System and method for signing a message to provide one-time approval to a plurality of parties

US 8,607,046 B1
Filed: 04/23/2007
Issued: 12/10/2013
Est. Priority Date: 04/23/2007
Status: Active Grant

First Claim

Patent Images

1. A method for batch signing, comprising:

initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances;

in response to initiating the management operation, generating an operation context identifying the management operation, the operation context generated by one of the plurality of security appliances;

generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces;

assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance;

signing the message using a plurality of encryption keys required to authorize performance of the identified management operation;

receiving the signed message by a particular security appliance of the plurality of security appliances;

in response to receiving the signed message by the particular security appliance, examining, by the particular security appliance, the signed message to determine whether a particular nonce associated with the particular security appliance is present in the signed message, wherein the particular nonce is one of the different random nonces generated by the particular security appliance;

in response to determining that the particular nonce is present in the signed message, performing, by the particular security appliance that received the signed message, the identified management operation; and

in response to determining that the particular nonce is not present in the signed message, disallowing the particular security appliance from performing the identified management operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for batch signing of a message is provided. An administrator initiates a management operation directed to a plurality of security appliances organized as a cluster. In response, the security appliance generates an operation context identifying the management operation to be performed. In addition, a secure encryption processor (SEP) of each security appliance generates a random nonce. The nonces are then assembled along with the operation context into a single message. The message is then cryptographically signed by an appropriate number of administrators using a cryptographic key associated with each administrator. The signed message is returned to the security appliances, where each security appliance examines the signed message and determines whether its nonce is present within the message. If so, the security appliance performs the desired management operation. However, if its nonce is not present in the signed message, the management operation is disallowed and not performed.

98 Citations

View as Search Results

13 Claims

1. A method for batch signing, comprising:
- initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances;
  
  in response to initiating the management operation, generating an operation context identifying the management operation, the operation context generated by one of the plurality of security appliances;
  
  generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces;
  
  assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance;
  
  signing the message using a plurality of encryption keys required to authorize performance of the identified management operation;
  
  receiving the signed message by a particular security appliance of the plurality of security appliances;
  
  in response to receiving the signed message by the particular security appliance, examining, by the particular security appliance, the signed message to determine whether a particular nonce associated with the particular security appliance is present in the signed message, wherein the particular nonce is one of the different random nonces generated by the particular security appliance;
  
  in response to determining that the particular nonce is present in the signed message, performing, by the particular security appliance that received the signed message, the identified management operation; and
  
  in response to determining that the particular nonce is not present in the signed message, disallowing the particular security appliance from performing the identified management operation.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the respective secure encryption processor at each security appliance generates each of the different random nonces.
  - 3. The method of claim 1 wherein each of the plurality of required encryption keys is associated with a recovery card.
  - 4. The method of claim 1 wherein the message comprises a plurality of messages, each of the plurality of messages including the plurality of the different random nonces and the plurality of security appliance identifiers.

5. A system for batch signing, comprising:
- means for initiating a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances;
  
  means for generating an operation context identifying the management operation on one of the plurality of security appliances in response to initiating the management operation;
  
  means for generating a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces;
  
  means for assembling the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance;
  
  means for signing the message using a plurality of encryption keys required to authorize performance of the identified management operation;
  
  means for receiving the signed message by a particular security appliance of the plurality of security appliances;
  
  means for examining the signed message by the particular security appliance to determine whether a particular nonce associated with the particular security appliance is present in the signed message in response to receiving the signed message by the particular security appliance, wherein the particular nonce is one of the different random nonce generated by the particular security appliance;
  
  means for performing, by the particular security appliance, the identified management operation in response to determining that the particular nonce is present in the signed message; and
  
  means for disallowing the particular security appliance from performing the identified management operation in response to determining that the particular nonce is not present in the signed message.

6. A non-transitory computer readable medium containing executable program instructions executable by a processor, comprising:
- program instructions that initiate a management operation to be performed on a plurality of storage systems, each storage system including an associated security appliance having a respective secure encryption processor, wherein the security appliance associated with each storage system of the plurality of storage systems together forming a plurality of security appliances;
  
  program instructions that generate an operation context identifying the management operation, the operation context generated on one of the plurality of security appliances;
  
  program instructions that generate a different random nonce by each security appliance of the plurality of security appliances, the generation of each of the different random nonces together creating a plurality of the different random nonces;
  
  program instructions that assemble the plurality of the different random nonces, a plurality of security appliance identifiers, and the operation context into a message by a first security appliance of the plurality of security appliances, each of the plurality of security appliance identifiers being associated with a respective security appliance;
  
  program instructions that sign the message using a plurality of encryption keys required to authorize performance of the identified management operation;
  
  program instructions that receive the signed message by a particular security appliance of the plurality of security appliances;
  
  program instructions that examine the signed message by the particular security appliance to determine whether a particular nonce associated with the particular security appliance is present in the signed message, in response to the message being signed by the plurality of encryption keys, wherein the particular nonce is one of the different random nonces generated by the particular security appliance;
  
  program instructions that perform, by the particular security appliance, the identified management operation in response to determining that the particular nonce generated by the particular security appliance is present in the signed message; and
  
  program instructions that disallow the particular security appliance from performing the identified management operation in response to determining that the particular nonce is not present in the signed message.

7. A system for batch signing, comprising:
- a plurality of security appliances organized into a cluster, each of the security appliances having a respective secure encryption processor and configured to generate a different random nonce, wherein one of the plurality of security appliances is further configured to generate an operation context identifying a management operation and assemble the plurality of generated random nonces, a plurality of security appliance identifiers, and the operation context into a message, wherein each of the plurality of security appliance identifiers being associated with a respective security appliance;
  
  a plurality of encryption keys required to authorize performance of the identified management operation, wherein each of the encryption keys are used to cryptographically sign the message; and
  
  wherein each of the plurality of security appliances is further configured to;
  
  receive, in response to the message being cryptographically signed by the plurality of encryption keys required to authorize performance of the identified management operation, the cryptographically signed message,examine the cryptographically signed message to determine whether a particular nonce associated with the examining security appliance is included in the cryptographically signed message,perform, by the examining security appliance, the identified management operation in response to determining that the particular nonce associated with the examining security appliance is included in the signed message, anddisallow the examining security appliance from performing the identified management operation in response to determining that the particular nonce is not included in the signed message.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The system of claim 7 wherein the respective secure encryption processor at each security appliance is configured to generate each of the different random nonces.
  - 9. The system of claim 7 wherein the management operation comprises addition of a new security appliance to the cluster.
  - 10. The system of claim 7 wherein the encryption keys comprise recovery keys.
  - 11. The system of claim 10 wherein each respective secure encryption processor, of the plurality of security appliances, generates each of the different random nonces.
  - 12. The system of claim 7 wherein the plurality of security appliances are further configured to generate the different random nonces in response to initiation of the management operation.
  - 13. The system of claim 7 wherein the message comprises a plurality of messages, each of the plurality of messages including the plurality of the different random nonces and the plurality of security appliance identifiers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Silberman, Joshua, Subramanian, Ananthan, Okushi, Fumiaki
Primary Examiner(s)
Patel, Ashok
Assistant Examiner(s)
POTRATZ, DANIEL B

Application Number

US11/738,831
Time in Patent Office

2,423 Days
Field of Search

713/170, 713/171, 713/176, 713/168, 713179-182, 726/4, 726/9, 726/21, 726/1, 726/20
US Class Current

713/168
CPC Class Codes

G06F 21/40   by quorum, i.e. whereby two...

H04L 63/126   the source of the received ...

H04L 63/20   for managing network securi...

H04L 9/3228   One-time or temporary data,...

H04L 9/3247   involving digital signatures

System and method for signing a message to provide one-time approval to a plurality of parties

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

98 Citations

13 Claims

Specification

Use Cases

Quick Links

Others

System and method for signing a message to provide one-time approval to a plurality of parties

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

98 Citations

13 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others