| abstract |
Apparatus and methods for managing key material in cryptographic assets are disclosed. The methods can include defining first key material to be delivered to a cryptographic asset, wherein the first key material has a cryptoperiod having an expiration. Second key material to be delivered to the cryptographic asset is also defined. An automatic delivery of the second key material is scheduled such that the second key material will be delivered automatically to the cryptographic asset at or before the expiration of the cryptoperiod of the first key material. The methods can include defining a set of equipment classes, and registering at least one cryptographic asset with each equipment class. Cryptographic assets selected from the registered cryptographic assets are grouped into secure communication services, thereby defining secure communication interfaces between the cryptographic assets. Key material for each communications interface is defined, and an automatic delivery of the key material to the selected cryptographic assets is scheduled. The apparatus and methods of the invention provide an integrated key management system suitable for managing key material in a plurality of heterogeneous cryptographic assets from a single system. |