Automated encryption degradation detection, reporting and remediation
US-2021243209-A1 · Aug 5, 2021 · US
Attestation and enforcement of cryptographic requirements across multiple hops
US12537802B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12537802-B2 |
| Application number | US-202318356715-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 21, 2023 |
| Priority date | Jul 21, 2023 |
| Publication date | Jan 27, 2026 |
| Grant date | Jan 27, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure provides an approach for multi-endpoint cryptographic orchestration. Embodiments include establishing, by a first endpoint of a plurality of endpoints related to a multi-endpoint secure communication session, a metadata channel with one or more other endpoints of the plurality of endpoints. Embodiments include sending, by the first endpoint, to a second endpoint of the one or more other endpoints, via the metadata channel, an indication of a cryptographic requirement related to the multi-endpoint secure communication session. Embodiments include performing, by the second endpoint, one or more cryptographic operations related to the multi-endpoint secure communication session based on the indication of the cryptographic requirement. Embodiments include attesting, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement.
First claim
Opening claim text (preview).
We claim: 1 . A method of multi-endpoint cryptographic orchestration, comprising: establishing, by a first endpoint of a plurality of endpoints related to a multi-endpoint secure communication session, a metadata channel with one or more other endpoints of the plurality of endpoints; sending, by the first endpoint, to a second endpoint of the one or more other endpoints, via the metadata channel, an indication of a cryptographic requirement related to the multi-endpoint secure communication session; performing, by the second endpoint, one or more cryptographic operations related to the multi-endpoint secure communication session based on the indication of the cryptographic requirement; and attesting, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement. 2 . The method of claim 1 , wherein the multi-endpoint secure communication session is associated with a unique identifier, and wherein the first endpoint sends the indication of the cryptographic requirement in association with the unique identifier. 3 . The method of claim 2 , wherein an entry is added to a secure digital ledger based on the attesting, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement, and wherein the entry comprises the unique identifier. 4 . The method of claim 1 , wherein the first endpoint encrypts the indication of the cryptographic requirement using a public key associated with the second endpoint, and wherein the sending of the indication of the cryptographic requirement comprises sending the encrypted indication of the cryptographic requirement. 5 . The method of claim 1 , further comprising determining, by the first endpoint, the cryptographic requirement based on a secure negotiation among the plurality of endpoints related to the multi-endpoint secure communication session. 6 . The method of claim 1 , wherein the plurality of endpoints comprises cryptographic provider components of a cryptographic agility system that dynamically selects cryptographic techniques based on attributes related to requests for cryptographic operations. 7 . The method of claim 1 , further comprising: determining, by the second endpoint, that a separate component performed a cryptographic operation related to the multi-endpoint secure communication session in accordance with the cryptographic requirement; and attesting, by the second endpoint, via the metadata channel, that the cryptographic operation performed by the separate component complies with the cryptographic requirement. 8 . A system for multi-endpoint cryptographic orchestration, comprising: at least one memory; and at least one processor coupled to the at least one memory, the at least one processor and the at least one memory configured to: establish, by a first endpoint of a plurality of endpoints related to a multi-endpoint secure communication session, a metadata channel with one or more other endpoints of the plurality of endpoints; send, by the first endpoint, to a second endpoint of the one or more other endpoints, via the metadata channel, an indication of a cryptographic requirement related to the multi-endpoint secure communication session; perform, by the second endpoint, one or more cryptographic operations related to the multi-endpoint secure communication session based on the indication of the cryptographic requirement; and attest, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement. 9 . The system of claim 8 , wherein the multi-endpoint secure communication session is associated with a unique identifier, and wherein the first endpoint sends the indication of the cryptographic requirement in association with the unique identifier. 10 . The system of claim 9 , wherein an entry is added to a secure digital ledger based on the attesting, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement, and wherein the entry comprises the unique identifier. 11 . The system of claim 8 , wherein the first endpoint encrypts the indication of the cryptographic requirement using a public key associated with the second endpoint, and wherein the sending of the indication of the cryptographic requirement comprises sending the encrypted indication of the cryptographic requirement. 12 . The system of claim 8 , wherein the at least one processor and the at least one memory are further configured to determine, by the first endpoint, the cryptographic requirement based on a secure negotiation among the plurality of endpoints related to the multi-endpoint secure communication session. 13 . The system of claim 8 , wherein the plurality of endpoints comprises cryptographic provider components of a cryptographic agility system that dynamically selects cryptographic techniques based on attributes related to requests for cryptographic operations. 14 . The system of claim 8 , wherein the at least one processor and the at least one memory are further configured to: determine, by the second endpoint, that a separate component performed a cryptographic operation related to the multi-endpoint secure communication session in accordance with the cryptographic requirement; and attest, by the second endpoint, via the metadata channel, that the cryptographic operation performed by the separate component complies with the cryptographic requirement. 15 . A non-transitory computer readable medium storing instructions that, when executed by one or more processors, cause the one or more processors to: establish, by a first endpoint of a plurality of endpoints related to a multi-endpoint secure communication session, a metadata channel with one or more other endpoints of the plurality of endpoints; send, by the first endpoint, to a second endpoint of the one or more other endpoints, via the metadata channel, an indication of a cryptographic requirement related to the multi-endpoint secure communication session; perform, by the second endpoint, one or more cryptographic operations related to the multi-endpoint secure communication session based on the indication of the cryptographic requirement; and attest, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement. 16 . The non-transitory computer readable medium of claim 15 , wherein the multi-endpoint secure communication session is associated with a unique identifier, and wherein the first endpoint sends the indication of the cryptographic requirement in association with the unique identifier. 17 . The non-transitory computer readable medium of claim 16 , wherein an entry is added to a secure digital ledger based on the attesting, by the second endpoint, via the metadata channel, that the one or more cryptographic operations comply with the cryptographic requirement, and wherein the entry comprises the unique identifier. 18 . The non-transitory computer readable medium of claim 15 , wherein the first endpoint encrypts the indication of the cryptographic requirement using a public key associated with the second endpoint, and wherein the sending of the indication of the cryptographic requirement comprises sending the encrypted indication of the cryptographic requirement. 19 . The non-transitory computer readable medium of claim 15 , wherein t
Assignees
Inventors
Classifications
- H04L9/32Primary
including means for verifying the identity or authority of a user of the system {or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials} · CPC title
- H04L63/0428Primary
wherein the data content is protected, e.g. by encrypting or encapsulating the payload · CPC title
involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD · CPC title
using hash chains, e.g. blockchains or hash trees · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12537802B2 cover?
- The disclosure provides an approach for multi-endpoint cryptographic orchestration. Embodiments include establishing, by a first endpoint of a plurality of endpoints related to a multi-endpoint secure communication session, a metadata channel with one or more other endpoints of the plurality of endpoints. Embodiments include sending, by the first endpoint, to a second endpoint of the one or mor…
- Who is the assignee on this patent?
- VMware LLC
- What technology area does this patent fall under?
- Primary CPC classification H04L9/32. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 27 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).