KR20080014795A - Process of encryption and operational control of tagged data elements - Google Patents

Abstract

A process of encrypting an object having an associated object tag includes generating a cryptographic key by binding an organization split, a maintenance split, a random split, and at least one label split (710). A cryptographic algorithm is initialized with the cryptographic key, and the object is encrypted using the cryptographic algorithm (712) according to the object tag, to form an encrypted object. Combiner data is added to the encrypted object (711). The combiner data includes reference data, name data, a maintenance split or a maintenance level, and the random split (710). Alternatively, key splits are bound to generate a cryptographic key, and a cryptographic algorithm is initialized with the cryptographic key. The initialized cryptographic algorithm is applied to the object according to a cryptographic scheme determined by the object tag, to form an encrypted object. One of the key splits corresponds to a biometric measurement.

Description

Process of Encryption and Operational Control of Tagged Data Elements

The present invention relates to a method for protecting data and restricting physical or electronic access to information and operations.

The key is the most important part of the encryption plan. Their management is a critical element of any password based security. The true effectiveness of key management is the ability to generate, distribute, and maintain keys without requiring user interaction and without compromising system performance or cost.

Asymmetric cryptography, also known as public keys, has received significant attention in recent years. Public key methods include separate public encryption keys and private decryption keys that provide a difficult way to extract private keys from a public key. Public key management was developed to allow symmetric cryptography, such as the Data Encryption Standard (DES), to be executed and then establish encryption connectivity between the two points on the communication channel. Over the years, public key implementations have proved their validity to prove authenticity between entities. However, the public key method could not successfully handle the requirements of today's international networks.

Many modern public key implementations allow users to generate their own keys. These are responsible for leaving the organization vulnerable and in some cases if the user fails to identify the private key left behind. In addition, a third-party infrastructure design has been proposed to ensure the integrity of the public key. The Certificate Authority process identifies which public key has been issued for a particular user. The exchange of certificates for third parties can have a significant impact on the performance of the network.

Public key processes are also associated with high computational time. In many cases, hardware solutions have compensated for these high computational requirements. Since public key architectures are historically point-to-point designs, moving to a distributed network where group sharing of information takes place can result in higher transmission costs and greater network impact. Public key management systems work well in point-to-point communication and one-to-one information transfer, while taking too much time for a single file located on a server and decrypted by thousands of users. As the trend toward workgroups and complex communication subsystems continues, the need for more effective information and communication key management techniques becomes critical.

The shared secret key used in symmetric key cryptosystems is the earliest key management design and precedes public key management. Early symmetric key designs suffered an "n-sharing" problem because the required number of keys was very large and unmanaged when the number of users increased. In addition, these designs have not been effectively certified. Symmetric encryption exhibits significantly better processing performance than public key implementations.

In general, encryption systems are used to prevent unauthorized disclosure of information in the transmission and / or storage of data. The encryption process involves the manipulation of data, resulting in unreadable legitimate access to the content for unauthorized entities. The decryption process involves the manipulation of the encrypted data to recreate the original predetermined condition of the data or transform the encrypted data into readable data corresponding to the data that was not originally encrypted. Secrets are not the best advantage offered by encryption. The encryption process ensures data integrity because the modified encrypted data is not properly decrypted unless it is followed by an authorized procedure.

The corporate world is used only depending on the single document to be processed. Hard copy documents provide corporate control and have been used to calm legal disputes and form the basis of audits by tax and regulatory authorities, internally recognized recipients and independent accountants. If that is the case it is no longer the case. In many cases, hard copy papers do not exist or occur incidentally to electronic records as the business moves to electronic computing and accounting systems. This lack of hard copy affects management skills and allows other interested parties to manage and audit enterprise systems.

Original paper documents have some assumptions about the certainty that they cannot currently be returned to electronic files. Detecting changes in the electronic world can become virtually impossible. In the case of electronic data exchange, companies use computers, computer programs and transmission links to automatically deal with customers and suppliers. When using an image processing system, documents are scanned and converted into digital images. Original documents may not be archived. Some electronic information exists for only a short period of time and may not be recoverable if the file is updated or there is no backup file.

Some companies have many information and control systems. In such an environment, the system is a whole combination of tangible and intangible elements or logical sub-parts that work together to protect property and provide reliable data or assurance thereof. The type portion of the system includes, but is not limited to, paper documents and markings and signatures, as well as the physical processes and procedures used to protect the property. Intangible systems include policies and procedures that provide command and organization to business processing.

Management and other interested parties should determine whether policies, procedures and orders are executed in a timely and sufficient manner. The information and control system guarantees this. Authorized recipients observe the information and control system to determine if their design meets a given object. They also observe the synergies of all appropriate systems to judge their overall effectiveness. If the sum of all system designs is deemed effective to produce a given object, then the authorized recipients will then test these systems to see if they actually exist and perform the same functions that the manager imagines.

Authorized recipients and others who observe corporate activities based on the large amount of information included may not directly investigate all data and activities produced by the enterprise. They should take tests to evaluate the activities and data they can investigate directly to provide reliable indications of the company's overall well-being. The nature, timing, and scope of these tests are based on professional judgment. Tests include the steps necessary to verify that a given control element exists and is functioning as intended. Testing also includes investigating specific transactions to ensure operational assurance on a statistical basis.

Testing of controls and transactions may involve the inspection of documents generated by entities both inside and outside the enterprise. For some audit objectives, such as the verification of balance accounts, activities, contracts, etc., evidence may be obtained from persons independent of the entity. The goal of an authorized recipient is to reduce the risk of not finding material speech or system control defects to an acceptable level. If the detection risk cannot be reduced to an acceptable level by an authorized recipient, it may not be possible to abandon the inappropriate opinion.

As more businesses employ electronic systems to interact electronically with sellers and customers, the ability to reliably audit controls and transactions is probably significantly reduced in some cases to the point that significant adverse control and audit results are normal. .

[Technical Challenges]

The process of the present invention relies on the advantages of public and symmetric key implementations and takes into account the disadvantages. This process combines an encryption process based on split-key capabilities with an access control credentials and authentication process based on public key technology. The process can be limited in information flow and control, encrypted information needs to be recovered, and is very effective in the modern distributed information model when authentication using public key technology and physical tokens is implemented.

This process emphasizes the encryption of data-at-rest as opposed to data-in-transit. Unused data refers to encrypted data as logical units (objects) and includes the creation, processing, transmission and storage of objects. Data in transit refers to the stream encryption of data traveling over a physical or logical communication channel for some time. The process of the present invention can perform both types of encryption, but will highlight the unused data capabilities for ease of explanation.

[Technical Solution]

The present invention utilizes an encryption key management system that uses a pre-positioned key split to form a cryptographic key when needed. The architecture provides a complete cryptographic system for today's large distributed networks. The key management system of the present invention will encounter a set of traditional security objectives as follows.

Data confidentiality ensures that the content of information is not leaked to anyone who is not authorized to read it. The present invention uses symmetric key encryption with a robust key management system that provides a new and unique working key for each encryption. The user “chooses” leadership or has a defined leadership for each encrypted object. The destination may be unused data such as files, messages or data in motion, such as network traffic.

Access control restricts the use of encrypted objects for users given special permission to use them. Access control in accordance with the present invention may be role-based and permission is granted and revoked based on the obligations of the user or location within the organization. It currently includes the operation of encryption and decryption, but may include permission to use any program, any device or specific hardware mode of operation. Access control can also be extended to database applications.

User authentication verifies the identity of a user (person or device) to the system. User authentication becomes stronger when other improvements discussed below are applied to the systems and processes of the present invention.

Smart cards and biometrics provide the present invention with greater security when meeting the object of user authentication. In addition to providing stronger user authentication when used as a token, smart cards can be a prominent hardware platform and implement various levels of key management technology. The card can be used as a memory-only device and can be extended to include handling capabilities. An advanced smart card called SuperCard ^™ is the legalization technology for the present invention. Along with increased processing and memory, the supercard includes unique radio frequency signals and random number generation capabilities. Such cards are described, for example, in US Pat. No. 6,229,445.

Adding biometrics to the process improves user authentication and allows the system to provide information for generating the private key portion to an asymmetric key encryption system using digital signatures.

Meeting additional objects means unique to the process described. For example, data partitioning is the ability of data to be forcibly accessed in the same physical space. Encryption means for separation by two algorithms and separation by label are used in the present invention. Key recovery is the ability to reissue the key used to encrypt the object. Key recovery means that objects encrypted within any particular domain (or organization) are lost with the loss of any individual. Key recovery for export is possible too.

Asymmetric key cryptography used for digital signatures in accordance with the present invention proposes a means of meeting additional security objectives associated with message authentication. Data source authentication (sometimes called message authentication) augments the source of information encrypted by the process of the present invention. Data integrity is the ability to prove that no change occurs because the encrypted object is encrypted and digitally signed. If digital signatures are not used, the encrypted Message Authentication Code (MAC) or Manipulation Detection Code (MDC) provides data integrity. Non-repudiation is proof that the signature on a signed object comes from the signer, and cannot be denied that the signer electronically signed the object.

Thus, encrypted and encrypted objects can be used to record and authenticate input, processes, scheduled conditions and virtual environments of electronic accounting and operating systems, and access these encrypted objects for access by designated individuals or entities. It can be used to provide a means for dispensing to a designated location.

The input in this relationship can be any individual action or sum of actions that have some effect on the control or accounting system. The output in this relationship can be the result of any process or action of the control or accounting system. These actions may be de facto transactions entered directly by a person as the first electronically recorded action, and may also be the result of calculations within the system or may be attributed to the system by another system. .

According to one aspect of the present invention, the process of encrypting an object that matches a data format and has an associated object tag includes combining a plurality of key splits to generate an encryption key. The encryption algorithm is initialized with the encryption key. The initialized encryption algorithm is applied to at least a portion of the object according to at least one encryption scheme determined at least in part by the object tag to form an encrypted object. At least one of the plurality of key splits corresponds to at least a portion of the biometric.

The encrypted object is stored for subsequent use by the intended recipient.

The object may be selected from a number of objects, at least in part depending on the associated object tag.

The object may be, for example, an Extensible Generation Language (XML) element.

At least one key split of multiple key splits may be added to an encrypted object. Similarly, reference data associated with at least one key split of multiple key splits may be added to the encrypted object.

At least one key split of the plurality of key splits may be retrieved from the storage medium. For example, the storage medium may be located in a smart card. Similarly, the act of binding multiple key splits to generate an encryption key may be performed in a smart card.

According to another aspect of the present invention there is provided a process for encrypting an object in a cryptographic system associated with an organization that matches a data format and has an object tag associated therewith, the tissue split corresponding to the organization, a maintenance split, a random split and Binding at least one label split to generate an encryption key. The encryption algorithm is initialized with the encryption key. At least a portion of the object is encrypted according to an initialized encryption algorithm determined at least in part by the object tag and forms an encrypted object.

Joiner data is added to the encrypted object.

The combiner data includes reference data corresponding to at least one of at least one label split and an encryption algorithm, name data associated with an organization, at least one maintenance split and a maintenance level associated with the maintenance split, and a random split. . The encrypted object is stored with added combiner data for subsequent use by the intended recipient.

The object is selected from a plurality of objects, at least in part depending on the associated object tag.

The object may be, for example, an Extensible Generation Language (XML) element.

At least one label split may be selected from at least one certificate. In this case the selected at least one label split is encrypted, the encryption key is a first encryption key, and the process is a second encryption key from at least one of a user ID associated with the user, a password associated with the user, and a unique data example and a random value. Extracting the step. At least one label split selected is decrypted using the second encryption key. At least one credential may be retrieved from the memory. For example, the memory may be located in a smart card. A time stamp is generated corresponding to when the object was encrypted, and the combiner data may further include a time stamp. The combiner data may also include a user ID associated with the user.

The combiner data may be a header record.

The combiner data may also include a digital signature and a digital certificate.

The encryption key is a first encryption key, and the process also includes generating a second encryption key based at least in part on the at least one label split. The random key may be encrypted using a second encryption key prior to combining the combiner data with the encryption object.

At least a portion of the combiner data may be encrypted using the header split before adding the combiner data to the encryption object. The header split is constant.

According to another aspect of the present invention, a storage medium includes instructions for a data processor to encrypt an object that matches a data format and has an object tag associated therewith. The command binds a plurality of key splits to generate an encryption key; Initialize an encryption algorithm with an encryption key; And forming an encrypted object by applying an encryption algorithm initialized to at least a portion of the object according to at least one encryption scheme determined at least in part by the object tag. At least one of the plurality of key splits corresponds to at least a portion of the biometric.

The command may further comprise selecting an object from the plurality of objects, at least in part depending on the associated object tag.

The object may be an Extensible Generation Language (XML) element.

The instructions may also include adding at least one key split of the plurality of key splits to the encrypted object.

The instructions may further include adding reference data associated with at least one key split of the plurality of key splits to the encrypted object.

The instructions may further include retrieving at least one key split of the plurality of key splits from the storage medium. For example, at least a portion of the memory may be located in the smart card.

The data processor may be distributed and instructions to generate an encryption key may be executed on at least part of the smart card.

According to another aspect of the present invention, a storage medium includes instructions for a data processor to encrypt an object that matches a data format and has an object tag associated therewith. The command binds a tissue split, a maintenance split, a random split, and at least one label split corresponding to the tissue to generate an encryption key; Initialize an encryption algorithm with an encryption key; Encrypting at least a portion of the object according to an initialized encryption algorithm determined at least in part by the object tag to form an encrypted object; And add combiner data to the encrypted object; Storing the encrypted object with combiner data for subsequent access. The combiner data includes reference data corresponding to at least one of at least one label split and an encryption algorithm, name data associated with an organization, a retention level corresponding to at least one maintenance split, and a maintenance split, and a random split. do.

The command further includes selecting a destination from the plurality of destinations, at least in part depending on the associated destination tag.

The object is an Extensible Generation Language (XML) element.

The command may further comprise selecting at least one label split from the at least one certificate. In this case, the at least one selected label split is encrypted, the encryption key is a first encryption key, and the command is further derived from at least one of a user ID associated with the user, a password associated with the user, and a unique data example and a random value. Extracting the encryption key, and decrypting the selected at least one label split using the second encryption key.

The command may also include retrieving at least one credential from the memory. For example, the memory may be located in a smart card. The command also generates a time stamp that corresponds to when the object was encrypted, and the combiner data may include a time stamp. The combiner data also includes a user ID associated with the user.

The combiner data may be a header record.

The combiner data may comprise a digital signature or a digital certificate or both.

The encryption key may be a first encryption key, the command also generating a second encryption key based at least in part on the at least one label split; And encrypting the random key using the second encryption key prior to combining the combiner data with the encryption object. The random split included in the combiner data may be an encrypted random split.

The instructions may include encrypting at least a portion of the combiner data using the header split before adding the combiner data to the encryption object. The header split may be constant.

1 is a block diagram illustrating an exemplary process of the present invention.

2 is a block diagram illustrating an exemplary process of the present invention.

3 is a flow diagram of a system using encryption as a tool for checking the integrity of a process.

4 is a flow chart showing encryption used in the output context.

5 shows a process in which elements provided to the process as input by the selected process are manipulated.

6 shows how the predetermined condition is sampled in the system.

7 shows virtual environment data collected and embedded in an encrypted object.

8 is a flow diagram illustrating the use of XML to identify, copy, and encrypt input objects in SAOCRS.

9 is a flowchart showing the use of XML to identify, copy, and encrypt the output destination copied from SAOCRS.

FIG. 10 is a flow diagram illustrating the use of XML to identify, copy, and encrypt a copied object in SAOCRS providing an overall conditional check.

The basic design focuses on the functions required for encryption and decryption of targets and distribution of keys. High performance symmetric key encryption algorithms and patented methods of key management are used at this level. Another level focused on authentication uses smart cards and biometrics to generate strong entity authentication and uses digital signatures for message authentication. The third level, which adds a mix of detection techniques that protect the authentication and encryption processes internally, is added when the environment requires higher security.

Technical overview

The present invention provides techniques for generating and regenerating encryption keys and managing these keys within an organization. The encryption operational key is generated just before the object is encrypted or decrypted. It is used to initialize the encryption algorithm for encryption or decryption. The operation key is discarded after use.

The actuation key is formed from many pieces of information. To be a participant in the system, a user must have the pieces necessary to form a key: otherwise encryption and decryption cannot occur. The central authority produces these pieces called cryptographic key splits. A subset of these splits is distributed to each user in the organization. The subset received by each user is specific to that person and defines a label that an individual can use to encrypt (known as a record permission) and a label that an individual can use to decrypt (known as a read permission). Several user authentication techniques are used to verify the user to the system before the user is allowed to access this information.

To form a key, a constant system wide-split called a tissue split and a variable system wide split called a maintenance split are used. To this is added a random number called a random split and a user-selected label split. The random split ensures that a unique activation key is generated for each use. The user-selected label split defines the “readership” of the encrypted object, ie the user can decrypt the object. All these splits are entered into a process known as a combiner process. The output of is the unique number used as the basis for the session key.

The present invention uses a hierarchical infrastructure to manage the distribution of information needed for software to construct encryption keys. The infrastructure also provides a user certificate and public key distribution method for asymmetric key encryption so that digital signatures can be used.

Infrastructure

The present invention is preferably organized as a three-tier system. The top layer is the process identified as the Policy Manager. This process allows the “central authority” for the crypto domain to generate a split, eg 512 random bits, to be used for key generation. The split is labeled and used for combinations of users to generate encryption keys.

The next layer in the hierarchy is the process identified as the Credential Manager. This process is provided with a label from the credential manager and a subset of specific algorithms and policies. An individual is assigned a use of a particular label and algorithm from a subset of certificate managers. Organizational policies and system parameters created by the policy manager are added to these labels to form the individual's certificate. A user's certificate is encrypted and distributed to that user in a "token" such as a diskette or smart card, or installed on a workstation or server. The label and algorithm assignment process by the credential manager allows an organization to implement a "role-based" system of access to information.

As a convenience to the credential manager, the password supervisor can securely distribute the “first use” password for the user whose first use is to unlock the user's credentials.

Access to the user credentials is controlled at the user level of the hierarchy with the password initially assigned by the certificate manager. The password is changed at first use by the user and only known to the user. This provides basic user recognition. Stronger authentication is provided by improvements to the system.

User authentication enhancements include smart cards (including processors and memory packaged in plastic cards or other tokens, such as credit cards) that can hold pieces of information for user authentication. It also holds usage information by the system and provides processing for the system. Smart cards with tamper resistance and hardware random number generation provide additional security.

Another authentication enhancement is the use of biometric data. Biological data is physiological or behavioral information that is unique to each individual and does not change during an individual's life. Moreover, it must be something that can be digitized and used by a computer. In addition to strong user authentication, biometric data can be used to generate a private key for digital signatures. However, Message Authentication Code (MAC) may be used for data integrity. The generated key is used to initialize the MAC instead of the system-generated key being used to initialize the symmetric key algorithm. Manipulation Detection Codes (MDCs) can also be used to provide data integrity and secrecy when cryptographically coupled in accordance with the present invention.

When data origin authentication, data integrity, and non-repudiation are required, the system infrastructure is used to provide a means for distributing a public key that provides the present invention with the ability to use crypto-mandatory digital signatures. do. If digital signatures are used, no MACs or MDCs are required. Combining digital signatures with the basic design and adding user authentication enhancements establish a means of meeting the security objectives described above.

Combiner function and Split

The combiner is a nonlinear function that receives multiple inputs and produces one integer. The integer output is used as the session key to encrypt and decrypt the object. The starting point for the combiner function is tissue split. Everyone in the organization has access to this split. This is equivalent to what is commonly called a system key.

During encryption the user will select one or more label splits to be used in the combiner process. This will define the approved leadership of the encrypted object because only those with read access to the split used for encryption will be able to decrypt the object. The choice and use of organizational labels by users should be considered in designing a set of labels. Good label set design should reflect the established information compartment of the organization. Access to the label can be provided to the user by a credential manager based on the user's role in the organization.

It is also possible for one of the credential manager or policy manager to assign a delegated usage label for a particular user or group of users. These correspond to label splits that are always used when a user encrypts an object. The user does not have any options for their choice and they are used automatically in the combiner.

The random split generated for each encryption is another split provided to the combiner function as input to produce the final activation key. Since a new random split is created for each encryption, the working key is always changing. This will not be the same if the same object is encrypted again using the same label. The random number is preferably provided by a hardware-based random number generator. However, if the hardware is not useful or practical, a software-based pseudo random number generator may be used.

Retention splits are used for key updates and compromise the outline. The organization's policy may require that one of the splits be changed periodically. The retention split is altered to give a tissue-wide impact. The policy manager may periodically generate new maintenance splits distributed to users through certificate file updates. The creation of the maintenance split is done in such a way that all previous maintenance splits can be recovered. Thus, previously encrypted data can be recovered for a data-at-rest organization. For data-in-transit organizations, such as encrypted network traffic, there is no need to recover previous maintenance splits.

The maintenance split can be used to exclude someone from the tissue domain. If an individual has a new maintenance split and does not have an updated certificate, the individual will not be able to decrypt the encrypted object using this new maintenance split. Updating the maintenance split will also protect the encrypted data if the user's credentials are compromised.

Taken together, tissue split is a constant used for all encryption. The maintenance split is used to hold periodic changes to the input of the actuation key. The user selects a label split and the random split is always unique, thus ensuring that all encrypted objects have different keys.

Encryption algorithm

The present invention in which the split is pre-located in the user certificate provides key management for the symmetric key encryption algorithm. The impact of traditional n ² key management problems is mitigated without resorting to asymmetric or “public key” encryption systems. However, the infrastructure provided for the private key management solution can also be used for public key management. Asymmetric key cryptography systems are used by the present invention for message authentication and can be used for user certificate distribution and key exchange for communication protocols between workstations and smart cards.

Preferably, a minimum of two symmetric key algorithms are provided for use with the present invention, for example P2, (Stream Encryption Algorithm) and US Data Encryption Standard (DES) algorithm, Block Encryption Algorithm. Other algorithms are useful when considering business such as US export regulations and licensing agreements.

For the DES block algorithm, four different modes of operation are provided: Electronic Code Book (ECB), Cipher Block Chaining (CBC), Output Feedback (OFB) and Cipher Feedback (CFB). Moreover, CFB is provided with n-bit feedback when 1 bit, 8 bits or n is the block size (or integer division of the block size). Output feedback is also useful for counter mode.

Triple encryption is also useful for all block algorithms when subject to export regulations. This is not only useful for triple DES, but also triple IDEA, triple RC5, etc. can be used, for example. The four-state mode of operation is useful when using all block algorithms. There are other modes of operation that are useful for triple encryption and decryption.

The policy manager can assign new names to algorithms and modes of operation. Different algorithms can be used for different purposes and the name of the algorithm can reflect its use. The name of the algorithm that the user is authorized to use is included in the user's certificate. Because policy and certificate managers control access to algorithms, applying different algorithms affects other isolated access to encrypted data.

Symmetric key algorithms are used in the present invention to encrypt objects. They are also used internally by the process of the invention as in the combiner. Asymmetric key cryptography systems are used in the present invention for message authentication, certificate distribution, and key exchange protocols between smart cards and workstations.

Biometric reading may provide a basis for the user's private key used for message authentication. In this case, the private key need not be stored because the user can read it and recover it. The public key used for authentication is always derived from this private key and stored in the database of the user's certificate manager. Based on the private key for biometric reading requires special characteristics regarding biometrics. Normally these special features do not apply, and in some cases the private key needs to be generated by the user and typically stored on the user's workstation or smart card. Secure backup is required for private keys in case of loss. Note that the certificate manager preferably does not have access to the user's private key used for authentication.

The public key pair for each user used for certificate distribution is generated and stored by the certificate manager. Because these key pairs are only used to encrypt information about the user from the certificate manager, the private key does not need to be left unknown to the certificate manager. Thus, the certificate manager stores both public and private keys for its users in its database. The user's public key is used to encrypt the key used to encrypt the user's certificate for distribution. The credential manager stores the user's private key only for backup purposes. The user must have a copy of their private key so they can decrypt their certificate upon receipt.

Asymmetric key systems are also used to exchange session keys between system-enhanced smart cards and workstations. At installation of the system software, the public and private key pairs are generated by workstations and smart cards for this purpose. A station-to-station protocol using random authentication with mutual authentication, for example ISO9798-3, is used to exchange session keys used to encrypt communication between smart cards and workstations.

User certificate

The user certificate included in the computer file contains the user's permission set, namely, their associated label names and indexes that can be used for label splits, encryption (write permission) and decryption (read permission), and the algorithms that can be used. Include. In addition, the user's credentials also include the split associated with the organization name, the split associated with the maintenance level, the header encryption split, and any parameters to be used by the organization. Policies such as minimum password length are also included in the user's credentials. When a digital signature is used, a copy of the public key of the certificate manager of all organizations, as well as the user's signed certificate is included.

In assigning a set of permissions to a user, the credential manager grants privileges within the organization, taking into account the obligations associated with that user's role. Role templates and role hierarchies in the credential manager software assist the credential manager in this task. The role of the individual may change: because of this, the certificate may be reissued with a different label and may also be revoked completely for an individual who has left the organization.

User credentials are encrypted and must be decrypted by each user before use. Decrypting a certificate file is the basis for cryptographically identifying a user. The key used for encryption and decryption is derived from the user's ID because it is only a password that the user knows. Some unique data, such as the date / time stamp associated with the file, or random numbers that exist somewhere other than that in the certificate file are also used. Each time a certificate file is decrypted for use, it is re-encrypted using different data. Because this data always changes, the certificate file is encrypted with a different key after each use. This increases the work the adversary has to do to decrypt the user's certificate. Because pieces of information other than passwords are used, the adversary must determine this unique data before a password-initiated attack can occur.

Random numbers can be stored in the smart card when the smart card is used. This has the effect of tying the user and smart card to the certificate file. In this case, the certificate file cannot be decrypted without the smart card.

When biometrics are used, biometric readings provide different pieces of information from them to derive the certificate file encryption key if the reading can be reproduced correctly every hour. This further binds the user to the certificate file. However, if the biometric reading is not reproduced correctly every hour it must be compared with the stored baseline template for variance calculation purposes. In this case, the template is not used for encrypting the certificate. Instead it is used for authentication and carried on the certificate if it is used for comparison with each biometric reading.

The certificate file has an expiration date. If this date is exceeded, the certificate file becomes useless. Each encrypted object includes a time stamp in its header. Objects encrypted by others beyond the expiration date of the certificate cannot be decrypted. The maximum time-out value, that is, the time from certificate issuance to certificate expiration, is set by the policy manager. The credential manager can also limit the time-out, but cannot extend the time-out value when issuing a certificate to the user. After the certificate is expired, in order to use the system of the present invention, the user must use the certificate reissued by the user's certificate manager.

When issuing or reissuing a certificate file, the certificate manager software issues a new "first-use" password. Before the new certificate is used for the first time, a "first-use" password must be used to decrypt the certificate, and then the new password must be provided for subsequent encryption and decryption of the certificate.

The "first-use" password is usually sent to the user using a different communication channel than that used to transfer the certificate file. Asymmetric key encryption algorithms can be used to encrypt "first-use" keys. The private key provided by the certificate manager is used to decrypt the certificate by recovering the "first-use" key.

When biometrics are used to encrypt a certificate file, the user's public key is included in the certificate and will be used for inspection. Only accurate biometric reading will generate a private key that generates a public key that matches that in the certificate. In order to be able to encrypt, decrypt, sign and verify the object, the user must have a certificate. They provide most of the “secret” information needed for these actions and are tied to the user using strong authentication techniques when the full system is used. A user's access permission can be revoked by taking the user's credentials or letting them expire without renewing. If a certificate is required to be stored on the server, the user's certificate can be removed immediately. Once the policy manager issues a new maintenance split, the user credentials that have not been updated will render any data encrypted after this update unusable. This is one means to force off the system for the user.

Header

All encrypted objects contain information, preferably appended to the header. This information is required to decrypt the object. It contains, as a minimum, the index for the label split and the algorithm used in the encryption process, the organization name, the maintenance level that specifies the maintenance split to be used, and the random split. The random split is encrypted using an encryption key based on the same label split used to encrypt the object. In order to be able to recover the random split, the user must have read access to the label split that was used when encrypting the object. The tissue split, maintenance split, and label split included in the user's certificate along with the random split recovered from the header allow the encryption key to be recovered. The object can then be decrypted.

The header also contains a time stamp indicating the date and time the object was encrypted. The present invention will not allow a user with a certificate expired before the date to decrypt the object.

In addition to the identity certificate of the user's certificate manager, the ID of the user who encrypted the object is included in the header. If a digital signature is used, it is included in the header along with the user's certificate. When using the appropriate certificate manager's public key, everything is included in each user's certificate, which can be decrypted to recover the signed public key. This public key is used to verify the digital signature once the message is decrypted.

Most headers themselves are encrypted using a constant header split. The intention of using this split is not security. This is a step to discourage someone trying to decrypt the system by easily preventing the initialization success. All information in the header is public or encrypted in the header in the case of random splits.

The data contained in the header may provide the basis for some kind of information survey and database query. The search engine may include logic to view the header to provide data separation. Since decrypting the header does not reveal the content of the message, a process can be placed in the network monitoring and control device to examine traffic for verification, integrity, and routing without revealing the encrypted data. For example, the label information included in the header may be the basis for the encrypted data to be limited to the network by the router preventing data with a specific label from crossing certain network boundaries. Thus, by using headers, the present invention is suitable for managing and encrypting data as it moves over the network, as well as static unused data.

Data separation

Data separation is the process of allocating data and restricting access to each category based on what it needs to know. One way to accomplish this is to physically locate the data if an unauthorized person cannot access it. However, providing a different set of data to a machine for a physically separate network or host is expensive. The present invention provides a method for separating data and access to those with rights without having to physically confine the data to other networks, hard disk drives, servers, and the like.

Key recovery

Key retrieval is an organized process for regenerating encryption keys that requires individual and thoughtful events in addition to access to encrypted objects. The policy manager can initiate this process and provide any label split that needs any credential manager. The certificate manager can provide the certificate with readability to the label split that was used to encrypt the object.

Note that the expiration date is set for the certificate file. The certificate manager is capable of generating a valid certificate file for only one day. For example, according to judicial order, law enforcement may issue a read-only split that restores the information they need. They cannot subsequently recover encrypted information.

Another reason for using key recovery is to recover data encrypted by employees who have left the organization, who have died or become incompetent. The loss of an individual does not mean that the data encrypted by that individual cannot be recovered.

If the original certificate of the user is corrupted or the user forgets the password, the present invention can regenerate the user's certificate. This is accomplished by simply issuing a new certificate for the user. The user selects a new password on first use of the new certificate. In some cases it is possible to reissue the original private and public keys assigned to the user for authentication.

Improved user authentication

Strong user authentication requires something that the individual knows, something owned by the individual, and something of the individual itself. Passwords, some known one, are used for basic user authentication. Something owned by a smart card (or other token). Biological data is something of the individual itself. Any combination of all three can be used in the system of the present invention.

Smart card

Smart cards can be used to hold key pieces of information in accordance with the processing of the present invention. The random number stored in the card can be used as information when forming a key for encrypting each user's certificate. This binds the smart card with the certificate. It is impossible to decrypt a user's certificate without the number stored on the card. The user needs the card to complete the session establishment before the system can be used. Other pieces, such as passwords, still need to log on to the system. Smart cards are not enough to start a session on their own, so opponents who steal or acquire a user's smart card will not serve their purpose.

The user certificate can be stored on a smart card. This allows users to move to a machine other than part of the organization's main network and still use the system.

In addition to running the combiner process on the smart card's processor, security is improved by keeping the decrypted user credentials in the smart card's memory only for the duration of the session. Local processing within the card increases the workload of opponents who wish to observe the inner workings of the process to obtain information about the security key.

Super card ^TM

Super Card ^TM is an ISO standard smart card with improved processing power and memory than current smart cards. It includes change resistors and hardware random number generation. The processing power inside the card can be used to reduce the work done at the workstation. Although the bandwidth between the card and the workstation is limited, only a small amount of data is transferred between the two using the system of the present invention. By using larger memory in the card it is possible to store user certificate files as well as "personal" applications. The communication between the SuperCard ^TM and the workstation is encrypted so that “secret” information such as splits are not leaked to anyone monitoring the communication between the card and the workstation. The key agreement protocol used to exchange encryption keys is applied between the card and the workstation. No additional information is needed for the card reader.

A unique random frequency signature called Resonant Signature-Radio Frequency Identification (RS-RFID) is provided by a tangent embedded in the card to help with change resistance. The digital representation of the card's RS-RFID is contained within the user's certificate file and encrypted with the certificate. Any change to a card causes the RS-RFID of that card to change. When a corrupted RS-RFID is used, an incorrect radio signature will be read and not compared to the decrypted value of RS-RFID from the user's certificate file. Thus, modifications to the card will be detected. The card reader for reading the super card ^TM includes hardware for reading the RS-RFID signature. Super Card ^™ can also be used for ISO-standard card readers. In this case, the RS-RFID is ignored and no change resistor is provided.

Random numbers are required for object encryption and other operations. In the absence of a hardware random number generation, the system may rely on a software pseudo-random number generator. A feature with Super Card ^™ is hardware random number generation capability. Using hardware sources provides better random number generation and increases the security of the overall system.

Biometric data

The process of using a biometric device is described below: Biometric readings initially measured from the device are digitized; The digital display value is mathematically converted and stored somewhere as a template. The biometric readings are then compared to this template for verification. Biometric readings can also be used to identify by comparing biometric readings with templates stored in a database. Matches from this database establish identification. The present invention uses biometrics only for verification during session establishment.

In general, biometric readings vary by small amounts. Changes from template values are allowed and set according to application and security requirements. This change is an adjustable factor calculated from false (failure) -success and false (failure) -rejection ratios.

Most biometrics can only answer “yes or no” to template comparisons. If higher false (success) -success ratios are tolerated, the mathematical techniques applied to some types of biometric readings can be used to convert the readings into repeatable numbers that can be matched exactly with stored templates. Using repeatable numbers, biometric data can provide the system with the information used to derive the keys used for symmetric and asymmetric key encryption.

Even if it is encrypted, it is not desirable to store biometric readings including biometric templates. If repeatable numbers can be obtained from biometric readings, these biometric values can be used as pieces of data that form keys for decrypting user credentials. They can also be used as the basis for private keys in the asymmetric key system used for message authentication.

Upon decryption of the certificate file using biometric values during user verification, the user ID field in the decrypted certificate file is compared with the ID typed by the user. If a comparison is desired, the user is authenticated and the data in the certificate file is correctly decrypted. As part of the key used to encrypt a user's certificate file, the biometric data binds the user to the certificate.

Other pieces of information, such as passwords, user IDs, and other data, such as random numbers, may be used to generate a certificate encryption key, so higher false (failure) -success rates may be allowed from biometrics. Although two people generate the same biometric value, the certificate encryption key will not be the same for both because the user ID and password are not the same, as well as the short-lived data.

The user's private key for the digital signature may be based on the user's repeatable biometric template. The user's public key is derived from the private key. The public key is recorded in the user database of the user's certificate manager as part of the registration process. Requiring the user to be provided for registration may establish an identification or other acceptable methods of establishing the identification may be used.

When repeatable biometric reading is used, the user's private key can be recovered if lost, even if it is not stored. In this case, the biometric reading establishes a private key and a check can be made that the generation of the corresponding public key is stored in the certificate manager's database.

If the repeatable number cannot always be guaranteed from biometric readings, the biometric template should be stored for comparison with subsequent biometric readings. In this case, the biometric template is encrypted in the user's certificate file. During user authentication, the certificate file is decrypted to restore the biometric template so that the biometric reading obtained for authentication is compared with the template and a "yes or no" answer is generated.

Message authentication

An asymmetric key encryption system is used in the system for the above three message authentication related objects. If only data integrity is desired, a message authentication code can be used. If data integrity combined with security is required, message manipulation code with asymmetric key encryption can be used. Digital signatures are used to satisfy all three message authentication objectives while providing security.

Digital signature

Digital signatures are used to provide data origin authentication, data integrity, and non-repudiation. The infrastructure provided by the system supports the form of a public-key infrastructure (PKI) that distributes the public key and signed certificates used for digital signature verification. In another proposed public key system, a certificate authority takes the form of a database on a server using queries over a network. In the system of the present invention, the certificate manager serves as a certification authority. All information for verifying the digital signature is provided to each user's certificate and encrypted object. Additional bandwidth due to network and server processing is not required as in other public key systems.

The certificate for a user is signed by that user's certificate manager. Each certificate manager has its own public and private key. The public key of the organization's certificate manager is provided for each user's certificate. The certificate manager encrypts, i.e., signs, the user's ID and public key in combination with the certificate manager's private key. This is the default user certificate. It can only be decrypted using the certificate manager's public key.

The user's certificate is included in the user's certificate so that it can be sent with the object signed by the user. The recipient of the signed object decrypts the sender's certificate using the certificate manager's public key to recover that user's public key. The recovered sender's public key is then used to verify the sender's digital signature on the signed object.

The biometric template of the user may form the basis of the user's private key if useful. For example, in the EI Gamal Signature Scheme, a public key is a combination of a prime number (p), a primitive element (α), and a value (β) calculated from an individual number (α). This personal number is usually chosen randomly. However, in the present invention, the user's template may be a personal number or a part of this number. For this reason, private and public keys used for authentication are tied to individuals. Private and public keys can be recovered if a repeatable biometric value is obtained (when negating the need for storage space).

Operation detection code ( MDCs )

If personal and data integrity is desired, regardless of data origin authentication and nondisclosure, Manipulation Detection Code (MDC) combined with encryption can be used. MDC basically has an "unkeyed" hash function computed from the message, which is then attached to the message and the new message is encrypted.

From the verification of data integrity, the receiver decrypts the message, separates the hash from the message, calculates the MDC of the recovered message, and compares it with the decrypted hash. This message is accepted as true if its value matches.

Message verification code ( MACs )

If only data integrity is desired regardless of the individual, MAC (Message Authentication Code) can be used. The actuation key for the MAC can be constructed by using the same method as the key used to encrypt the message for the individual, ie, a combiner process using label splits, tissue splits, maintenance splits and random splits. have.

To verify data integrity, the recipient of a MAC processed message uses the split associated with the message to reconstruct the key for the MAC. The new MAC is then calculated by the receiver and then compared with the MAC sent with the message. If 2 MACs match, the message is accepted as unchanged.

MDCs and MACs are not expected to be used as often as digital signatures. Therefore, MDCs and MACs will not be mentioned in the following process description.

Process

The selected process is illustrated to show how the present invention performs a task. It is assumed that a biometric and a smart card such as a super card ^TM are used that can generate a constant biometric value.

Establish session (logon to system)

Use of the system is conditional upon successful log-on and decryption of user credentials. Session establishment begins when the system-enhancing program runs on the user's workstation. The workstation prompts the user to provide a smart card, user biometric, user ID and password (log-on data). An encrypted channel is established between the workstation and the smart card and logon data is sent to the smart card when the key is generated and the user's certificate is decrypted. The certificate can reside on a smart card or some other place where the encrypted certificate file is sent to the smart card for decryption and use. Upon successful logon, the certificate file is re-encrypted and stored, and a decrypted copy is kept in the smart card's memory for use during the session.

Note that three things are required to complete the logon: password, smart card (or other token) and biometric information. If the password is unknown, the opponent will guess or examine the entire password space. The random bits are used as a start for the certificate decryption process, and if the estimated password is used the output is not exactly so easily detected by the opponent. Continually changing these random bits prevents the opponent from passing the process by repeating past results. Password policies, such as the minimum characters required for a password, increase security when the password alone is used for user authentication. Password alone is still considered during weak authentication. Smart cards and biometrics are recommended for strong authentication.

Smart cards must be provided to complete the logon. Providing a smart card with a random bit for generating a certificate file key binds the card with the user's certificate and thus the user. Smart card alone cannot complete logon without a user's password. The password is not stored on the smart card and thus the loss of the card to the opponent does not compromise the user's password or the user's certificate.

When SuperCard ^™ is used, the unique radio frequency signature detects the deformation of the card by comparing this signature with the signature stored in the user's certificate. SuperCard ^TM can still be used with standard ISO smart card readers, but RS-RFID is ignored.

Using biometric data as the information that forms the key to decrypt the user certificate cryptographically binds the biometric data and thus the user to the certificate file. Thus, knowing the user's password and possessing the user's smart card are not enough information to decrypt the user's certificate. The compromise between the password and the smart card does not initiate the user's biometric data because neither of the card or its object is stored even in encrypted form.

Once logged on, the user remains logged on as long as the program is actively used and the smart card is present in the card reader. Since the time-out time set by the credential manager is set, the session is disabled if the user does not actively use the active program. The user must then remove the password and biometric again to continue using the activated software. When a user interrupts an active program and there is no other active program running at that time, the user is logged off or continues to be logged on until the time-out period elapses. Within this time-out period the user does not need to log on if another active program is called. However, if the time-out period has elapsed, the user must log on again. The user can run a utility program that quickly logs off the user before the time-out value expires for a period when no active program is running.

Encryption with a Digital Signature

Encryption of the object requires the choice of encryption algorithm and label split. This choice determines who can decrypt the object. Default labels and algorithm selections are provided for convenience. This streamlines the encryption process, especially when critical pieces of data are encrypted using the same labels and algorithms. The credential manager can set this default. It may be the most restrictive, in which case the user needs to change the label selection so that the label set is only less restrictive. The split corresponding to the user selected and delegated usage label is used by the combiner process to generate a key used to initialize the user-selected encryption algorithm.

The cryptographic hash is applied before the plain text of the object, that is, the data is encrypted. The hash value is then encrypted using the user's private key (generated based on the user's biometric reading) and the digital signature of the object is obtained.

Digital signatures may be optional and may be delegated according to policy manager requirements.

The header is generated including the user's label and algorithm selection, the user's certificate, digital signature and other information required to decrypt the object. This header is attached to the encrypted object.

Decryption with Digital Signature Verification

Decryption begins by decrypting and reading the header of the encrypted object. If the user has read permission for the label used for encryption and has access to the algorithm used, the object can be decrypted.

For signature verification, the object must first be decrypted so that the cryptographic hash can be calculated. This means that only someone with read permission to the label used for encryption can verify the digital signature. Once the hash is computed, the cipher's certificate manager's public key is derived from the certificate. This public key is used to decrypt the certificate contained in the header, thus recovering the signer's public key. The verification module obtains the hash value calculated from the decrypted data as the digital signature and input of the cipher's public key. If the verification module presents a "yes" answer, the object is declared to be authentic.

Detection

The intention of detection is to notify an individual and take action whenever an event occurs that indicates an intrusion, modification or failure. In the simplest case, the detection is to audit the selected event. The minimum event to be audited is determined by the policy manager.

Detection can take other forms, such as a statistical test for the randomness of random numbers generated. Weak encryption key detection may also be performed. These types of alarms notify and stop the user from continuing to compromise the security of the system.

An example of another technique is to use a monitor that reads the header periodically or randomly and verifies the set of labels contained therein against the user's issued label for each certificate manager's database. This helps security administrators by detecting someone trying to gain unauthorized access.

There are many technologies that can be used for event detection and alarm, some of which are hardware based technologies. Using these will be controlled by the policy manager and certificate manager.

Summary

The present technology can provide an effective system for encrypting unused data. It may also provide a suitable system for encrypting data on the go. The present invention can be extended beyond the application protocol level to low levels such as Level 2 (eg IEEE 802) in the OSI stack. The encryption protocol for establishing a session key for the channel can be adapted to the parameters of the communication environment.

Application programming interfaces that implement the present invention can be used to develop secure applications. The software can be used to combine file and email encryption with selected elements of the techniques described herein. The invention may also be used to add encryption to audio and graphics applications.

Label set design

The present invention uses encryption to provide selective access to information. When encrypting according to the present invention, the user (person or device) selects a label either manually or automatically and they share with the intended recipient of the information being encrypted. The user can apply as many labels as required to target a particular subset of information or groups of information. A user holding a certificate containing only a matching label can observe the information.

The label is the humanly understandable side of the cryptographic split. They form the variable part of the asymmetric access control system. Label selection and placement are critical to creating a useful encryption system.

The present invention is well suited for data separation and for role-based access to information. Data separation is the process of assigning information to a level or category and then needing to know or restrict access to each based on other security policies. Role-based access is a method of assigning access to information by the role performed and then assigning individuals to these roles. Each individual's access to information changes when his role changes. The Internet facilitates the creation of search engines that access information from many databases. The tagging or indexing methodology of these search engines may be related to labels included in cryptographic systems.

All information in any organization does not have the same risk of initiation. The disclosure of some information can have a significant negative impact depending on the environment. The traditional way of minimizing unauthorized disclosure is to keep information in organizational compartments and establish policies, procedures, and appropriate controls for each.

The label may reflect the information compartment established within the organization. For example, if a large organization is identified with 500 information compartments, then the policy manager generates 500 labels representing these compartments. Specific labels are assigned to individuals who are assigned to roles with access to specific compartments. Information compartments commanded in a top-down manner simplify the process for individual users. If an individual is assigned to a role within the two information compartments, his certificate provides these two label options only for encryption. In practice, however, the entire commanded compartment system is not sufficiently flexible. It is best to allow each user some flexibility in designing leadership restrictions on data to be sent out of the commanded compartment.

Labels can also be used to designate leadership across an organization. For example, the label “Employee Information” can be issued to everyone in the organization. Everyone can use this label to encrypt information; However, only those people who are assigned to managers and employees can decrypt this information. Other “beyond organizations” labels with similar encryption and decryption restrictions include Security, Legal, Inspector General, or other organizational groups or functions.

The use of templates aids in the dispensing of labels. The template may comprise a label representing an organization's information flow boundary or may be representative of a group of information subsets. The distribution process is greatly facilitated by creating templates and assigning them to multiple users at the same time. For example, a basic role template can be created to contain a label that will be assigned to all employees. Additional templates may be created and assigned for the supervisor, manager and director or other roles required.

Care must be taken to design a set of labels with the necessary restrictions to meet security requirements. The object must be to combine a label representing commanded compartment access with a label that specifically allows communication beyond the organization (compartment). The resulting set of labels allows a simple and easy to use subset to be distributed to each user.

For example, FIG. 1 shows a process for encrypting an object. As shown, multiple key splits are arranged to generate an encryption key. The encryption algorithm is initialized using the encryption key. The initialized encryption algorithm is applied to at least a portion of the object according to at least one encryption scheme to form an encrypted object. At least one of the plurality of key splits corresponds at least in part to a biometric.

2 shows another exemplary process according to the present invention. As shown, the process of encrypting an object includes combining an tissue split, a maintenance split, a random split, and at least one label split corresponding to the tissue to generate an encryption key. The encryption algorithm is initialized with the encryption key. At least a portion of the object is encrypted according to an initialized encryption algorithm to form an encrypted object. Joiner data is added to the encrypted object. The combiner data includes reference data corresponding to at least one of the at least one label split and the encryption algorithm, name data associated with the organization, at least one maintenance split and a maintenance level associated with the maintenance split, and a random split. The encrypted object may be stored with added combiner data for subsequent use by the intended recipient.

Safe motion control

3 is a flow diagram of a system using encryption as a tool for checking the integrity of a process. An input 2 is provided to the system, which is intended to be manipulated by the process 4. However, this input 2 first proceeds to the copying process 6 to provide the same inputs 8 and 10. The input 8 is passed through to be processed 4 while the input 10 is encrypted by the encryption process 12. The authorized recipient will consider this encrypted copy input 14 to be reliable because of the integrity provided by the encryption process 12.

Similarly, Figure 4 shows the encryption used in the output context. Process 16 of the system generates an output 18. This output executes a copy process 20 to produce two identical outputs 22, 24. The output 22 continues to the normal destination determined by the operability of the system. The output 24 is provided to the encryption process 26. The authorized recipient will consider this encrypted copy output 28 to be reliable due to the integrity provided by the encryption process 26.

In this context, processing is the manipulation of data according to a set of restricted procedures to produce a desired result. The results of the processing can be used as input to other processes inside or outside the sub-system, or can be used outside of an electronic system such as a display of a screen or other display for direct human use.

For example, FIG. 5 shows a process 32 in which the selected process element 30 provided to the process as input by the process 32 is manipulated. At a predetermined point 34 in process 32, process 32 is sampled and encrypted by encryption module 36 to provide an encrypted output 38. Thus, an authorized recipient inspecting a decrypted version of the encrypted output 38 has a high level of trust in the reliability of the process sample due to the integrity provided by the encryption module 36.

Predetermined conditions in this context are all or specified processes, states of registers, and other conditions within the system at a particular time. A review of the chronological record of the status information provides evidence of the system operated for a particular time.

For example, FIG. 6 shows how predetermined conditions are sampled in a system, so that they can be encrypted to provide a secure and reliable “snapshot” of the system at a particular point in time. When the system is running, the selected balance account, status and other processes are sampled at different points in time 42, 44 and 46. As shown, process 40 is sampled at a first point in time 42 to provide a reading of the predetermined condition of the system at a point in time 42. This predetermined condition sample is then encrypted to provide a characteristic encrypted output 43 at a first selected point in time 42. Similarly, at the second point in time 44, process 40 is sampled to provide a reading of the predetermined condition of the system at the point in time 44. This predetermined condition sample is then encrypted to provide the characteristic encrypted output 46 at the second selected point in time 44. Finally, at current time 46, process 40 is sampled to provide a reading of the currently scheduled conditions of the system. This predetermined condition sample is then encrypted to provide an encrypted output 47 characteristic of the currently scheduled condition of the system. Future samples are obtained and the encrypted output is generated. Thus, an authorized recipient examining the decrypted version of the encrypted output 43, 45, 47 has a high level of confidence in the reliability of the predetermined condition sample due to the integrity provided by the encryption process.

In this context, virtual environment refers to the impact conditions provided to the system at the time of encryption. By including virtual environment information in the scope of encryption, the nature and effects of any impact on the encrypted object can be recorded and analyzed. The virtual environment information includes, but is not limited to, the order of processing when compared to similar or other items; Preprocessing of data, such as data conversion and reformatting; The status of another active process or thread; Operating system control information; Identification of user log-ons; Network monitoring information; And other active control processes.

By encrypting and combining virtual environment information with selected data objects, the integrity of the data objects can be ensured and the nature and scope of the environment that created the objects can be verified. Moreover, an encrypted object is embedded in another object and encrypted or otherwise provides an access layer to a user of the system as described in US Pat. No. 5,369,702. Encrypted objects within the context of the present invention provide for verification of the electronic control layer for management and other sides.

7 shows how virtual environment data 50 can be collected and embedded within an encrypted object 52. Other related unencrypted objects 54 may also be embedded within the same encrypted object 52 as other encrypted objects 56 may be. Of course, the collected virtual environment data 50 may be encrypted before being embedded in the encrypted object 52, and the encrypted object 56 therein may include other encrypted and / or unencrypted objects. Authorized recipients examining the extracted virtual environment data objects have a high level of confidence in the reliability of the corresponding data due to the integrity provided by the encryption process used to create the containers for the objects.

Management, tax jurisdictions, regulatory authorities, internally approved recipients, independent accountants, and other parties can use these features for monitoring and audit control systems as well as the interaction of control systems—an important advantage as a business moves into the electronic world. Using this technique, control systems that consider practical procedures can provide evidence that other control systems behave as designed.

Thus, a system can be considered as an encryption process used to protect and control related objects, or as an audit and control tool to ensure the integrity of the process. Processes such as XML extend management flow control capabilities beyond or recover from databases.

The present invention is described in consideration of a specific process, namely Extensible Markup Language (XML), for ease of explanation. However, it should be noted that the present invention is not limited to this exemplary process and can be widely used as described herein. XML is the method used to structure and describe data, which can be understood by other software applications, including databases and electronic commercial applications. XML preferably uses tags in label data objects for meaning using specific common industry conventions, and as a result, software objects generated by different vendors and having different purposes do not help reconstruct the data between them. Pass it through. XML allows applications to use tag data objects for input. XML can use information sent from one application to another. Applications include business transactions, financial statements, purchase orders, product catalogs, medical history, database searches, and more. In this example, XML tags are used by software to identify applications and possibly operating system, accounting and motion control system objects. The Secure Accounting and Operational Control and Reporting System (SAOCRS) application software examines the selected tag data object and encrypts the copy of the tag object or group of objects, if appropriate. Moreover, encrypted objects are embedded within other objects to provide an access layer to users of the system as encrypted or otherwise described in US Pat. No. 5,369,702. XML labels can be directly related or grouped or changed to relate to the reference process. Encrypted objects are then passed directly on a real time basis to authorized recipients for decryption and further processing, or they are stored and transmitted at a later time.

8 is a flow diagram illustrating the use of XML to identify, copy, and encrypt input objects in SAOCRS. Initially, input object 600 may or may not be associated with an XML tag; If so, the XML-tag input object 601 is supplied directly to the selection and copy process 603. If desired, the XML object-tagging application 602 applies the appropriate XML tag to the input object 600. Using an XML tag identifying the object attribute, SAOCRS 604 selects a certain object 605 according to the control requirements and an identical copy is made. The original tag entry object 606 is allowed to pass to the intended process 607.

The XML tag of each copy of the selected input object 605 in the SAOCRS 604 is processed with a label in the encrypted access layer 609 to determine the appropriate role-based access label or labels to be used to encrypt each object. (608). The role-based label is a descriptor of the type or category of access in addition to the identification of the specific person or access allowed device. Each input object copy is encrypted 610 and passed or stored 611 for the appropriate person, device or other system including other SAOCRS.

9 is a flowchart showing the use of XML to identify, copy, and encrypt the output destination copied from SAOCRS.

Initially, the output destination 704 of the processes 700 and 701 may or may not be associated with an XML tag; If so, the XML-tag output object 702 is fed directly to the selection and copy process 703. If desired, the XML object-tagging application 705 applies the appropriate XML tag to the output object 704. Using an XML tag identifying the object attribute, SAOCRS 706 selects which object 707 according to the control requirements and makes an identical copy. The original tag entry object 708 is allowed to pass to the intended process 709.

The XML tag of each copy of the output object 707 selected within SAOCRS 706 is associated with a label in the encrypted access layer 710 to determine the appropriate role-based access label or labels to be used for encrypting each object 712. Associated processing (711). Each copy of the output destination is encrypted (713) and passed or stored (714) for the appropriate person, device, or other system, including other SAOCRS.

FIG. 10 is a flow diagram illustrating the use of XML to identify, copy, and encrypt a copied object in SAOCRS providing an overall conditional check. Sometimes, when necessary, SAOCRS considers all of them to select input and output objects (800-805) to help in fairness of the conditions of the system and to verify the authenticity of the objects that form the basis for action or audit activity. . The selected objects 800-805 may or may not be associated with an XML tag that aids in object selection. They may be either inputs or outputs of one of each multiple separate process. They may be input or output objects encrypted from other SAOCRS.

Using an XML tag identifying the object attribute, the SAOCRS 806, if possible, selects a certain object according to the control requirements and makes an identical copy (807). The original object 808 is allowed to pass to the intended process 809.

The XML tag of each copy 810 of the selected object in SAOCRS 806 is a label 811 in the encrypted access layer to determine the appropriate role-based access label or labels to be used to encrypt 812 each object 810. Related to). Each selected object without an XML tag is processed with a label 811 in the encrypted access layer to determine the appropriate role-based access label or labels to be used to encrypt 812 each object. Based on the label 811 used to encrypt (812) each set of objects 810, the SAOCRS 806 is suitable label or labels to be used to encrypt (814) all objects within one overall object 813. Determine 811. Encrypted object 814, including the encrypted object that verifies the system conditions, including this, is then passed or stored 815 for a suitable person, device, or other system that includes another SAOCRS.

Thus, a system has been described that provides an encryption process and provides secure accounting and operational control. This process may be advantageously applied to a process using the XML format or to any other plan using a tag or data element. Moreover, any encryption process can be used, and particularly advantageous encryption processes and systems have been described for the purpose of providing secure operational control as described above.

Claims (50)

In the process of encrypting an object that matches a data format and has an object tag associated with it, Binding a plurality of key splits to generate an encryption key; Initializing an encryption algorithm with an encryption key; And Applying an initialized encryption algorithm to at least a portion of the object according to at least one encryption scheme determined at least in part by the object tag to form an encrypted object, Wherein at least one of the plurality of key splits corresponds to at least a portion of the biometric. 2. The encryption process of claim 1, further comprising storing the encrypted object for subsequent use by the intended recipient. 2. The encryption process of claim 1, further comprising storing the encrypted object for subsequent use by the intended recipient. 2. The encryption process of claim 1 wherein the object is an Extensible Generation Language (XML) element. 2. The encryption process of claim 1 further comprising adding at least one key split of the plurality of key splits to an encrypted object. 2. The process of claim 1, further comprising adding reference data associated with at least one key split of the plurality of key splits to the encrypted object. The encryption process of claim 1, further comprising retrieving at least one key split of the plurality of key splits from the storage medium. 8. The encryption process according to claim 7, wherein the storage medium is disposed on a smart card. 2. The encryption process of claim 1 wherein the step of binding the plurality of key splits to generate an encryption key is performed in a smart card. In a process of encrypting an object in a cryptographic system associated with an organization that matches a data format and has an object tag associated with it, Generating an encryption key by tying a tissue split, a maintenance split, a random split, and at least one label split corresponding to the tissue; Initializing an encryption algorithm with an encryption key; Encrypting at least a portion of the object according to an initialized encryption algorithm determined at least in part by the object tag to form an encrypted object; And Adding combiner data to the encrypted object, The combiner data is Reference data corresponding to at least one of at least one label split and an encryption algorithm, Name data associated with the organization, At least one retention split and a retention level associated with the maintenance split, and An encryption process comprising a random split. 12. The process of claim 10, further comprising storing the encrypted object with added combiner data for subsequent use by the intended recipient. 11. The process of claim 10, further comprising selecting an object from a plurality of objects, wherein at least a portion is in accordance with an associated object tag. 11. The process of claim 10 wherein the object is an Extensible Generation Language (XML) element. 11. The encryption process of claim 10 further comprising selecting at least one label split from at least one certificate. 15. The method of claim 14, wherein the selected at least one label split is encrypted, the encryption key is a first encryption key, and the process is Extracting a second encryption key from at least one of a user ID associated with the user, a password associated with the user, and a unique example of data and a random value, and Decrypting the selected at least one label split using a second encryption key. 15. The process of claim 14 wherein at least one certificate is retrieved from memory. 17. The encryption process according to claim 16, wherein the memory is disposed on a smart card. 15. The process of claim 14, wherein a time stamp is generated corresponding to the point in time at which the object was encrypted, and the combiner data further comprises a time stamp. The process of claim 14, wherein the combiner data further comprises a user ID associated with the user. 12. The process of claim 10, wherein a time stamp is generated that indicates when the object was encrypted, and the combiner data further comprises a time stamp. 11. The process of claim 10 wherein the combiner data is a header record. 11. The encryption process of claim 10 wherein the combiner data further comprises one of a digital signature and a digital certificate. 11. The encryption process of claim 10, wherein the combiner data further comprises a digital signature and a digital certificate. The method of claim 10, wherein the encryption key is a first encryption key and the process is Generating a second encryption key based at least in part on the at least one label split; And Encrypting the random key using the second encryption key prior to joining the combiner data to the encryption object, And wherein the random split included in the combiner data is an encrypted random split. 12. The process of claim 10, further comprising encrypting at least a portion of the combiner data using header splits prior to adding the combiner data to an encryption object. 27. The process of claim 25 wherein the header split is constant. CLAIMS 1. A storage medium comprising instructions for a data processor to encrypt an object that matches a data format and has an object tag associated therewith, wherein the instructions bind a plurality of key splits to generate an encryption key; Initialize an encryption algorithm with an encryption key; And Forming an encrypted object by applying an encryption algorithm initialized to at least a portion of the object according to at least one encryption scheme determined at least in part by the object tag, At least one of the plurality of key splits corresponds to at least a portion of the biometric. 28. The storage medium of claim 27, wherein the command further comprises selecting a destination from the plurality of destinations, at least in part in accordance with an associated destination tag. 28. The storage medium of claim 27, wherein the object is an Extensible Generation Language (XML) element. 28. The storage medium of claim 27, wherein the instructions further comprise adding at least one key split of the plurality of key splits to an encrypted object. 28. The storage medium of claim 27, wherein the instructions further comprise adding reference data associated with at least one key split of the plurality of key splits to an encrypted object. 28. The storage medium of claim 27, wherein the instructions further comprise retrieving at least one key split of the plurality of key splits from the storage medium. 33. The storage medium of claim 32, wherein at least a portion of the memory is disposed in the smart card. 28. The storage medium of claim 27, wherein the data processor is distributed and instructions for generating an encryption key are executed on at least a portion of a smart card. 10. A storage medium comprising instructions for a data processor to encrypt a target that matches a data format and has a target tag associated with the data format. Encrypting the tissue split, the maintenance split, the random split, and the at least one label split corresponding to the tissue to generate an encryption key; Initialize an encryption algorithm with an encryption key; Encrypting at least a portion of the object according to an initialized encryption algorithm determined at least in part by the object tag to form an encrypted object; And Adding combiner data to the encrypted object, The combiner data is Reference data corresponding to at least one of at least one label split and an encryption algorithm, Name data associated with the organization, At least one retaining split and a retaining level corresponding to the retaining split, and Includes a random split; And And storing the encrypted object with combiner data for subsequent access. 36. The storage medium of claim 35, wherein the command further comprises selecting a destination from the plurality of destinations, at least in part in accordance with an associated destination tag. 36. The storage medium of claim 35, wherein the object is an Extensible Generation Language (XML) element. 36. The storage medium of claim 35, wherein the instructions further comprise selecting at least one label split from at least one certificate. The method of claim 38, wherein the at least one selected label split is encrypted, the encryption key is a first encryption key, and the command is Extract a second encryption key from at least one of a user ID associated with the user, a password associated with the user, and a unique data example and a random value, and And decrypting the selected at least one label split using a second encryption key. The storage medium of claim 38, wherein the command retrieves at least one certificate from a memory. 41. The storage medium of claim 40, wherein the memory is disposed on a smart card. 39. The storage medium of claim 38, wherein the command generates a time stamp corresponding to the point in time at which the object was encrypted, and the combiner data further comprises a time stamp. The storage medium of claim 38, wherein the combiner data further comprises a user ID associated with the user. 36. The storage medium of claim 35, wherein the command generates a time stamp indicating when the object was encrypted, and the combiner data further comprises a time stamp. 36. The storage medium of claim 35, wherein the combiner data is a header record. 36. The storage medium of claim 35, wherein the combiner data further comprises one of a digital signature and a digital certificate. 36. The storage medium of claim 35, wherein the combiner data further comprises a digital signature and a digital certificate. 36. The method of claim 35, wherein the encryption key is a first encryption key and the command is Generate a second encryption key based at least in part on the at least one label split; And Encrypting the random key using a second encryption key prior to joining the combiner data to the encryption object, And the random split included in the combiner data is an encrypted random split. 36. The storage medium of claim 35, wherein the instructions further comprise encrypting at least a portion of the combiner data using a header split before adding the combiner data to an encryption object. 50. The storage medium of claim 49, wherein the header split is constant.

Images