Method and apparatus for enforcing the use of cryptography in an international cryptography framework

US 5,907,620 A
Filed: 08/23/1996
Issued: 05/25/1999
Est. Priority Date: 08/23/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptographic policies, said cryptographic apparatus comprising:

a policy element for enabling execution of any cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which said international cryptography framework is used;

a cryptographic unit including a cryptographic engine, said cryptographic unit executing said cryptographic scheme, wherein said policy element is in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element; and

at least one reader for placing said policy element in communication with said cryptographic unit.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic framework consists of four basic service elements that include a national flag card, a cryptographic unit, a host system, and a network security server. Three of the four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it'"'"'s services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements. Several different configurations that support policy within a cryptographic system allow the framework to be adapted to various connection schemes involving, at least, the cryptographic unit and the policy, including dedicated applications, e.g. a policy provided in a cryptographic unit having either a built-in or local smart card reader, or a policy in a remote smart card reader; and shared applications, e.g. a policy provided in a host system local smart card reader.

Citations

36 Claims

1. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptographic policies, said cryptographic apparatus comprising:
- a policy element for enabling execution of any cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which said international cryptography framework is used;
  
  a cryptographic unit including a cryptographic engine, said cryptographic unit executing said cryptographic scheme, wherein said policy element is in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element; and
  
  at least one reader for placing said policy element in communication with said cryptographic unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1, wherein said reader is dedicated to reading only the policy element.
  - 3. The apparatus of claim 1, wherein said reader is a shared reader that both activates said cryptographic unit and that performs at least one other function.
  - 4. The apparatus of claim 1, wherein said reader is built into said cryptographic unit.
  - 5. The apparatus of claim 1, wherein said reader is located proximate to said cryptographic unit.
  - 6. The apparatus of claim 1, wherein said reader is remote from said cryptographic unit, said cryptographic unit being activated by said policy element across a network.
  - 7. The apparatus of claim 1, wherein said policy element is a tamper-resistant smart card to which unauthorized entry, or duplication thereof, is substantially prevented.
  - 8. The apparatus of claim 1, wherein said policy element implements at least one additional cryptography engine in combination with said cryptographic unit.

9. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus comprising:
- a policy element for enabling execution of any cryptographic scheme required by a particular application, wherein said cryptographic scheme implements a cryptographic standard;
  
  a cryptographic unit including a cryptographic engine, said cryptographic unit implementing said cryptographic scheme if and only if said cryptographic unit is used in combination with a valid policy element; and
  
  a host system for executing an information technology application, said host system being in communication with said cryptographic unit and implementing said cryptographic scheme if and only if said host system is used with combination with a cryptographic unit and a valid policy element; and
  
  a reader for placing said policy element in communication with said cryptographic unit.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The apparatus of claim 9, wherein said reader is dedicated to reading only the policy element.
  - 11. The apparatus of claim 9, wherein said reader is a shared reader that both activates said cryptographic unit and that performs at least one other function.
  - 12. The apparatus of claim 9, wherein said reader is built into said cryptographic unit.
  - 13. The apparatus of claim 9, wherein said reader is located proximate to said cryptographic unit.
  - 14. The apparatus of claim 9, wherein said reader is remote from said cryptographic unit, said cryptographic unit being activated by said policy element across a network.
  - 15. The apparatus of claim 9, wherein said policy element is a tamper-resistant smart card to which unauthorized entry, or duplication thereof, is substantially prevented.
  - 16. The apparatus claim 9, wherein said policy element implements at least one additional cryptography engine in combination with said cryptographic unit.
  - 17. The apparatus of claim 9, wherein said cryptographic scheme may comprise any of a cryptographic algorithm, a specified level of cryptography, a national policy, information personalization, and system and network access metering.

18. In a cryptographic apparatus for an international cryptography framework a method for providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptography policies, said method comprising the steps of:
- providing a policy element for enabling operation of a cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which the cryptographic function is used;
  
  using a reader to place said policy element in communication with a cryptographic unit;
  
  operating said policy element in combination with said cryptographic unit, said cryptographic unit including a cryptographic engine, said cryptographic unit executing said encryption scheme; and
  
  executing an information technology application with said host system, said host system being in communication with said cryptographic unit via an application programming interface.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The method of claim 18, wherein said reader is dedicated to reading only the policy element.
  - 20. The method of claim 18, wherein said reader is a shared reader that both activates said cryptographic unit and that performs at least one other function.
  - 21. The method of claim 18, wherein said reader is built into said cryptographic unit.
  - 22. The method of claim 18, wherein said reader is located proximate to said cryptographic unit.
  - 23. The method of claim 18, wherein said reader is remote from said cryptographic unit, said cryptographic unit being activated by said policy element across a network.
  - 24. The method of claim 18, wherein said policy element is a tamper-resistant smart card to which unauthorized entry or duplication thereof, is substantially prevented.

25. In a cryptographic apparatus for an international cryptography framework, a policy mechanism for controlling operation of a cryptographic unit, said policy element comprising:
- a policy element; and
  
  at least one reader for connecting said policy element to said cryptographic unit, wherein said policy mechanism is placed in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. The policy mechanism of claim 25, wherein said reader is dedicated to reading only the policy element.
  - 27. The policy mechanism of claim 25, wherein said reader is a shared reader that both activates said cryptographic unit and that performs at least one other function.
  - 28. The policy mechanism of claim 25, wherein said reader is built into said cryptographic unit.
  - 29. The policy mechanism of claim 25, wherein said reader is located proximate to said cryptographic unit.
  - 30. The policy mechanism of claim 25, wherein said reader is remote from said cryptographic unit, said cryptographic unit being activated by said policy element across a network.
  - 31. The policy mechanism of claim 25, wherein said policy element is a tamper-resistant smart card to which unauthorized entry or duplication thereof, is substantially impossible.
  - 32. The policy mechanism of claim 25, wherein said policy element implements at least one cryptographic engine in combination with said cryptographic unit.
  - 33. The policy mechanism of claim 25, wherein said policy element includes a cryptographic function and at least one other function.
  - 34. The policy mechanism of claim 33, said at least one other function including any of establishing identity, establishing privileges, establishing rights, enabling capabilities, and creating an audit trail.
  - 35. The policy mechanism of claim 25, wherein said policy element controls the operation of more than one cryptographic unit.
  - 36. The policy mechanism of claim 25, wherein said policy element controls the operation of a prime cryptographic unit which, in turn, activates and controls the operation or one or more other cryptographic units.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cheyenne Property Trust
Original Assignee
Cheyenne Property Trust
Inventors
Klemba, Keith, Fieres, Helmut, Merkling, Roger
Primary Examiner(s)
Gregory, Bernarr E.

Application Number

US08/702,304
Time in Patent Office

1,005 Days
Field of Search

380/1, 380/2, 380/3, 380/9, 380/23, 380/25, 380/49, 380/50, 380/59, 380/10, 380/16, 380/20
US Class Current

713/189
CPC Class Codes

G06F 21/6236   between heterogeneous systems

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 9/3234   involving additional secure...

Y04S 40/20   Information technology spec...

Method and apparatus for enforcing the use of cryptography in an international cryptography framework

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for enforcing the use of cryptography in an international cryptography framework

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links