Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a rule-based certificate cryptographic key material comprising containing a rule set defining validity conditions is associated with cryptographic key material assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is compliant or non-compliant with the rule set. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is non-compliant with the rules and reinstating the validity of the cryptographic key material when the entity becomes compliant. A rules compliance service determines the validity of the cryptographic material in part using updates sent by the entity. Entities can delegate the update to a delegate device. Encryption can be used to preserve privacy.

Abstract: In representative embodiments, a geo-fence cryptographic key material comprising a geo-fence description defining a geographic area and associated cryptographic key material is assigned to an entity for use in authenticated communications. The validity of the cryptographic material changes state based on whether the entity is inside or outside the geographic area. This is accomplished in a representative embodiment by suspending the validity of the cryptographic key material when the entity is outside the geographic area and reinstating the validity of the cryptographic key material when the entity is inside the geographic area. A geographic update service determines the validity of the cryptographic material in part using location updates sent by the entity. Entities that are not geo-aware can delegate the location update to a geo-aware device. Encryption can be used to preserve privacy.