Multi-Level Key Manager
First Claim
1. A cryptographic device for processing classified information having a plurality of different classification levels, the cryptographic device comprising:
- a memory holding a plurality of keys outside of an integrated circuit, wherein the plurality of keys are for the plurality of different classification levels;
a cryptographic processor that is part of the integrated circuit, wherein the cryptographic processor uses the plurality of keys to process packets of information that are categorized according to the plurality of different classification levels; and
a key manager, wherein;
the key manager can access a plurality of rules associated with the plurality of different classification levels,the plurality of rules regulate interaction with the plurality of keys,a first rule of the plurality of rules is used by the key manager in a first classification level of the plurality of different classification levels, anda second rule of the plurality of rules is used by the key manager in a second classification level of the plurality of different classification levels.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic device and method are disclosed for processing different levels of classified information. A memory caches keys for use in a cryptographic processor. The cryptographic processor requests a key associated with a particular classification level when processing a packet of the particular classification level. The cryptographic device confirms that the key and the packet are of the same classification level in a high-assurance manner. Checking header information of the keys one or more times is performed in one embodiment. Some embodiments authenticate the stored key in a high-assurance manner prior to providing the key to the cryptographic device.
93 Citations
20 Claims
-
1. A cryptographic device for processing classified information having a plurality of different classification levels, the cryptographic device comprising:
-
a memory holding a plurality of keys outside of an integrated circuit, wherein the plurality of keys are for the plurality of different classification levels; a cryptographic processor that is part of the integrated circuit, wherein the cryptographic processor uses the plurality of keys to process packets of information that are categorized according to the plurality of different classification levels; and a key manager, wherein; the key manager can access a plurality of rules associated with the plurality of different classification levels, the plurality of rules regulate interaction with the plurality of keys, a first rule of the plurality of rules is used by the key manager in a first classification level of the plurality of different classification levels, and a second rule of the plurality of rules is used by the key manager in a second classification level of the plurality of different classification levels. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for processing classified information in a high-assurance manner, the method comprising steps of:
-
receiving a request for a first key by a cryptographic processor; choosing a first rule from a plurality of rules; retrieving a first sterile key from a memory; checking the first sterile key with the first rule; decrypting the first sterile key with a first protection key to produce the first key; checking the first key with the first rule; providing the first key to the cryptographic processor if the checking the first sterile key step and the checking the first key step are completed successfully; receiving a request for a second key by a cryptographic processor; choosing a second rule from the plurality of rules; retrieving the second sterile key from the memory; checking the second sterile key with the second rule; decrypting the second sterile key with a second protection key to produce a second key; checking the second key with the second rule; and providing the second key to the cryptographic processor if the checking the second sterile key step and the checking the second key step are completed successfully. - View Dependent Claims (8, 9, 10, 11)
-
-
12. A cryptographic device for processing information with a plurality of classification levels, the cryptographic device comprising:
-
a memory holding a plurality of keys; a cryptographic processor that uses the plurality of keys to process packets of information that are correlated to the plurality of classification levels; and a key manager that comprises a rule enforcement circuit and a key decryption circuit, wherein; the key manager retrieves a first key for a first packet being processed by the cryptographic processor, the first packet is of a first classification level, the first key is associated with the first classification level, the rule enforcement circuit checks that the first key is designated for the first classification level before providing the first key to the cryptographic processor for processing the first packet, the key manager retrieves a second key for a second packet being processed by the cryptographic processor, the second packet is of a second classification level, the second key is associated with the second classification level, and the rule enforcement circuit checks that the second key is designated for the second classification level before providing the second key to the cryptographic processor for processing the second packet. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification