a compromise date, and a destroy date, and wherein determining the state of the cryptographic object comprises: responsive to the destroy date being set and the compromise date not being set, determining that the cryptographic object is in a destroyed state; responsive to the destroy date not being set and the compromised date being set, determining that the cryptographic object is in a compromised state; responsive to the deactivation date being set and less than or equal to a current time, determining that the cryptographic object is in a deactivated state; responsive to the deactivation date not being set or greater than the current time and responsive to the activation date being set and less than or equal to the current time, determining that the cryptographic object is in an active state; responsive to the deactivation date not being set or greater than the current time and responsive to the activation date being set and greater than the current time, determining that the cryptographic object is in a pre-active state; and responsive to the deactivation date not being set or greater than the current time and responsive to the activation date not being set and the initial date being set, determining that the cryptographic object is in an active state.