Data enclave and trusted path system
First Claim
1. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
- protected storage in the server and in each of the workstations;
a crypto media controller in each Workstation that can be used to read the fixed media and the removable media;
a personal keying device assigned to each user in the enclave;
an enclave key, a copy held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network;
a personal identification number (PIN) for each user in the enclave;
an access vector associated with each media key to form media key/access vector pairs, the pairs stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs;
the media key/access vector pairs stored in the personal keying devices enciphered with a combined key including the user'"'"'s PIN and the enclave key;
device attributes assigned to each Workstation, and used to represent the security attributes of the workstations; and
each crypto media controller including logic for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data, (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the Workstation from which access is attempted.
5 Assignments
0 Petitions
Accused Products
Abstract
A data communication system providing for the secure transfer and sharing of data via a local area network and/or a wide area network. The system includes a secure processing unit which communicates with a personal keying device and a crypto media controller attached to a user'"'"'s Workstation. The communication between these processing elements generates a variety of data elements including keys, identifiers, and attributes. The data elements are used to identify and authenticate the user, assign user security access rights and privileges, and assign media and device attributes to a data access device according to a predefined security policy. The data elements are manipulated, combined, protected, and distributed through the network to the appropriate data access devices, which prevents the user from obtaining unauthorized data.
-
Citations
11 Claims
-
1. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
-
protected storage in the server and in each of the workstations; a crypto media controller in each Workstation that can be used to read the fixed media and the removable media; a personal keying device assigned to each user in the enclave; an enclave key, a copy held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network; a personal identification number (PIN) for each user in the enclave; an access vector associated with each media key to form media key/access vector pairs, the pairs stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs; the media key/access vector pairs stored in the personal keying devices enciphered with a combined key including the user'"'"'s PIN and the enclave key; device attributes assigned to each Workstation, and used to represent the security attributes of the workstations; and each crypto media controller including logic for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data, (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the Workstation from which access is attempted.
-
-
2. A data enclave method for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising the steps of:
-
(a) providing protected storage in the server and in each of the workstations; (b) providing a crypto media controller in each Workstation that can be used to read the fixed media and the removable media; (c) providing a personal keying device assigned to each user in the enclave; (d) providing an enclave key and storing a copy in the protected storage in the server and in each of the workstations and using it to protect other keys stored or transmitted on the network; (e) providing each user in the enclave a personal identification number (PIN); (f) providing an access vector associated with each media key to form media key/access vector pairs, storing the pairs in the personal keying devices, and using them to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs; storing the media key/access vector pairs in the personal keying devices enciphered with a combined key including the user'"'"'s PIN and the enclave key; providing device attributes assigned for each Workstation to represent the security attributes of the workstations; and using the crypto media controller for (i) reading a unit of media using the media key received from the personal keying device of the user seeking access to the data, (ii) decrypting a media key/access vector pair received from a personal keying device using the enclave key stored in the controller and the user PIN entered by a user in the personal keying device used by the user seeking access to the data, (iii) decrypting the data on the media using the media key, and (iv) restricting access to the decrypted data based on the access vector and the device attributes for the Workstation from which access is attempted.
-
-
3. A data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising:
-
protected storage in the server and in each of the workstations; a crypto media controller in each Workstation that can be used to read the fixed media and the removable media; a personal keying device assigned to each user in the enclave; an enclave key, a copy held in the protected storage in the server and in each of the workstations and used to protect other keys stored or transmitted on the network; a personal identification number (PIN) for each user in the enclave; a user unique identifier (user UID) assigned to each user in the enclave and stored in the user'"'"'s personal keying device encrypted with the enclave key; user attributes associated with each user to which a user UID has been assigned, and used to represent the privileges and other security related information that pertains to that user; a media key for each unit of media, and used to encrypt and protect data carried on the media, the media keys stored in the personal keying devices; a media unique identifier (media UID) for each unit of media, stored on the media, and used to identify the corresponding media key for the unit of media stored in a personal keying device, and to identify media attributes assigned to the unit of media; media attributes associated with each unit of media to which a media UID has been assigned, and used to represent the sensitivity or other security related information that may pertain to the data carried on that unit of media; an access vector associated with each media key to form media key/access vector pairs, stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs, each access vector formed using the corresponding media attributes and user attributes, and a set of access rules; the media key/access vector pairs stored in the personal keying devices enciphered with a combined key including the user'"'"'s UID, the user'"'"'s PIN and the enclave key; device attributes assigned to each Workstation, and used to represent the security attributes of the workstations; each crypto media controller including access control logic for restricting access to the data on the media based on the user'"'"'s PIN, the access vector and the device attributes for the Workstation from which access is attempted. - View Dependent Claims (4, 5, 6)
-
-
7. A data enclave method for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, one or more of the workstations including the physical units of fixed media, comprising the steps of:
-
(a) providing protected storage in the server and in each of the workstations; (b) providing a crypto media controller in each Workstation and using it to read the fixed media and the removable media; (c) providing a personal keying device for each user in the enclave; (d) providing an enclave key, a copy held in the protected storage in the server and in each of the workstations, and using it to protect other keys stored or transmitted on the network; (e) providing a personal identification number (PIN) for each user in the enclave; (f) providing a user unique identifier (user UID) for each user in the enclave and storing it in the user'"'"'s personal keying device encrypted with the enclave key; (g) providing user attributes for each user to which a user UID has been assigned, and using them represent the privileges and other security related information that pertains to each user; (h) providing a media key for each unit of media, and using it to encrypt and protect data carried on the media, and storing the media keys in the personal keying devices; (i) providing a media unique identifier (media UID) for each unit of media, and storing it on the associated media, and using them to identify the corresponding media key for the unit of media stored in a personal keying device, and to identify media attributes assigned to the unit of media; (j) providing media attributes associated with each unit of media to which a media UID has been assigned, and using them to represent the sensitivity or other security related information that may pertain to the data carried on the units of media; (k) providing an access vector associated with each media key to form media key/access vector pairs, storing them in the personal keying devices, and using them to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs, and forming the access vector using the corresponding media attributes and user attributes, and a set of access rules; (l) storing the media key/access vector pairs in the personal keying devices enciphered with a combined key including the user'"'"'s UID, the user'"'"'s PIN and the enclave key; (m) providing device attributes for each Workstation, and using them to represent the security attributes of the workstations; and (n) providing access control logic in each crypto media controller for restricting access to the data on the media based on the user'"'"'s PIN, the access vector and the device attributes for the Workstation from which access is attempted. - View Dependent Claims (8, 9, 10)
-
-
11. A trusted path system for communication between a Workstation and a secure computer over a untrusted communication medium, comprising;
-
a logic and control unit in the Workstation and in the secure computer; an end-to-end authentication token exchange protocol used to assure the logic and control unit in the Workstation is communicating with an authentic logic and control unit in the secure computer, and vice versa; the token exchange protocol operating by chaining transactions together so that a forged transaction entered into the interaction between Workstation and secure computer is detected the very next time a legitimate transaction is received by a logic and control unit; a cryptographic checksum protocol used to assure transactions between the logic and control units have not been tampered with, the checksum protocol authenticating single transactions between the Workstation and the secure computer rather than sequences of transactions; and an identification and authentication protocol invoked when a user wishes to interact with the secure computer for some period of time, using the keyboard and display of the Workstation and the untrusted communications medium, the period of interaction being a session, and the act of initiating a session called logon, and that of terminating one is called logout.
-
Specification