Method and apparatus for enforcing the use of cryptography in an international cryptography framework
First Claim
1. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptographic policies, said cryptographic apparatus comprising:
- a policy element for enabling execution of any cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which said international cryptography framework is used;
a cryptographic unit including a cryptographic engine, said cryptographic unit executing said cryptographic scheme, wherein said policy element is in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element; and
at least one reader for placing said policy element in communication with said cryptographic unit.
1 Assignment
0 Petitions
Accused Products
Abstract
A cryptographic framework consists of four basic service elements that include a national flag card, a cryptographic unit, a host system, and a network security server. Three of the four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it'"'"'s services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements. Several different configurations that support policy within a cryptographic system allow the framework to be adapted to various connection schemes involving, at least, the cryptographic unit and the policy, including dedicated applications, e.g. a policy provided in a cryptographic unit having either a built-in or local smart card reader, or a policy in a remote smart card reader; and shared applications, e.g. a policy provided in a host system local smart card reader.
-
Citations
36 Claims
-
1. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptographic policies, said cryptographic apparatus comprising:
-
a policy element for enabling execution of any cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which said international cryptography framework is used; a cryptographic unit including a cryptographic engine, said cryptographic unit executing said cryptographic scheme, wherein said policy element is in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element; and at least one reader for placing said policy element in communication with said cryptographic unit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A cryptographic apparatus for an international cryptography framework, said cryptographic apparatus comprising:
-
a policy element for enabling execution of any cryptographic scheme required by a particular application, wherein said cryptographic scheme implements a cryptographic standard; a cryptographic unit including a cryptographic engine, said cryptographic unit implementing said cryptographic scheme if and only if said cryptographic unit is used in combination with a valid policy element; and a host system for executing an information technology application, said host system being in communication with said cryptographic unit and implementing said cryptographic scheme if and only if said host system is used with combination with a cryptographic unit and a valid policy element; and a reader for placing said policy element in communication with said cryptographic unit. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. In a cryptographic apparatus for an international cryptography framework a method for providing a uniform cryptographic function that operates in a manner consistent with diverse national, regional, industry, or agency cryptography policies, said method comprising the steps of:
-
providing a policy element for enabling operation of a cryptographic scheme required by a particular national, regional, industry, or agency cryptographic policy of the domain in which the cryptographic function is used; using a reader to place said policy element in communication with a cryptographic unit; operating said policy element in combination with said cryptographic unit, said cryptographic unit including a cryptographic engine, said cryptographic unit executing said encryption scheme; and executing an information technology application with said host system, said host system being in communication with said cryptographic unit via an application programming interface. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. In a cryptographic apparatus for an international cryptography framework, a policy mechanism for controlling operation of a cryptographic unit, said policy element comprising:
-
a policy element; and at least one reader for connecting said policy element to said cryptographic unit, wherein said policy mechanism is placed in communication with said cryptographic unit, and wherein cryptographic functions cannot be executed by said cryptographic unit in the absence of said policy element. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification