System and method for enterprise security including symmetric key protection
First Claim
Patent Images
1. A computer executable method for deploying a symmetric key in a software application comprising the steps of:
- providing a software application as source code for installation at a plurality of computer systems;
providing an application-base-secret, associated with the source code, which is accessible by all installed instances of the software application at the plurality of computer systems;
providing an application-keypair, associated with the source code, which includes an application public key and an application private key, wherein the application public key of the application-keypair is also accessible by all of the installed instances of the software application, and wherein the application private key is associated with a utility application;
using the utility application to install a particular instance of the software application at a particular computer system, including, for the particular instancegenerating, at the time of installation of the particular instance of the software application at the particular computer system, an instance-base-secret which is unique to the particular instance of the software application,encrypting the instance-base-secret using the application private key from the application-keypair that is associated with the utility application,generating an instance-keypair, using the application-base-secret and the instance-base-secret, which includes an instance public key and an instance private key, wherein the instance-keypair is also unique to the particular instance of the software application,creating an instance certificate using a certificate authority and the instance public key from the instance-keypair, so that the instance certificate is unique to the particular instance of the software application,creating a digital signature of the encrypted instance-base-secret using the instance private key of the instance-keypair, and using the digital signature to sign the instance certificate,associating the instance certificate with the particular instance of the software application, andremoving the instance private key; and
thereafter periodically verifying the authenticity of the instance certificate.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for enterprise security including symmetric key protection. In accordance with an embodiment, the system provides a higher level of protection against unauthorized key disclosure by encrypting randomly generated seed data used for key generation, and using digital signatures and asymmetric encryption.
17 Citations
20 Claims
-
1. A computer executable method for deploying a symmetric key in a software application comprising the steps of:
-
providing a software application as source code for installation at a plurality of computer systems; providing an application-base-secret, associated with the source code, which is accessible by all installed instances of the software application at the plurality of computer systems; providing an application-keypair, associated with the source code, which includes an application public key and an application private key, wherein the application public key of the application-keypair is also accessible by all of the installed instances of the software application, and wherein the application private key is associated with a utility application; using the utility application to install a particular instance of the software application at a particular computer system, including, for the particular instance generating, at the time of installation of the particular instance of the software application at the particular computer system, an instance-base-secret which is unique to the particular instance of the software application, encrypting the instance-base-secret using the application private key from the application-keypair that is associated with the utility application, generating an instance-keypair, using the application-base-secret and the instance-base-secret, which includes an instance public key and an instance private key, wherein the instance-keypair is also unique to the particular instance of the software application, creating an instance certificate using a certificate authority and the instance public key from the instance-keypair, so that the instance certificate is unique to the particular instance of the software application, creating a digital signature of the encrypted instance-base-secret using the instance private key of the instance-keypair, and using the digital signature to sign the instance certificate, associating the instance certificate with the particular instance of the software application, and removing the instance private key; and thereafter periodically verifying the authenticity of the instance certificate. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16, 19)
-
-
9. A system for use in deploying a symmetric key in a software application comprising:
-
a microprocessor; a software application provided as source code for installation at a plurality of computer systems; an application-base-secret, provided within the source code of the software application, wherein the application-base-secret is accessible by all installed instances of the software application at the plurality of computer systems; an application-keypair, which includes an application public key and an application private key, provided within the source code of the software application, wherein the application public key of the application-keypair is accessible by all installed instances of the software application, and wherein the application private key is associated with a utility application; and an installer at a particular computer system that incorporates the utility application and that generates, at the time of installation of the software application, an instance-base-secret wherein the instance-base-secret is unique to a particular instance of the software application at the particular computer system, encrypts the instance-base-secret using the application private key from the application-keypair that is associated with the utility application, generates, during installation of the software application, an instance-keypair, using the application-base-secret and the instance-base-secret, which includes an instance public key and an instance private key, wherein the instance-keypair is also unique to the particular instance of the software application, creates an instance certificate using a certificate authority and the instance public key from the instance-keypair, so that the instance certificate is unique to the particular instance of the software application, creates a digital signature of the encrypted instance-base-secret using the instance private key of the instance-keypair, and uses the digital signature to sign the instance certificate, associates the instance certificate with the particular instance of the software application, and removes the instance private key; and wherein the authenticity of the instance certificate is thereafter periodically verified. - View Dependent Claims (10, 11, 12, 13, 17, 18, 20)
-
-
14. A non-transitory computer readable medium, including instructions stored thereon, which when read and executed by a computer cause the computer to perform the steps comprising:
-
receiving a software application as source code, for installation at the computer; retrieving, from within the source code of the software application, an application-base-secret which is accessible by all installed instances of the software application; retrieving, from within the source code of the software application, an application-keypair, which includes an application public key and an application private key, wherein the application public key of the application-keypair is also accessible by all installed instances of the software application, and wherein the application private key is associated with a utility application; installing a particular instance of the software application at a particular computer system, using the utility application, including, for the particular instance, generating, at the time of installation of the particular instance of the software application at the particular computer system, an instance-base-secret which is unique to the particular instance of the software application, encrypting the instance-base-secret using the application private key from the application-keypair that is associated with the utility application, generating an instance-keypair, using the application-base-secret and the instance-base-secret, which includes an instance public key and an instance private key, wherein the instance-keypair is also unique to the particular instance of the software application, creating an instance certificate using a certificate authority and the instance public key from the instance-keypair, so that the instance certificate is unique to the particular instance of the software application, creating a digital signature of the encrypted instance-base-secret using the instance private key of the instance-keypair, and using the digital signature to sign the instance certificate, associating the instance certificate with the particular instance of the software application, and removing the instance private key; and thereafter periodically verifying the authenticity of the instance certificate.
-
Specification