System and method for signing a message to provide one-time approval to a plurality of parties
First Claim
1. A method for batch signing, comprising:
- initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances;
in response to initiating the management operation, generating an operation context identifying the management operation, the operation context generated by one of the plurality of security appliances;
generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces;
assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance;
signing the message using a plurality of encryption keys required to authorize performance of the identified management operation;
receiving the signed message by a particular security appliance of the plurality of security appliances;
in response to receiving the signed message by the particular security appliance, examining, by the particular security appliance, the signed message to determine whether a particular nonce associated with the particular security appliance is present in the signed message, wherein the particular nonce is one of the different random nonces generated by the particular security appliance;
in response to determining that the particular nonce is present in the signed message, performing, by the particular security appliance that received the signed message, the identified management operation; and
in response to determining that the particular nonce is not present in the signed message, disallowing the particular security appliance from performing the identified management operation.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for batch signing of a message is provided. An administrator initiates a management operation directed to a plurality of security appliances organized as a cluster. In response, the security appliance generates an operation context identifying the management operation to be performed. In addition, a secure encryption processor (SEP) of each security appliance generates a random nonce. The nonces are then assembled along with the operation context into a single message. The message is then cryptographically signed by an appropriate number of administrators using a cryptographic key associated with each administrator. The signed message is returned to the security appliances, where each security appliance examines the signed message and determines whether its nonce is present within the message. If so, the security appliance performs the desired management operation. However, if its nonce is not present in the signed message, the management operation is disallowed and not performed.
98 Citations
13 Claims
-
1. A method for batch signing, comprising:
-
initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances; in response to initiating the management operation, generating an operation context identifying the management operation, the operation context generated by one of the plurality of security appliances; generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces; assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance; signing the message using a plurality of encryption keys required to authorize performance of the identified management operation; receiving the signed message by a particular security appliance of the plurality of security appliances; in response to receiving the signed message by the particular security appliance, examining, by the particular security appliance, the signed message to determine whether a particular nonce associated with the particular security appliance is present in the signed message, wherein the particular nonce is one of the different random nonces generated by the particular security appliance; in response to determining that the particular nonce is present in the signed message, performing, by the particular security appliance that received the signed message, the identified management operation; and in response to determining that the particular nonce is not present in the signed message, disallowing the particular security appliance from performing the identified management operation. - View Dependent Claims (2, 3, 4)
-
-
5. A system for batch signing, comprising:
-
means for initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances; means for generating an operation context identifying the management operation on one of the plurality of security appliances in response to initiating the management operation; means for generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces; means for assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance; means for signing the message using a plurality of encryption keys required to authorize performance of the identified management operation; means for receiving the signed message by a particular security appliance of the plurality of security appliances; means for examining the signed message by the particular security appliance to determine whether a particular nonce associated with the particular security appliance is present in the signed message in response to receiving the signed message by the particular security appliance, wherein the particular nonce is one of the different random nonce generated by the particular security appliance; means for performing, by the particular security appliance, the identified management operation in response to determining that the particular nonce is present in the signed message; and means for disallowing the particular security appliance from performing the identified management operation in response to determining that the particular nonce is not present in the signed message.
-
-
6. A non-transitory computer readable medium containing executable program instructions executable by a processor, comprising:
-
program instructions that initiate a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances; program instructions that generate an operation context identifying the management operation, the operation context generated on one of the plurality of security appliances; program instructions that generate a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces; program instructions that assemble the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance; program instructions that sign the message using a plurality of encryption keys required to authorize performance of the identified management operation; program instructions that receive the signed message by a particular security appliance of the plurality of security appliances; program instructions that examine the signed message by the particular security appliance to determine whether a particular nonce associated with the particular security appliance is present in the signed message, in response to the message being signed by the plurality of encryption keys, wherein the particular nonce is one of the different random nonces generated by the particular security appliance; program instructions that perform, by the particular security appliance, the identified management operation in response to determining that the particular nonce generated by the particular security appliance is present in the signed message; and program instructions that disallow the particular security appliance from performing the identified management operation in response to determining that the particular nonce is not present in the signed message.
-
-
7. A system for batch signing, comprising:
-
a plurality of security appliances organized into a cluster, each of the security appliances having a respective secure encryption processor and configured to generate a different random nonce, wherein one of the plurality of security appliances is further configured to generate an operation context identifying a management operation and assemble the plurality of generated random nonces, a plurality of security appliance identifiers, and the operation context into a message, wherein each of the plurality of security appliance identifiers being associated with a respective security appliance; a plurality of encryption keys required to authorize performance of the identified management operation, wherein each of the encryption keys are used to cryptographically sign the message; and wherein each of the plurality of security appliances is further configured to; receive, in response to the message being cryptographically signed by the plurality of encryption keys required to authorize performance of the identified management operation, the cryptographically signed message, examine the cryptographically signed message to determine whether a particular nonce associated with the examining security appliance is included in the cryptographically signed message, perform, by the examining security appliance, the identified management operation in response to determining that the particular nonce associated with the examining security appliance is included in the signed message, and disallow the examining security appliance from performing the identified management operation in response to determining that the particular nonce is not included in the signed message. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
Specification