Method to establish and enforce a network cryptographic security policy in a public key cryptosystem
First Claim
1. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, a method for enforcing a network security policy, comprising steps of:
- encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor;
decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy;
storing a public certification key and a private certification key of a certification key pair at said first data processor and transmitting said public certification key to said second data processor;
storing a public utilization key and a private utilization key of a utilization key pair at said second data processor;
transmitting a request from said second data processor to said first data processor to certify said public utilization key;
transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor;
verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor, said certificate including a digital signature produced by said first data processor using said private certification key; and
impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor.
1 Assignment
0 Petitions
Accused Products
Abstract
Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A'"'"'s public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A'"'"'s current configuration vector, in an audit record. the certification center then compares device A'"'"'s copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signiture dSigPRC on a representation of device A'"'"'s public key PUMa, using the certification center'"'"'s private certification key PRC. Thereafter, if device A attempts to change its configuration vector, device A'"'"'s privacy key PRMa corresponding to the certified public key PUMa, will automatically become unavailable for use in communicating in the network.
289 Citations
24 Claims
-
1. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, a method for enforcing a network security policy, comprising steps of:
-
encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing a public certification key and a private certification key of a certification key pair at said first data processor and transmitting said public certification key to said second data processor; storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; transmitting a request from said second data processor to said first data processor to certify said public utilization key; transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor; verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor, said certificate including a digital signature produced by said first data processor using said private certification key; and impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 22)
-
-
13. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, a method for enforcing a network security policy, comprising steps of:
-
encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; transmitting a request from said second data processor to said first data processor to certify said public utilization key and a representation of said first configuration vector in an audit record; verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor, said certificate including a digital signature produced by said first data processor using said private certification key; and impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor.
-
-
14. A computer program in a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, said computer program when executed, performing a method for enforcing a network security policy, comprising the sequence of computer program instructions:
-
encoding instruction for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding instruction for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; first storing instruction for storing a public certification key and a private certification key of a certification key pair at said first data processor and transmitting said public certification key to said second data processor; second storing instruction for storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; first transmitting instruction for transmitting a request from said second data processor to said first data processor to certify said public utilization key; second transmitting instruction for transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor; verifying instruction for verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor, said certificate including a digital signature produced by said first data processor using said private certification key; and impairing instruction for impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor.
-
-
15. A computer program in a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, said computer program when executed, performing a method for enforcing a network security policy, comprising the sequence of computer program instructions:
-
encoding instruction for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding instruction for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing instruction for storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; transmitting instruction for transmitting a request from said second data processor to said first data processor to certify said public utilization key and for transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor; verifying instruction for verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor; impairing instruction for impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor.
-
-
16. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, an apparatus for enforcing a network security policy, comprising:
-
encoding means for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding means coupled to said encoding means, for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; first storing means for storing a public certification key and a private certification key of a certification key pair at said first data processor and transmitting said public certification key to said second data processor; second storing means for storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; first transmitting means coupled to said second storing means, for transmitting a request from said second data processor to said first data processor to certify said public utilization key; second transmitting means coupled to said decoding means, for transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor; verifying means coupled to said second transmitting means, for verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to a certificate storage means in said second data processor, said certificate including a digital signature produced by said first data processor using said private certification key; and impairing means coupled to said decoding means, for impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor. - View Dependent Claims (17)
-
-
18. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, an apparatus for enforcing a network security policy, comprising:
-
encoding means for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding means coupled to said encoding means, for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing means for storing a public utilization key and a private utilization key of a utilization key pair at said second data processor; transmitting means coupled to said storing means, for transmitting a request from said second data processor to said first data processor to certify said public utilization key and for transmitting a representation of said first configuration vector in an audit record from said second data processor to said first data processor; verifying means coupled to said transmitting means, for verifying said audit record in said first data processor and transmitting a certificate for said public utilization key to said second data processor; impairing means coupled to said decoding means, for impairing use of said private utilization key in said second data processor in response to storing a new configuration vector in said second data processor. - View Dependent Claims (19, 20)
-
-
21. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, a method for enforcing a network security policy, comprising steps of:
-
encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing a cryptographic key at said second data processor; impairing use of said cryptographic key in said second data processor in response to storing a new configuration vector in said second data processor.
-
-
23. A computer program in a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, said computer program when executed, performing a method for enforcing a network security policy, comprising the sequence of computer program instructions:
-
encoding instruction for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding instruction for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing instruction for storing a cryptographic key said second data processor; impairing instruction for impairing use of said cryptographic key in said second data processor in response to storing a new configuration vector in said second data processor.
-
-
24. In a data processing network which includes a first data processor coupled to a second data processor, said first data processor including a first cryptographic system and said second data processor including a second cryptographic system, an apparatus for enforcing a network security policy, comprising:
-
encoding means for encoding a network security policy in a first configuration vector at said first data processor and transmitting said first configuration vector to said second data processor; decoding means coupled to said encoding means, for decoding said first configuration vector in said second data processor and configuring said second data processor in response thereto to implement said network security policy; storing means for storing a cryptographic key at said second data processor; impairing means coupled to said decoding means, for impairing use of said cryptographic key in said second data processor in response to storing a new configuration vector in said second data processor.
-
Specification