SYSTEM AND METHOD OF ENFORCING A COMPUTER POLICY
First Claim
1. A method of accessing a cryptographic key stored on a remote server in order to perform a cryptographic operation, comprising:
- determining the identity of a user;
cryptographically validating the identity of the client device;
determining whether the identity of the user and the identity of the client device satisfy an access condition which is stored on the remote server;
securely transmitting the cryptographic key from the remote server to the client device when the access condition is satisfied; and
using the cryptographic key to perform a cryptographic operation without disclosing the cryptographic key to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system of enforcing a computer policy uses a central server to manage user profiles, policies and encryption keys. The server securely supplies the keys to client devices only after checking that the policy has been complied with. The checks include both the identity of the user and the machine identity of the client device. The keys are held in a secure environment of the client device, for example in a Trusted Platform Module (TPM), and remain inaccessible at all times to the end user. Theft or loss of a portable client device does not result in any encrypted data being compromised since the keys needed to decrypt that data are not extractable from the secure environment.
-
Citations
59 Claims
-
1. A method of accessing a cryptographic key stored on a remote server in order to perform a cryptographic operation, comprising:
-
determining the identity of a user; cryptographically validating the identity of the client device; determining whether the identity of the user and the identity of the client device satisfy an access condition which is stored on the remote server; securely transmitting the cryptographic key from the remote server to the client device when the access condition is satisfied; and using the cryptographic key to perform a cryptographic operation without disclosing the cryptographic key to the user. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47, 48)
-
-
2-40. -40. (canceled)
-
49. A client device configured to:
-
allow the device'"'"'s identity to be cryptographically validated; receive a securely-transmitted cryptographic key from a remote server; and use the cryptographic key to perform a cryptographic operation without disclosing the cryptographic key to a user - View Dependent Claims (50, 51, 52, 53, 54, 55)
-
-
56. A server on which a cryptographic key and an access condition are stored, wherein the server is configured to:
-
determine whether the identity of a user and the identity of a client device satisfy the access condition; and transmit the cryptographic key securely to the client device when the access condition is satisfied. - View Dependent Claims (57, 58, 59)
-
Specification