International Business Machines Corporation
RESTRICTING SECURITY KEY TRANSFER FROM A KEY MANAGEMENT SERVER IN AN ENTERPRISE

Abstract:

An enterprise key management server operates in association with a location service that maintains information defining at least one physical boundary of the enterprise. Upon receipt at the key management server of a request that requires release of key material, an additional security check is performed. When the request is received from a GPS-enabled storage device, the key management server queries the location service to determine whether that device is within the boundary. If so, the key material is released. If the requesting device does not provide its location, or if the location service determines that the device is not within the boundary, the key management server fails the request so that the key material is not released. In this manner, the disclosure of the key material to a device that is no longer within the confines of the enterprise, e.g., because it has been stolen, is averted.