Secure Audit Logging
First Claim
1. A method for generating secure audit logs comprising:
- a first device recording an event in an audit log;
the first device encrypting the audit log to produce an encrypted audit log, wherein the encrypted audit log can be unencrypted with a first encryption key;
the first device storing the first encryption key in a memory of the first device;
the first device transmitting the encrypted audit log to a second device;
the second device decrypting the encrypted audit log with a compatible encryption key to produce the audit log;
the first device purging the encrypted audit file and the first encryption key from the memory of the first device; and
the first device creating a second encryption key to encrypt a second audit log.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention includes systems and methods to asymmetrically encrypt audit logs, store a limited period of the encrypted audit logs, periodically send the encrypted audit logs to a central location for storage and further process in order to provide tamper-proof evidence of an activity. The system comprises a secure audit client enabled to perform various activities. A secure audit manager logs such activities in an audit log for uploading to a secure audit server. The secure audit server receives the audit logs from the secure audit manager. Finally a secure audit log consumer requests audit log data from the secure audit log manager to review the secure audit log.
20 Citations
20 Claims
-
1. A method for generating secure audit logs comprising:
-
a first device recording an event in an audit log; the first device encrypting the audit log to produce an encrypted audit log, wherein the encrypted audit log can be unencrypted with a first encryption key; the first device storing the first encryption key in a memory of the first device; the first device transmitting the encrypted audit log to a second device; the second device decrypting the encrypted audit log with a compatible encryption key to produce the audit log; the first device purging the encrypted audit file and the first encryption key from the memory of the first device; and the first device creating a second encryption key to encrypt a second audit log. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system enabled to asymmetrically encrypt an audit log comprising:
-
a secure audit client enabled to perform an activity; a secure audit manager enabled to log a set of data related to the activity in the audit log; the secure audit manager enabled to asymmetrically encrypt the audit log to produce an encrypted audit log; the secure audit manager enabled to upload the encrypted audit log to a secure audit server; the secure audit server enabled to receive the encrypted audit log from the secure audit manager; and the secure audit server enabled to send the encrypted audit log to a secure audit log consumer to review the encrypted audit log. - View Dependent Claims (7, 8, 9)
-
-
10. A method for creating a secure audit log comprising:
-
a secure audit log manager creating a key entry; the secure audit log manager generating an ephemeral asymmetric key pair and a Galois/Counter Mode (GCM) initialization vector to produce a symmetric Advanced Encryption Standard (AES) key; the secure audit log manager using the symmetric AES key with the GCM initialization vector to establish an AES-GCM encryption stream for encrypting a log entry; a secure audit client requesting the secure audit log manager to log an event; the secure audit log manager creating the log entry; the secure audit log manager serializing the log entry and passing the log entry through the AES-GCM encryption stream creating a secure audit log; the secure audit log manager terminating the secure audit log when a predetermined event occurs; the secure audit log manager adding the secure audit log to a queue of files for uploading to a secure audit log server; the secure audit log manger uploading the queue of files to the secure audit log server via an authenticated message addressed to the secure audit log server, wherein a permanent private key of the secure audit log manager is used to sign the authenticated message to assure authenticity of the secure audit log; the secure audit log server receiving the authenticated message, validating the signature, and accessing the secure audit log; a secure audit log client requesting the secure audit log; the secure audit log server processing the key entry for the secure audit log; the secure audit log server validating the signature of the key entry; the secure audit log server generating a symmetric key; the secure audit log server initializing the AES-GCM encrypted stream with the GCM initialization vector from the key entry and the symmetric key; and the secure audit log server decrypting and deserializing the key entry before presenting to the secure audit log client. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification