Patents Assigned to Venafi, Inc.
  • Publication number: 20150271157
    Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
    Type: Application
    Filed: April 17, 2014
    Publication date: September 24, 2015
    Applicant: Venafi, Inc.
    Inventor: Remo Ronca
  • Publication number: 20150271155
    Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
    Type: Application
    Filed: March 21, 2014
    Publication date: September 24, 2015
    Applicant: Venafi, Inc.
    Inventor: Remo Ronca
  • Publication number: 20150271156
    Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
    Type: Application
    Filed: March 21, 2014
    Publication date: September 24, 2015
    Applicant: Venafi, Inc.
    Inventor: Remo Ronca
  • Publication number: 20150271154
    Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.
    Type: Application
    Filed: March 21, 2014
    Publication date: September 24, 2015
    Applicant: Venafi, Inc.
    Inventor: Remo Ronca
  • Publication number: 20150271158
    Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.
    Type: Application
    Filed: April 17, 2014
    Publication date: September 24, 2015
    Applicant: Venafi, Inc.
    Inventor: Remo Ronca
  • Patent number: 9124430
    Abstract: Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into key sets and trust sets. Policies may apply at any level within the key store. Policies and associated keys may be grouped and organized to manage groups of keys according to common policies and to present complex relationships to a user. Lower level keys may inherit policy properties from higher levels. Higher levels may be locked to preclude changes at lower levels. Policies may include a variety of properties/fields to facilitate key management. Policies may determine what actions are taken with respect to a key or group of keys.
    Type: Grant
    Filed: September 23, 2013
    Date of Patent: September 1, 2015
    Assignee: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney, Asko Juha Saura
  • Publication number: 20150242594
    Abstract: In an example embodiment, a user interface is presented for interacting with a trust map identifying trust relationships between clients/users and servers/hosts. The trust relationships are defined by public/private key pairs in Secure Shell (SSH), Secure File Transfer Protocol (SFTP), Transport Layer Security/Secure Sockets Layer (TLS/SSL), Secure Multipurpose Internet Mail Extensions (S/MIME), Internet Protocol Security (IPsec), and so forth. A selected entity such as a server, client, client/server, key set, policy, and so forth is selected and displayed at the center of a hub/spoke diagram. Non-selected entities having a trust relationship with the hub entity are displayed as spokes. Similar spoke entitles may be grouped together. Trust relationships and related properties are displayed as lines between the hub and spoke entities. A user performs actions on the entities by manipulation of the hub, spoke, trust relationship and related user interface elements.
    Type: Application
    Filed: February 21, 2014
    Publication date: August 27, 2015
    Applicant: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Bryan Robert Lence, Daniel G. DeBete
  • Publication number: 20150086009
    Abstract: Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into trust sets and policies may apply at any level within the key store. Policies may identify when to rotate key sets. When rotating key sets, a new public key and a new private key may be generated. The new public/private keys may be installed at locations where the old public/private keys reside. As the new public/private keys are installed, they may be tested. If problems with the new public/private keys occur, the new public/private keys may be rolled back to the old public/private keys for locations experiencing problems. Remedial action may then be taken to resolve the problems.
    Type: Application
    Filed: September 23, 2013
    Publication date: March 26, 2015
    Applicant: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney, Asko Juha Saura
  • Publication number: 20150086018
    Abstract: Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. The centralized systems may create rich search criteria that can be used to search managed systems for key information. The search criteria may be coupled with a tag to assign key information that meets the search criteria and a state to indicate at least one action that may be taken with regard to the search criteria. Agents located on managed systems may receive the search criteria, tag and state, and may implement the search. Alternate embodiments may access file or other operations on managed systems directly from the centralized system. Embodiments may include a centralized key store, a centralized policy store and/or a centralized configuration store. Key objects within the key store may be organized into trust sets and policies may apply at any level within the key store.
    Type: Application
    Filed: September 23, 2013
    Publication date: March 26, 2015
    Applicant: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney, Asko Juha Saura
  • Publication number: 20150086020
    Abstract: Example embodiments include centralized systems for managing cryptographic keys and trust relationships among systems. Embodiments may include a centralized key store and a centralized policy store. Key sets comprising public/private keys may be stored in or identified by key objects. Key objects within the key store may be organized into key sets and trust sets. Policies may apply at any level within the key store. Policies and associated keys may be grouped and organized to manage groups of keys according to common policies and to present complex relationships to a user. Lower level keys may inherit policy properties from higher levels. Higher levels may be locked to preclude changes at lower levels. Policies may include a variety of properties/fields to facilitate key management. Policies may determine what actions are taken with respect to a key or group of keys.
    Type: Application
    Filed: September 23, 2013
    Publication date: March 26, 2015
    Applicant: Venafi, Inc.
    Inventors: Tero Petteri Harjula, Breon Malachy McCartney, Asko Juha Saura
  • Publication number: 20140317409
    Abstract: A system for managing cryptographic keys and trust relationships in a secure shell (SSH) environment by mapping network servers, clients, and appliances and locating SSH keys and key pairs associated with each device. The system provides for mapping the network topology and all SSH keys and key pairs stored on network connected devices, and the creation of a master database of all devices, keys and key pairs, key types and encryption strength, and user accounts with which each key or key pair is associated. The mapping and database enable the effective management of SSH keys and key pairs, detection of errors and weakness, elimination of orphaned or outdated keys, correction of all deficiencies, and replacement of keys in accordance with policies set by the organization maintaining the network.
    Type: Application
    Filed: July 6, 2012
    Publication date: October 23, 2014
    Applicant: Venafi, Inc.
    Inventors: Peter D. Bartok, Paul A. Turner, Joseph D. Skehan, Jason W. K. Brothers
  • Patent number: 7937583
    Abstract: The disclosure relates to the management of PKI digital certificates, including certificate discovery, installation, verification and replacement for endpoints over an insecure network. A database of certificates may be maintained through discovery, replacement and other activities. Certificate discovery identifies certificates and associated information including network locations, methods of access, applications of use and non-use, and may produce logs and reports. Automated requests to certificate authorities for new certificates, renewals or certificate signing requests may precede the installation of issued certificates to servers using installation scripts directed to a particular application or product, which may provide notification or require approval or intervention. An administrator may be notified of expiring certificates, using a database or scanning or server agents.
    Type: Grant
    Filed: June 17, 2009
    Date of Patent: May 3, 2011
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller
  • Patent number: 7698549
    Abstract: Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: April 13, 2010
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller
  • Patent number: 7653810
    Abstract: The disclosure relates to the management of PKI digital certificates, including certificate discovery, installation, verification and replacement for endpoints over an insecure network. A database of certificates may be maintained through discovery, replacement and other activities. Certificate discovery identifies certificates and associated information including network locations, methods of access, applications of use and non-use, and may produce logs and reports. Automated requests to certificate authorities for new certificates, renewals or certificate signing requests may precede the installation of issued certificates to servers using installation scripts directed to a particular application or product, which may provide notification or require approval or intervention. An administrator may be notified of expiring certificates, using a database or scanning or server agents.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: January 26, 2010
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller, Timothy Hollobon
  • Patent number: 7650497
    Abstract: The disclosure relates to the management of PKI digital certificates, including certificate discovery, installation, verification and replacement for endpoints over an insecure network. A database of certificates may be maintained through discovery, replacement and other activities. Certificate discovery identifies certificates and associated information including network locations, methods of access, applications of use and non-use, and may produce logs and reports. Automated requests to certificate authorities for new certificates, renewals or certificate signing requests may precede the installation of issued certificates to servers using installation scripts directed to a particular application or product, which may provide notification or require approval or intervention. An administrator may be notified of expiring certificates, using a database or scanning or server agents.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: January 19, 2010
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller, Timothy Hollobon
  • Patent number: 7650496
    Abstract: The disclosure relates to the management of PKI digital certificates, including certificate discovery, installation, verification and replacement for endpoints over an insecure network. A database of certificates may be maintained through discovery, replacement and other activities. Certificate discovery identifies certificates and associated information including network locations, methods of access, applications of use and non-use, and may produce logs and reports. Automated requests to certificate authorities for new certificates, renewals or certificate signing requests may precede the installation of issued certificates to servers using installation scripts directed to a particular application or product, which may provide notification or require approval or intervention. An administrator may be notified of expiring certificates, using a database or scanning or server agents.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: January 19, 2010
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller, Timothy Hollobon
  • Patent number: 7568095
    Abstract: Disclosed herein are several digital certificate discovery and management systems. Detailed information on various example embodiments of the inventions are provided in the Detailed Description below, and the inventions are defined by the appended claims.
    Type: Grant
    Filed: August 13, 2004
    Date of Patent: July 28, 2009
    Assignee: Venafi, Inc.
    Inventors: Russell S. Thornton, Benjamin Hodson, Jayson Seegmiller