| CPC H04L 9/083 (2013.01) [H04L 9/08 (2013.01); H04L 9/14 (2013.01); H04L 9/321 (2013.01); H04L 9/40 (2022.05); H04W 12/64 (2021.01)] | 17 Claims |
|
1. A method for securely distributing cryptographic keys based on geographic location, the method comprising:
receiving at a proxy device, a request from an agent device for access to cryptographic keys managed by a key management service, wherein the proxy device communicates data between the agent device and the key management service, wherein the proxy device is a separate device from the agent device;
determining a geographic location of the agent device;
comparing, at the proxy device, the geographic location of the agent device with a geographic location specific security policy to determine whether the agent device is located within an approved geographic location;
receiving, at the proxy device, a digital certificate of the agent device;
using the digital certificate, validating that the agent device is allowed to be located within the approved geographic location;
in response to determining that the agent device is located within the approved geographic location and validating that the agent device is allowed to be located within the approved geographic location, sending a request to the key management service for a cryptographic key, wherein the request includes the digital certificate of the agent device that is used by the key management service to validate the agent device against the approved geographic location associated with the proxy device;
receiving, at the proxy device, encrypted data that includes the cryptographic key from the key management service; and
sending, from the proxy device, the encrypted data that includes the cryptographic key to the agent device without decrypting the encrypted data.
|