Event auditing system

US 5,978,475 A
Filed: 07/18/1997
Issued: 11/02/1999
Est. Priority Date: 07/18/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:

(a) receiving a quantity to be logged;

(b) concatenating said quantity with at least a portion of a verification chain entry for a preceding entry;

(c) using an entry-specific cryptographic key having been derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, performing a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and

(d) writing, to a memory, an audit log entry including said quantity and said generated verification chain entry.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In many computer applications, sensitive information must be kept on an untrusted machine. Such information must be protected against attackers, as well as against partially trusted entities to be given partial, but not total, access to the stored information. This invention provides a method, apparatus and computer-readable data structure for inhibiting an attacker from accessing or corrupting information stored by an untrusted machine. More specifically, in a log file generated during a process in which the untrusted machine is in limited communication with a trusted machine, entries generated prior to the attack remain secure (they cannot be modified without detection), even though subsequent entries can not be trusted. One embodiment of the invention also allows a partially trusted verifier to read and verify entries in the log file, but not to change them without detection. In another embodiment of the invention, operating with or without the trusted machine, the untrusted machine'"'"'s log file can also incorporate log files of other processes.

476 Citations

70 Claims

1. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:
- (a) receiving a quantity to be logged;
  
  (b) concatenating said quantity with at least a portion of a verification chain entry for a preceding entry;
  
  (c) using an entry-specific cryptographic key having been derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, performing a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and
  
  (d) writing, to a memory, an audit log entry including said quantity and said generated verification chain entry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The method of claim 1 further comprising the step of generating a cryptographic key usable for a subsequently generated audit log entry by computing a cryptographic hash on said entry-specific cryptographic key.
  - 3. The method of claim 2 further comprising the step of deleting said entry-specific cryptographic key.
  - 4. The method of claim 1 wherein said verifiable cryptographic operation is an encryption operation using said entry-specific cryptographic key.
  - 5. The method of claim 4 wherein said verifiable cryptographic operation is a MAC operation using said entry-specific cryptographic key as an authentication key for said MAC.
  - 6. The method of claim 1 where said quantity includes a datum.
  - 7. The method of claim 6 where said datum is an encrypted value.
  - 8. The method of claim 1 where:
    - (a) said quantity includes a permission mask; and
      
      (b) said entry-specific cryptographic key depends on;
      
      (i) said permission mask, in addition to(ii) said cryptographic key for said preceding entry.
  - 9. The method of claim 1 comprising the step, prior to said step of receiving said datum, of establishing mutually verified communications with a logging partner.
  - 10. The method of claim 9 wherein said logging partner is a trusted computer.
  - 11. The method of claim 9 wherein said logging partner is an untrusted computer.
  - 12. The method of claim 11 further comprising the step of committing, to said untrusted computer, an information pertaining to a final audit log entry.
  - 13. The method of claim 11 wherein said logging partner is part of a distributed logging scheme involving a plurality of untrusted computers.
  - 14. The method of claim 13 wherein said distributed logging scheme includes maintaining parallel logfiles on at least some of said untrusted computers.
  - 15. The method of claim 14 further comprising storing said quantity plus at least one pad value in at least some of said logfiles.
  - 16. The method of claim 13 where said distributed logging scheme includes using a secret sharing scheme to store a logging parameter among at least some of said untrusted machines.
  - 17. The method of claim 1 where said step of writing said audit log entry to said memory includes writing said audit log entry to a non-rewritable medium.
  - 18. The method of claim 1 wherein step (b) further comprises including a value from a complementary audit log process in said verification chain entry.
  - 19. The method of claim 1 further comprising the step of transmitting said audit log entry to a trusted computer.
  - 20. The method of claim 8 further comprising the step of transmitting said audit log entry to a partially trusted verifier.
  - 21. The method of claim 1 further comprising the use of an asymmetric cryptographic operation in at least one of steps (a), (b), and (c).
  - 22. The method of claim 1 where said step of writing said audit log entry to said memory includes writing said audit log entry to an electronic wallet.

23. A computer-readable medium embodying a software program for creating an audit log entry having enhanced security against tampering, said software program comprising:
- (a) program code configured to receive a quantity to be logged;
  
  (b) program code configured to concatenate said quantity with at least a portion of a verification chain entry for a preceding entry;
  
  (c) program code configured to use an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for a preceding entry, to perform a verifiable cryptographic operation on the result of step (b) to generate a current verification chain entry; and
  
  (d) program code configured to write, to a memory, an audit log entry including said quantity and said generated verification chain entry.
- View Dependent Claims (24)
- - 24. The software program of claim 23 contained in an electronic wallet.

25. A computer-readable medium comprising a data structure for use as an audit log entry having enhanced security against tampering, said data structure including:
- (a) a logged quantity; and
  
  (b) a verification chain entry comprising a verifiable cryptographic representation of;
  
  (i) at least a portion of a preceding verification chain entry, and(ii) said logged quantity;
  
  said cryptographic representation having been computed using an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for said preceding entry.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42)
- - 26. The computer-readable medium of claim 25 comprising an electronic wallet.
  - 27. The computer-readable medium of claim 25, said verifiable cryptographic operation being an encryption operation using said entry-specific cryptographic key.
  - 28. The computer-readable medium of claim 25, said verifiable cryptographic operation being a MAC operation using said entry-specific cryptographic key as an authentication key for said MAC.
  - 29. The computer-readable medium of claim 25 where said logged quantity includes a datum.
  - 30. The computer-readable medium of claim 25 where said datum is an encrypted value.
  - 31. The computer-readable medium of claim 25 where:
    - (a) said logged quantity includes a permission mask, and(b) said entry-specific cryptographic key depends on;
      
      (i) said permission mask, in addition to(ii) said cryptographic key for said preceding entry.
  - 32. The computer-readable medium of claim 31 further comprising initialization information evidencing the status of mutually verified communication with a logging partner.
  - 33. The computer-readable medium of claim 32 wherein said logging partner is a trusted computer.
  - 34. The computer-readable medium of claim 32 wherein said logging partner is an untrusted computer.
  - 35. The computer-readable medium of claim 34 wherein said mutually verified communication includes a commitment to an information pertaining to a final audit log entry.
  - 36. The computer-readable medium of claim 34 wherein said logging partner is part of a distributed logging scheme using a plurality of untrusted computers.
  - 37. The computer-readable medium of claim 36 wherein said distributed logging scheme includes maintaining parallel logfiles on at least some of said untrusted computers.
  - 38. The computer-readable medium of claim 37 wherein said parallel logging includes the use of pad values in at least some of said logfiles.
  - 39. The computer-readable medium of claim 36 wherein said distributed logging scheme includes secret sharing to store a logging parameter among at least some of said untrusted computers.
  - 40. The computer-readable medium of claim 25 wherein said computer-readable medium is non-rewritable.
  - 41. The computer-readable medium of claim 25 wherein said verification chain entry further comprises a value from a complementary audit log process.
  - 42. The computer-readable medium of claim 25 wherein at least one of said elements (a), (b), (c), and (d) reflects the use of asymmetric cryptographic operations.

43. A method for verifying entries in an audit log, comprising the steps of:
- (a) receiving an audit log including a plurality of log entries, each entry having;
  
  (i) a logged quantity; and
  
  (ii) a verification chain entry comprising a verifiable cryptographic representation of;
  
  (A) at least a portion of a preceding verification chain entry, and(B) said logged quantity;
  
  said cryptographic representation having been computed using an entry-specific cryptographic key that was derived by computing a cryptographic hash on at least a cryptographic key for said preceding entry; and
  
  (b) verifying a sequence of said verification chain entries from their respective preceding verification chain entries.
- View Dependent Claims (44, 45)
- - 44. The method of claim 43 where said step of verifying said sequence of said verification chain entries includes:
    - (a) extracting, from said audit log, initialization information including a starting cryptographic key; and
      
      (b) starting from said extracted starting authentication key, computing an entry-specific cryptographic key for each of said audit log entries in said sequence by performing a cryptographic hash operation on at least a cryptographic key for a preceding audit log entry.
  - 45. The method of claim 44 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed cryptographic keys.

46. A method for creating an audit log entry having enhanced security against tampering, comprising the steps of:
- (a) receiving a datum to be logged;
  
  (b) encrypting said datum with a first cryptographic key;
  
  (c) concatenating a permission mask and a first verification chain entry with said encrypted datum;
  
  (d) performing a first verifiable cryptographic operation on the result of step (c) to generate a second verification chain entry; and
  
  (e) using a first authentication key, performing an authenticatable cryptographic operation on said second verification chain entry to form a cryptographically authenticatable representation thereof;
  
  (f) writing, to a memory, an audit log entry including said encrypted datum, said permission mask, said second verification chain entry, and said cryptographically authenticatable representation of said second verification chain entry.
- View Dependent Claims (47, 48, 49, 50, 51, 52)
- - 47. The method of claim 46 further comprising the step of generating a second authentication key usable for a subsequently generated audit log entry.
  - 48. The method of claim 47 wherein said step of generating a second authentication key includes computing a cryptographic hash on said first authentication key.
  - 49. The method of claim 46 further comprising the step of generating a second cryptographic key usable for a subsequently generated audit log entry.
  - 50. The method of claim 49 wherein said step of generating said second cryptographic key includes computing a cryptographic hash on said permission mask and said first authentication key.
  - 51. The method of claim 50 further comprising the step of deleting said first cryptographic key.
  - 52. The method of claim 50 further comprising the step of deleting said first authentication key.

53. A computer-readable medium embodying a software program for creating an audit log entry having enhanced security against tampering, said software program comprising:
- (a) program code configured to receive a datum to be logged;
  
  (b) program code configured to encrypt said datum with a first cryptographic key;
  
  (c) program code configured to concatenate a permission mask and a first verification chain entry with said encrypted datum;
  
  (d) program code configured to perform a first verifiable cryptographic operation on the result of step (c) to generate a second verification chain entry; and
  
  (e) program code configured to use a first authentication key to perform an authenticatable cryptographic operation on said second verification chain entry to form a cryptographically authenticatable representation thereof;
  
  (f) program code configured to write, to a memory, an audit log entry including said encrypted data, said permission mask, said second verification chain entry, and said cryptographically authenticatable representation of said second verification chain entry.
- View Dependent Claims (54)
- - 54. The software program of claim 53 contained in an electronic wallet.

55. A computer-readable medium comprising a data structure for use as an audit log entry having enhanced security against tampering, said data structure including:
- (a) a permission mask;
  
  (b) an encrypted datum having been encrypted using a cryptographic key, said cryptographic key comprising a first cryptographic representation of;
  
  (i) said permission mask, and(ii) an authentication key;
  
  (c) a verification chain entry comprising a second cryptographic representation of;
  
  (i) a preceding verification chain entry,(ii) said permission mask, and(iii) said encrypted datum; and
  
  (d) a third cryptographic representation, of said verification chain entry, having been derived by performing an authenticatable cryptographic operation on said verification chain entry using said authentication key.
- View Dependent Claims (56, 57, 58, 59, 60)
- - 56. The computer-readable medium of claim 55 comprising an electronic wallet.
  - 57. The data structure of claim 55, said first cryptographic representation having been derived using a cryptographic hash operation.
  - 58. The data structure of claim 55, said second cryptographic representation having been derived using a cryptographic hash operation.
  - 59. The data structure of claim 55, said authenticatable cryptographic operation being a MAC operation.
  - 60. The data structure of claim 55, said authentication key having been derived by performing a cryptographic hash operation on a preceding authentication key.

61. A method for verifying entries in an audit log, comprising the steps of:
- (a) receiving an audit log including a plurality of log entries, each entry having;
  
  (i) a permission mask,(ii) an encrypted datum having been encrypted using a cryptographic key, said cryptographic key being a first cryptographic representation of;
  
  (A) said permission mask, and(B) an authentication key specific to said entry,(iii) a verification chain entry that is a second cryptographic representation of;
  
  (A) a preceding verification chain entry,(B) said permission mask, and(C) said encrypted datum; and
  
  (iv) a cryptographically authenticatable representation of said verification chain entry, derived by performing an authenticatable cryptographic operation on said verification chain entry using said authentication key; and
  
  (b) verifying a sequence of said verification chain entries from their respective preceding verification chain entries.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68, 69, 70)
- - 62. The method of claim 61 further comprising the steps of:
    - (a) extracting, from said audit log;
      
      (i) initialization information including a starting authentication key and a starting cryptographic key, and(ii) a permission mask entry for each of said audit log entries; and
      
      (b) starting from said extracted starting authentication key, computing an authentication key, for each of said audit log entries, by performing a first cryptographic operation on an authentication key for a preceding audit log entry.
  - 63. The method of claim 62 wherein said first cryptographic operation is a hash operation.
  - 64. The method of claim 62 further comprising the step of verifying a last of said verification chain entries by recomputing said third cryptographic representation of said last verification chain entry, using said authentication key for said last of said audit log entries.
  - 65. The method of claim 62 further comprising the step of verifying each of said verification chain entries using a corresponding one of said computed authentication keys.
  - 66. The method of claim 62 further comprising the step of computing a cryptographic key for each of said audit log entries, by performing a second cryptographic operation on corresponding ones of said permission masks and said computed authentication keys.
  - 67. The method of claim 66 wherein said second cryptographic operation is a hash operation.
  - 68. The method of claim 66 further comprising the step of decrypting at least some of said encrypted data using corresponding ones of said computed cryptographic keys.
  - 69. The method of claim 61 further comprising the steps of:
    - (a) identifying a subset of said audit log entries to which access is desired;
      
      (b) sending a request, including corresponding ones of said permission masks for said audit log entries of said subset, to a trusted computer that participated in creation of said audit log; and
      
      (c) receiving from said trusted computer a response to said request, said response including a cryptographic key for each of said audit log entries in said request, each said cryptographic key having been computed from said permission masks in said request.
  - 70. The method of claim 69 further comprising the step of using said received cryptographic keys to decrypt said audit log entries of said subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
BT Americas Incorporated (BT Group PLC)
Original Assignee
BT Counterpane, Inc. (BT Group PLC)
Inventors
Kelsey, John M., Schneier, Bruce
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Callahan, Paul E.

Application Number

US08/896,785
Time in Patent Office

837 Days
Field of Search

395/187.01, 395/183.21, 395/184.01, 395/185.01-185.09, 395/186, 395/188.01, 395/200.3, 395/280, 380/3, 380/4, 380/23, 380/20, 711/164, 364/184-186
US Class Current

713/177
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

G06F 2221/2101   Auditing as a secondary aspect

G06F 2221/2107   File encryption

H04L 2209/04   Masking or blinding

H04L 2209/56   Financial cryptography, e.g...

H04L 9/0825   using asymmetric-key encryp...

H04L 9/0841   involving Diffie-Hellman or...

H04L 9/321   involving a third party or ...

H04L 9/3242   involving keyed hash functi...

H04L 9/3297   involving time stamps, e.g....

H04L 9/50   using hash chains, e.g. blo...

Event auditing system

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

476 Citations

70 Claims

Specification

Solutions

Use Cases

Quick Links

Event auditing system

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

476 Citations

70 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links