Method and apparatus for enforcing the separation of computer operations and business management roles in a cryptographic system

US 20020071561A1
Filed: 12/12/2000
Published: 06/13/2002
Est. Priority Date: 12/12/2000
Status: Abandoned Application

First Claim

Patent Images

1. A cryptographic system in a computer system, said cryptographic system comprising:

at least one server;

a database, said database constructed and arranged to contain sensitive information, said database responsive to signals from one of said at least one server;

a key repository process on one of said at least one server, said key repository having two master keys, said two master keys constructed and arranged to manage information in said database, said key repository further constructed and arranged to authorize access to said sensitive information in said database;

at least one operator, said at least one operator having access to a first of said master keys; and

at least two owners, each of said owners having a portion of a second of said master keys;

wherein said at least operator and at least one of said owners are required to start said key repository process.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In enterprise computer environments involving sensitive data, it is important that security policy decisions be made and be approved by the appropriate individuals owning the particular policy decision, rather than relegating this function to computer operators. These policy decisions often include the approval of specific programs to act on behalf of the enterprise, exposure of cryptographic secrets, and others affecting risk. The present invention enforces the separation of the functions of computer operator and policy decision owners.

Citations

44 Claims

1. A cryptographic system in a computer system, said cryptographic system comprising:
- at least one server;
  
  a database, said database constructed and arranged to contain sensitive information, said database responsive to signals from one of said at least one server;
  
  a key repository process on one of said at least one server, said key repository having two master keys, said two master keys constructed and arranged to manage information in said database, said key repository further constructed and arranged to authorize access to said sensitive information in said database;
  
  at least one operator, said at least one operator having access to a first of said master keys; and
  
  at least two owners, each of said owners having a portion of a second of said master keys;
  
  wherein said at least operator and at least one of said owners are required to start said key repository process.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A cryptographic system as in claim 1 wherein said operator is enabled to assert that said computer system is genuine.
  - 3. A cryptographic system as in claim 2 wherein if said operator asserts that said computer system is genuine, then said computer system is enabled to unlock and expose a set of cryptographic credentials that can be used by said key repository.
  - 4. A cryptographic system as in claim 1 wherein said first master key is an integrity key.
  - 5. A cryptographic system as in claim 1 wherein said first master key is a protection key.
  - 6. A cryptographic system as in claim 1 wherein said second master key is an integrity key.
  - 7. A cryptographic system as in claim 1 wherein said second master key is a protection key.
  - 8. A cryptographic system as in claim 1 wherein said second master key is assembled from a set of secrets that are split among a plurality of owners.
  - 9. A cryptographic system as in claim 8 wherein said second master key is assembled from a set of secrets that are split among a plurality of owners according to the Bloom-Shamir methodology.

10. A cryptographic system in a computer system, said cryptographic system comprising:
- at least one server;
  
  a database, said database constructed and arranged to contain sensitive information, said sensitive information including authentication information for at least one operator and at least two owners, said database responsive to signals from one of said at least one server;
  
  a key repository process on one of said at least one server, said key repository having two master keys, said two master keys constructed and arranged to manage said sensitive information in said database, said key repository further constructed and arranged to retrieve said authentication information from said database;
  
  wherein one of said operators authenticates himself, and at least one owner authenticates himself in order for said key repository process to restart.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 39, 40, 41, 42, 43, 44)
- - 11. A cryptographic system as in claim 10, wherein said one or more of said master keys is exposed upon restart of said key repository.
  - 12. A cryptographic system as in claim 10, wherein at least one of said owners must approve all changes to said database that affect the security of said computer system.
  - 13. A cryptographic system as in claim 10, wherein at least one of said owners must approve the addition of an owner.
  - 14. A cryptographic system as in claim 10, wherein at least one of said owners must approve the addition of an operator.
  - 15. A cryptographic system as in claim 10, wherein at least one of said owners must approve the addition of an owner and an operator.
  - 16. A cryptographic system as in claim 10, wherein at least one of said owners must approve the removal of an owner.
  - 17. A cryptographic system as in claim 10, wherein at least one of said owners must approve the removal of an operator.
  - 18. A cryptographic system as in claim 10, wherein at least one of said owners must approve the removal of an owner and an operator.
  - 19. A cryptographic system as in claim 10, wherein at least two of said owners must approve the addition of an owner .
  - 20. A cryptographic system as in claim 10, wherein at least two of said owners must approve the addition of an operator.
  - 21. A cryptographic system as in claim 10, wherein at least two of said owners must approve the addition of an owner and an operator.
  - 22. A cryptographic system as in claim 10, wherein at least two of said owners must approve the removal of an owner.
  - 23. A cryptographic system as in claim 10, wherein at least two of said owners must approve the removal of an operator.
  - 24. A cryptographic system as in claim 10, wherein at least two of said owners must approve the removal of an owner and an operator.
  - 25. A cryptographic system as in claim 10, wherein at least one of said owners must approve a change in the minimum number of owners required to restart said key repository.
  - 26. A cryptographic system as in claim 10, wherein at least two of said owners must approve a change in the minimum number of owners required to restart said key repository.
  - 27. A cryptographic system as in claim 10, wherein at least one of said owners must approve a change in the minimum number of owners required to restart said key repository.
  - 28. A cryptographic system as in claim 10, wherein at least two of said owners must approve a change in the minimum number of owners required to restart said key repository.
  - 29. A cryptographic system as in claim 10, wherein at least one of said owners must approve a change in the approval count.
  - 30. A cryptographic system as in claim 10, wherein at least two of said owners must approve a change in the approval count.
  - 31. A cryptographic system as in claim 10 wherein if said operator asserts that said computer system is genuine, then said computer system is enabled to unlock and expose a set of cryptographic credentials that can be used by said key repository.
  - 32. A cryptographic system as in claim 10 wherein said first master key is an integrity key.
  - 33. A cryptographic system as in claim 10 wherein said first master key is a protection key.
  - 34. A cryptographic system as in claim 10 wherein said second master key is an integrity key.
  - 35. A cryptographic system as in claim 10 wherein said second master key is a protection key.
  - 36. A cryptographic system as in claim 10 wherein said second master key is assembled from a set of secrets that are split among a plurality of owners.
  - 37. A cryptographic system as in claim 36 wherein said second master key is assembled from a set of secrets that are split among a plurality of owners according to the Bloom-Shamir methodology.
  - 39. A cryptographic system as in claim 38 wherein said operator is enabled to assert that said computer system is genuine.
  - 40. A cryptographic system as in claim 39 wherein if said operator asserts that said computer system is genuine, then said computer system is enabled to unlock and expose a set of cryptographic credentials that can be used by said key repository.
  - 41. A cryptographic system as in claim 38 wherein said at least one master key is an integrity key.
  - 42. A cryptographic system as in claim 38 wherein said at least one master key is a protection key.
  - 43. A cryptographic system as in claim 38 wherein said at least one master key is assembled from a set of secrets that are split among a plurality of owners.
  - 44. A cryptographic system as in claim 43 wherein said at least one master key is assembled from a set of secrets that are split among a plurality of owners according to the Bloom-Shamir methodology.

38. A cryptographic system in a computer system, said cryptographic system comprising:
- at least one server;
  
  a database, said database constructed and arranged to contain sensitive information, said database responsive to signals from one of said at least one server;
  
  a key repository process on one of said at least one server, said key repository having at least one master key, said at least one master key being constructed and arranged to manage information in said database, said key repository further constructed and arranged to authorize access to said sensitive information in said database;
  
  at least one operator, said at least one operator having access to said at least one master key; and
  
  at least two owners, each of said owners having a portion of a at least one master key;
  
  wherein said at least operator and at least one of said owners are required to start said key repository process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Kurn, David Michael, Panero, Robert A., Salmond, Kent Adams

Application Number

US09/736,718
Publication Number

US 20020071561A1
Time in Patent Office

Days
Field of Search
US Class Current

380/277
CPC Class Codes

G06F 21/604   Tools and structures for ma...

H04L 2463/102   applying security measure f...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

Method and apparatus for enforcing the separation of computer operations and business management roles in a cryptographic system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

44 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enforcing the separation of computer operations and business management roles in a cryptographic system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

44 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links