Data enclave and trusted path system
First Claim
1. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
- protected storage in the server and in each of the workstations;
a crypto media controller in each workstation that can be used to read the fixed media and the removable media;
a personal keying device assigned to each user in the enclave;
an enclave key, a copy of which is held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network;
a personal identification number (PIN) for user in the enclave;
a media key for each unit of media; and
an access vector associated with each media key to form media key/access vector pairs, the pairs stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs;
wherein the media key/access vector pairs stored in the personal keying devices are enciphered with a combined key formed from the user'"'"'s PIN and the enclave key;
wherein device attributes assigned to each workstation are used to represent security attributes of the workstations; and
wherein each crypto media controller includes logic for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the workstation from which access is attempted.
5 Assignments
0 Petitions
Accused Products
Abstract
A data communication system providing for the secure transfer and sharing of data via a local area network and/or a wide area network. The system includes a secure processing unit which communicates with a personal keying device and a crypto media controller attached to a user'"'"'s Workstation. The communication between these processing elements generates a variety of data elements including keys, identifiers, and attributes. The data elements are used to identify and authenticate the user, assign user security access rights and privileges, and assign media and device attributes to a data access device according to a predefined security policy. The data elements are manipulated, combined, protected, and distributed through the network to the appropriate data access devices, which prevents the user from obtaining unauthorized data.
-
Citations
13 Claims
-
1. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
-
protected storage in the server and in each of the workstations; a crypto media controller in each workstation that can be used to read the fixed media and the removable media; a personal keying device assigned to each user in the enclave; an enclave key, a copy of which is held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network; a personal identification number (PIN) for user in the enclave; a media key for each unit of media; and an access vector associated with each media key to form media key/access vector pairs, the pairs stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs; wherein the media key/access vector pairs stored in the personal keying devices are enciphered with a combined key formed from the user'"'"'s PIN and the enclave key; wherein device attributes assigned to each workstation are used to represent security attributes of the workstations; and wherein each crypto media controller includes logic for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the workstation from which access is attempted.
-
-
2. A data enclave method for securing data for an enclave of one or more users, wherein the data is carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, the method comprising the steps of:
-
providing protected storage in the server and in each of the workstations; providing a crypto media controller in each workstation that can be used to read the fixed media and the removable media; providing a personal keying device assigned to each user in the enclave; providing an enclave key and storing a copy of the enclave key in the protected storage in the server and in each of the workstations and using it to protect other keys stored or transmitted on the network; providing each user in the enclave a personal identification number (PIN); associating a media key with each unit of media; providing an access vector associated with each media key to form media key/access vector pairs, storing the pairs in the personal keying devices, and using the pairs to represent possible conditions of access, by the user assigned to the personal keying device holding the media key/access vector pair or pairs, to data encrypted on the media associated with the media key; enciphering the media key/access vector pairs with a combined key formed from the user'"'"'s PIN and the enclave key; storing the enciphered media key/access vector pairs in the personal keying device;
assigning device attributes for each workstation to represent the security attributes of the workstations; andusing the crypto media controller for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data, (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the workstation from which access is attempted.
-
-
3. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
-
protected storage in the server and in each of the workstations; a crypto media controller in each workstation that can be used to read the fixed media and the removable media; a personal keying device assigned to each user in the enclave; an enclave key, a copy of which is held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network; a personal identification number (PIN) for each user in the enclave; a user unique identifier (user UID) assigned to each user in the enclave and stored in the user'"'"'s personal keying device encrypted with the enclave key; user attributes associated with each user to which a user UID has been assigned, and used to represent the privileges and other security related information that pertains to that user; a media key for each unit of media, and used to encrypt and protect data carried on the media, the media keys stored in the personal keying devices; a media unique identifier (media UID) for each unit of media, stored on the media, and used to identify the media key for a particular unit of media stored in a particular personal keying device, and to identify media attributes assigned to the particular unit of media, wherein the media attributes associated with each unit of media to which a media UID has been assigned are used to represent the sensitivity or other security related information that may pertain to the data carried on that unit of media; and an access vector associated with each media key to form media key/access vector pairs, stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs, each access vector formed using the corresponding media attributes and user attributes, and a set of access rules; wherein the media key/access vector pairs stored in the personal keying devices are enciphered with a combined key formed from the user'"'"'s UID, the user'"'"'s PIN and the enclave key; wherein device attributes assigned to each workstation are used to represent security attributes of the workstations; and wherein each crypto media controller includes access control logic for restricting access to the data on the media based on the user'"'"'s PIN, the access vector and the device attributes for the workstation from which access is attempted. - View Dependent Claims (4, 5, 6)
-
-
7. A data enclave method for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising the steps of:
-
(a) providing protected storage in the server and in each of the workstations; (b) providing a crypto media controller in each workstation and using it to read the fixed media and the removable media; (c) providing a personal keying device for each user in the enclave; (d) providing an enclave key, a copy held in the protected storage in the server and in each of the workstations, and using it to protect other keys stored or transmitted on the network; (e) providing a personal identification number (PIN) for each user in the enclave; (f) providing a user unique identifier (user UID) for each user in the enclave and storing it in the user'"'"'s personal keying device encrypted with the enclave key; (g) providing user attributes for each user to which a user UID has been assigned, and using them represent the privileges and other security related information that pertains to each user; (h) providing a media key for each unit of media, wherein the media key is used to encrypt and protect data carried on the media and wherein the media keys are stored in the personal keying devices; (i) providing a media unique identifier (media UID) for each unit of media, and storing it on the associated media, and using them to identify the corresponding media key for the unit of media stored in a personal keying device, and to identify media attributes assigned to the unit of media; (j) providing media attributes associated with each unit of media to which a media UID has been assigned, and using them to represent the sensitivity or other security related information that may pertain to the data carried on the units of media; (k) providing an access vector associated with each media key to form media key/access vector pairs, storing them in the personal keying devices, and using them to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs, and forming the access vector using the corresponding media attributes and user attributes, and a set of access rules; (l) enciphering the media key/access vector pairs with a combined key, wherein the combined key includes the user'"'"'s UID, the user'"'"'s PIN and the enclave key; (m) storing the enciphered media key/access vector pairs in the personal keying devices; (n) providing device attributes for each workstation, and using them to represent the security attributes of the workstations; and (o) providing access control logic in each crypto media controller for restricting access to the data on the media based on the user'"'"'s PIN, the access vector and the device attributes for the workstation from which access is attempted. - View Dependent Claims (8, 9, 10)
-
-
11. A trusted path system for communication between a workstation and a secure computer over an untrusted communication medium, comprising;
-
a logic and control unit in the workstation and in the secure computer; an end-to-end authentication token exchange protocol used to assure the logic and control unit in the workstation is communicating with an authentic logic and control unit in the secure computer, and vice versa; the token exchange protocol operating by inserting a token encrypted with a first keystream in messages from the workstation to the secure computer, wherein the token is developed from an encrypted token received from the secure computer in a previous transaction, wherein the received encrypted token is encrypted with a second keystream and wherein the step of inserting the token comprises decrypting the token with the second keystream before encrypting the token with the first keystream, the step of inserting the token serving to chain transactions together so that a forged transaction entered into the interaction between the workstation and the secure computer is detected the next time a legitimate transaction is received by a logic and control unit; a cryptographic checksum protocol used to assure transactions between the logic and control units have not been tampered with, the checksum protocol authenticating single transactions between the workstation and the secure computer rather than sequences of transactions; and an identification and authentication protocol invoked when a user wishes to interact with the secure computer for some period of time, using the keyboard and display of the workstation and the untrusted communications medium, the period of interaction being a session, and the act of initiating a session called logon, and that of terminating a session is called logout.
-
-
12. A method of chaining transactions between a workstation and a secure computer over an untrusted communication medium to ensure an authenticated interchange, the method comprising the steps of:
-
providing a keystream stored in the workstation and the secure computer; providing first, second and third tokens stored in the secure computer; providing an encrypted first token stored in the workstation, wherein the encrypted first token is formed by encrypting the first token with a first portion of the keystream; performing a first transaction, wherein the step of performing the first transaction comprises the steps of; sending a first message from the secure computer to the workstation, wherein the first message includes an encrypted second token formed by encrypting the second token with a second portion of the keystream; storing the encrypted second token in the workstation; sending a section message from the workstation to the secure computer, wherein the second message includes a re-encrypted first token formed by decrypting the encrypted first token with the first portion of the keystream and re-encrypting the decrypted first token with a third portion of the keystream; decrypting, at the secure computer, the re-encrypted token with the third portion of the keystream; and comparing the first token to the decrypted re-encrypted first token to determine if they match; and performing a second transaction, wherein the step of performing the second transaction comprises the steps of; sending a third message from the secure computer to the workstation, wherein the third message includes an encrypted third token formed by encrypting the third token with a forth portion of the keystream; storing the encrypted third token in the workstation; sending a fourth message from the workstation to the secure computer, wherein the fourth message includes a re-encrypted second token formed by decrypting the encrypted second token with the second portion of the keystream and re-encrypting the decrypted second token with a fifth portion of the keystream; decrypting, at the secure computer, the re-encrypted token with the fifth portion of the keystream; and comparing the second token to the decrypted re-encrypted second token to determine if they match. - View Dependent Claims (13)
-
Specification