GB2594073A - A security system - Google Patents

A security system Download PDF

Info

Publication number
GB2594073A
GB2594073A GB2005495.3A GB202005495A GB2594073A GB 2594073 A GB2594073 A GB 2594073A GB 202005495 A GB202005495 A GB 202005495A GB 2594073 A GB2594073 A GB 2594073A
Authority
GB
United Kingdom
Prior art keywords
data
cryptographic key
cryptographic
storage device
digital storage
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
GB2005495.3A
Other versions
GB202005495D0 (en
Inventor
John Sumner Michael
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Custodiex Ltd
Original Assignee
Custodiex Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Custodiex Ltd filed Critical Custodiex Ltd
Priority to GB2005495.3A priority Critical patent/GB2594073A/en
Publication of GB202005495D0 publication Critical patent/GB202005495D0/en
Publication of GB2594073A publication Critical patent/GB2594073A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0827Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving distinctive intermediate devices or communication paths
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/062Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying encryption of the keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

A method and system to perform cryptographic operations such as signing transactions of digital assets using a cryptographic key. A client 170 generates a request to perform a cryptographic operation on client data associated with the request. The request is received at a data storage system 155/165 which retrieves an encrypted version of a cryptographic key associated with the client request. A cryptographic operation request comprising the data and the encrypted key is transmitted to a digital storage device 110 via an airgap 120, such as data diode 122, that implements a protocol break. The digital storage device decrypts the encrypted key using a master key and performs the requested cryptographic operation on the data using the decrypted key. The result of the cryptographic operation is then output via the air-gap. The digital storage device may be a hardware security module (HSM) kept within a secure storage facility 105 such as a vault or bunker. The advantage of the invention is that the cryptographic key can only be used when decrypted by the master key within the secure area. The decrypted key is not stored, nor does it ever leave the secure area.

Description

A Security System
Technical Field
The present disclosure relates to a security system and method for securely creating and storing a cryptographic key and for performing cryptographic operations on electronic data.
Background
It is common to use cold storage for protecting digital assets, such as private cryptographic keys used for signing or encrypting data, from cyber-attacks. Cold storage typically protects the private cryptographic keys needed for securely applying an authorised signature to electronic objects, such as digital assets associated with the private key (for example, financial assets) or any other suitable form of data, by implementing an "air gap" from external networks such as the internet. This means that there is no connection to external networks and thus no way that these keys can be obtained by a cyber-attack, which could enable a hacker to gain access to digital assets, amongst other things, associated with the private key. Often, this means that the private key is stored in a standalone computing device (for example, in memory in a computing device) that is completely disconnected from any external network.
Storing the keys in some standalone computing hardware with no data connection to the external network, such as the Internet, usually then requires multiple offline authorisation checks needed to gain access to a key. Once authorisation checks are passed, typically it is necessary for a person to transfer the signed data from the standalone computing device onto a portable device (such as a USB stick) and physically move it over to a device that is connected to the external network so that it can be transferred to the key owner. Consequently, an authorised key owner cannot easily or quickly use their private key, for example to authorise transactions involving their digital assets. This is not always practical. Likewise, to gain unauthorised access to these keys, a hacker or thief still only needs to attack one physical entity. These drawbacks are particularly significant where the cold storage is used as a secure storage facility for multiple different private keys belonging to different people, particularly where a person is required to physically transfer the signed data from one device to another, resulting in a very significant delay for those people when they wish to make use of their private key, and a very significant security risk if an unauthorised person were to gain physical access to the cold storage.
Summary
The present disclosure relates to a system for securely performing cryptographic operations on electronic data, such as signing transactions of digital assets using a cryptographic key, which enables the authorisation and signing process to be performed in substantially real-time. Only a master key is stored in a physical storage facility, for example, in a hardware security module (HSM) kept in a vault or bunker. Encrypted versions of any cryptographic keys that are needed to authentically sign objects are stored away from the secure storage facility, for example in a cloud network that is air gapped from the secure storage facility. Those encrypted cryptographic keys can only be decrypted and subsequently used within the secure storage facility, because the master key is required for the decryption. It is only once several authorisation checks have been performed that the encrypted cryptographic key is sent to the secure storage facility to be decrypted by the master key, where the cryptographic key can be used to perform a cryptographic operation (such as signing digital data), with the outcome of the operation then being transmitted out of the secure storage facility. Consequently, the cryptographic key can still be used relatively quickly, since an air-gap, which includes a communications protocol break and enables real-time data transmission, can exist between the stored encrypted cryptographic key and the secure storage facility. However, the cryptographic key is never stored in the clear anywhere, such that if an unauthorised person were to access the secure storage facility, or the storage of the encrypted cryptographic key, they still would not have a usable copy of the cryptographic key.
Accordingly, a first aspect of the present invention provides a method of generating a cryptographic key for secure storage, the method comprising generating at a digital storage device a cryptographic key, encrypting the cryptographic key using a master cryptographic key stored on the digital storage device, outputting the encrypted cryptographic key from the digital storage device to a data storage system remote from the digital storage device, and removing any data associated with the cryptographic key from the digital storage device.
As such, the cryptographic key is not stored anywhere in a decrypted form, and is instead stored remotely in an encrypted form only. In order to use the cryptographic key, the encrypted cryptographic key must be sent back to the digital storage device to be decrypted. Consequently, use of the cryptographic key is restricted to the digital storage device only. The cryptographic key may be any cryptographic key where access is to be restricted, for example, a private key in an asymmetric private-public key pair, or a symmetric secret key.
The data storage system remote from the digital storage device may comprise a cloud-based storage system. The cloud-based storage system may comprise a plurality of digital storage entities, and wherein copies of the encrypted cryptographic key are stored in two or more of the plurality of digital storage entities. The cloud-based storage system may comprise two or more data centres located in different geographic locations, each geographic location having a plurality of storage entities, and wherein copies of the encrypted cryptographic key are stored in the two or more data centres.
The digital storage device may be a hardware security module.
Outputting the encrypted cryptographic key may comprise transmitting the encrypted cryptographic key via a data transmission system that comprises an air gap that also implements a protocol break.
In this respect, an air-gap is implemented such that the digital storage device is not network terminated in any way, and that allows real-time communication between the digital storage device and the data storage system without the need for human intervention.
For example, transmitting the encrypted cryptographic key via the data transmission system may comprise transmitting the encrypted cryptographic key from the digital storage device to an interface device using a first communications protocol, and transmitting the encrypted cryptographic key from the interface device to the data storage system using a second communications protocol. As such, the interface device is network terminated to the data storage system, and only communicates with the digital storage device via the air-gap. The digital storage device is thus located on the secure side of the air-gap, whilst the network connection to the air gap starts and finishes at the interface device.
The method may further comprise cryptographically binding an access policy to the encrypted cryptographic key, wherein the access policy is indicative of one or more verification checks for using the cryptographic key.
For example, encrypting the cryptographic key using the master cryptographic key may comprise using an authenticated encryption with associated data, AEAD, encryption, with the access policy attached as associated data.
Alternatively, encrypting the cryptographic key may comprise generating a digital signature over the cryptographic key and the access policy.
The one or more verification checks may comprise one or more of: a push notification, an email check, voice recognition, facial recognition, fingerprint recognition and a passcode, or any suitable check for verifying the identity of a user.
The method may further comprise sharding the master key into a plurality of shards, each shard being stored in a different storage entity. In some cases, the different storage entities may be in different geographic locations.
Generating the cryptographic key may comprise generating a private cryptographic key with a corresponding public cryptographic key.
A further aspect of the present invention provides a system for generating a cryptographic key for secure storage, the system comprising a digital storage device configured to generate a cryptographic key, wherein the cryptographic key is encrypted using a master cryptographic key stored on said digital storage device, and a data storage system remote from the digital storage device for storing the encrypted cryptographic key, wherein any data associated with the encrypted cryptographic key is removed from the digital storage device once output from the digital storage device to the data storage system.
The data storage system remote from digital storage device may be a cloud-based storage system. The cloud-based storage system may comprise a plurality of digital storage entities, and wherein copies of the encrypted cryptographic key are stored in two or more of the plurality of digital storage entities. The cloud-based storage system may comprise two or more data centres located in different geographic locations, each geographic location having a plurality of storage entities, and wherein copies of the encrypted cryptographic key are stored in the two or more data centres.
The digital storage device may be a hardware security module.
The system may further comprise a data transmission system, wherein transmission of the encrypted cryptographic key from the digital storage device to the data storage system takes place via the data transmission system.
The data transmission system may comprise an air-gap and use a data transfer protocol to implement a protocol break. For example, the data transmission system may comprise an interface device for receiving the encrypted cryptographic key from the digital storage device using a first communications protocol, wherein the interface device is further configured to transmit the encrypted cryptographic key to the data storage system using a second communications protocol.
The data transmission system may comprise at least one data diode. It will however be appreciated that the system may comprise any suitable means for enabling data flow in one particular direction. For example, the data transmission system may comprise an optical transmitter for transmitting an optical signal indicative of the encrypted cryptographic key, and an optical receiver for receiving and processing the optical signal to thereby output the encrypted cryptographic key to the data storage system. In doing so, an air gap is provided that ensures that the digital storage device is not in any way connected to a network, whilst also enabling real-time data transmission that does not require any human intervention.
The digital storage device may be further configured to cryptographically bind an access policy to the encrypted cryptographic key, wherein the access policy is indicative of one or more verification checks for using the cryptographic key.
Another aspect of the present invention provides a digital storage device for generating a cryptographic key for secure storage, wherein the digital storage device is configured to generate a cryptographic key, encrypt the cryptographic key using a master cryptographic key stored on the digital storage device, output the encrypted cryptographic key to a data storage system remote from the digital storage device, and remove any data associated with the cryptographic key from the digital storage device.
Yet a further aspect of the present invention provides a system for generating and transmitting a cryptographic key for secure storage, the system comprising a digital storage device configured to generate a cryptographic key, wherein the cryptographic key is encrypted using a master cryptographic key stored on said digital storage device, and a data transmission system for transmitting the encrypted cryptographic key from the digital storage device to a data storage system, wherein the data transmission system comprises an air-gap and uses a data transfer protocol to implement a protocol break, wherein any data associated with the encrypted cryptographic key is removed from the digital storage device once transmitted from the digital storage device to the data storage system.
Another aspect of the present invention provides a method for securely performing cryptographic operations on electronic data, the method comprising receiving at a data storage system a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data, retrieving, at the data storage system, an encrypted version of the cryptographic key associated with the client request, transmitting, from the data storage system to a digital storage device via an air-gap that implements a protocol break, a cryptographic operation request comprising the electronic data and the encrypted cryptographic key, decrypting, at the digital storage device, the encrypted cryptographic key using a master cryptographic key stored on the digital storage device, performing, at the digital storage device, the requested cryptographic operation on the electronic data using the cryptographic key, and outputting, via the air-gap, a result of the cryptographic operation from the digital storage device.
As such, in order to perform the cryptographic operation using a cryptographic key, an encrypted version of the cryptographic key is sent back to the digital storage device to be decrypted by the master key that encrypted it, where it can then be used to complete the cryptographic operation. The cryptographic key is not stored anywhere in an unencrypted form, and thus use of the cryptographic key is restricted to the digital storage device since this is the only place where the encrypted version of the key can be accessed.
Receiving the client request may further comprise performing one or more verification checks associated with the client to verify an identity of the client. In this respect, the encrypted cryptographic key may be cryptographically bound to an access policy, wherein the one or more verification checks are identified in the access policy. For example, the one or more verification checks comprise one or more of: a push notification, an email check, voice recognition, facial recognition, fingerprint recognition and a passcode, or any suitable check for verifying the identity of the client The cryptographic operation request may further comprise verification data indicative of the one or more verification checks having been successfully completed. The cryptographic operation request may further comprise integrity data for checking the integrity of the verification data. The method may therefore further comprise verifying, at the digital storage device, the integrity of the verification data in dependence on the integrity data.
The integrity data may be generated by digitally signing the verification data with a verification cryptographic key stored in the data storage system to create a digital signature, and wherein verifying the integrity of the verification data comprises cryptographically verifying the digital signature using the verification data and a copy of the verification cryptographic key stored in the digital storage device.
Alternatively, the integrity data may be generated by generating a keyed message authentication code for the verification data with a verification cryptographic key stored in the data storage system, and wherein verifying the integrity of the verification data comprises cryptographically verifying the keyed message authentication code using the verification data and a copy of the verification cryptographic key stored in the digital storage device.
In cases where the encrypted cryptographic key is cryptographically bound to an access policy, the method may further comprise verifying, at the digital storage device, the verification data in dependence on the access policy.
The cryptographic operation request may be transmitted to the digital storage device via a data transmission system that comprises the air-gap that implements the protocol break.
For example, transmitting the cryptographic operation request via data transmission system may comprise transmitting the cryptographic operation request from the data storage system to an interface device using a first communications protocol, and transmitting the cryptographic operation request from the interface device to the digital storage device using a second communications protocol. As before, only the interface device is network terminated and can only communicate with the digital storage device via the air-gap. Furthermore, the data being transmitted from the interface device to the digital storage device can be constrained to ensure that no malicious or corrupted data can be transmitted to the digital storage device.
The data storage system may comprise a cloud-based storage system.
The digital storage device may comprise a hardware security module.
The cryptographic operation may comprise signing a transaction relating to a digital asset, and transmitting the result of the cryptographic operation comprises transmitting the signed transaction to at least one node in a blockchain system.
The cryptographic key may be generated in the digital storage device according to the methods described above.
A further aspect of the present invention provides a system for securely performing cryptographic operations on electronic data, the system comprising a data storage system configured to receive a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data, and retrieve an encrypted version of the cryptographic key associated with the client request. The system also comprises a digital storage device configured to receive a cryptographic operation request from the data storage system, via an air-gap that implements a protocol break, the cryptographic operation request comprising the electronic data and the encrypted cryptographic key, decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device, perform the requested cryptographic operation on the electronic data using the cryptographic key, and output a result of the cryptographic operation via the air-gap.
The data storage system may be further configured to perform one or more verification checks associated with the client to verify an identity of the client. The cryptographic operation request may further comprise verification data indicative of the one or more verification checks having been successfully completed.
The cryptographic operation request may further comprise integrity data for checking the integrity of the verification data. The digital storage device may be further configured to verify the integrity of the verification data in dependence on the integrity data.
The data storage system may be configured to generate the integrity data by digitally signing the verification data with a verification cryptographic key stored in the data storage system to create a first digital signature, and wherein the digital storage device is configured to verify the integrity of the verification data by cryptographically verifying the digital signature using the verification data and a copy of the verification cryptographic key stored in the digital storage device.
Alternatively, the data storage system may be configured to generate the integrity data by generating a keyed message authentication code for the verification data with a verification cryptographic key stored in the data storage system, and wherein the digital storage device is configured to verify the integrity of the verification data by cryptographically verifying the keyed message authentication code using the verification data and a copy of the verification cryptographic key stored in the digital storage device.
The digital storage device may be further configured to verify the verification data in dependence on an access policy, wherein the access policy is cryptographically bound to the encrypted cryptographic key, and wherein the one or more verification checks are identified in the access policy.
The system may further comprise a data transmission system configured to transmit the cryptographic operation request from the data storage system to the digital storage device.
The data transmission system may be a closed data transmission system.
The data transmission system may comprise the air-gap that implements the protocol break. For example, the data transmission system comprises an interface device for receiving the cryptographic operation request from the data storage system using a first communications protocol, wherein the interface device is further configured to transmit the cryptographic operation request to the digital storage device using a second communications protocol. This air-gap and protocol break enable data to be securely transmitted from the data storage system to the digital storage device in real-time without needing any human intervention, whilst ensuring that the digital storage device remains physically isolated from any network.
The data transmission system may comprise at least one data diode. It will however be appreciated that the data transmission system may comprise any suitable means for enable data flow in one particular direction. For example, the data transmission system may comprise an optical transmitter for transmitting an optical signal indicative of the cryptographic operation request, and an optical receiver for receiving and processing the optical signal to thereby output the cryptographic operation request to the digital storage device. In this respect, the optical transmitter may be configured, for example, in the form of a screen displaying a visual code, such as a barcode or QR code. The optical receive may be any suitable device for reading the displayed visual code, such as a camera or barcode scanner. In this way, data that can be transmitted from the data storage system to the digital storage device can be constrained to ensure that no corrupted or malicious data can be transmitted to the digital storage device (since only a limited set of visual codes may be displayed by the screen and recognised by the reader at the digital storage device side of the air gap). The data transmission system may also be provided with an optical transmitter and optical receiver for transmitting the result of the cryptographic operation from the digital storage device to the data storage system. As the digital storage device is trusted, the optical transmitter may optionally be implemented in a way that provides a relatively large amount of communication flexibility, for example, as a light emitting diode (LED), such that the communications from the digital storage device are not constrained to the same extent as communications to the digital storage device. As a result, the digital storage device may be kept isolated and secure, whilst still enabling real-time communication with the digital storage device that does not require manual human involvement.
The data storage system may comprise a cloud-based storage system. The digital storage device may comprise a hardware security module.
Another aspect of the present invention provides a digital storage device for securely performing cryptographic operations on electronic data, wherein the digital storage device is configured to receive a cryptographic operation request, the cryptographic operation request comprising an encrypted cryptographic key associated with a client request to perform a cryptographic operation on electronic data using a cryptographic key and the electronic data, decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device, perform the requested cryptographic operation on the electronic data using the cryptographic key, and output a result of the cryptographic operation.
Yet another aspect of the present invention provides a system for securely performing cryptographic operations on electronic data, comprising a data transmission system comprising an air-gap and configured to transmit a cryptographic operation request from a client using a data transfer protocol to implement a protocol break, the cryptographic operation request comprising an encrypted cryptographic key associated with a client request to perform a cryptographic operation on electronic data using a cryptographic key and the electronic data, and a digital storage device configured to receive the cryptographic operation request from the data transmission system, wherein the digital storage device is further configured to decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device, and perform the requested cryptographic operation on the electronic data using the cryptographic key, wherein the result of the cryptographic operation is transmitted from the digital storage device via the data transmission system.
A further aspect of the present invention provides a data storage system for use in performing cryptographic operations on electronic data, wherein the data storage system is configured to receive a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data, retrieve an encrypted version of the cryptographic key associated with the client request, transmit a cryptographic operation request to a digital storage device, the cryptographic operation request comprising the electronic data and the encrypted cryptographic key, and receive from the digital storage device a result of the requested cryptographic operation.
Yet a further aspect provides a computer program configured to perform any of the methods described above when executed on at least one processor of an electronic device.
Brief description of the Drawings
Further features and advantages of the present invention will become apparent from the following description of embodiments thereof, presented by way of example only, and by reference to the drawings, wherein: Figure 1 is a block diagram illustrating a system for secure generation, storage and use of cryptographic keys according to the present disclosure; Figure 2 is an example sequence diagram of communications between some of the entities represented in Figure 1; and Figure 3 is a further example sequence diagram of communications between some of the entities represented in Figure 1.
Detailed Description
The present disclosure relates to a system for securely performing cryptographic operations on electronic data, such as signing transactions of digital assets using a cryptographic key, which enables the authorisation and signing process to be performed in substantially real-time. Only a master key is stored in a physical storage facility, for example, in a hardware security module (HSM) kept in a vault or bunker. Encrypted versions of any cryptographic keys that are needed to authentically sign objects are stored away from the secure storage facility, for example in a cloud network that is air gapped from the secure storage facility. Those encrypted cryptographic keys can only be decrypted and subsequently used within the secure storage facility, because the master key is required for the decryption. It is only once several authorisation checks have been performed that the encrypted cryptographic key is sent to the secure storage facility to be decrypted by the master key, where the cryptographic key can be used to perform a cryptographic operation (such as signing digital data), with the outcome of the operation then being transmitted out of the secure storage facility. Consequently, the cryptographic key can still be used relatively quickly, since an air gap, which includes a communications protocol break and enables real-time data transmission, can exist between the stored encrypted cryptographic key and the secure storage facility. However, the cryptographic key is never stored in the clear anywhere, such that if an unauthorised person were to access the secure storage facility, or the storage of the encrypted cryptographic key, they still would not have a usable copy of the cryptographic key.
The cryptographic key is created and then encrypted using the master key at the secure storage facility. The master key is securely stored at the secure storage facility. The encrypted cryptographic key may be cryptographically bound to metadata comprising information required for accessing the cryptographic key. For example, the metadata may be indicative of any of: the identity of the owner of the cryptographic key; other relevant information such as address and contact information; and/or the authorisation checks that must be completed to access the cryptographic e key. In some cases, the cryptographic key may be a private key generated as part of a public-private key pair, and may therefore also be cryptographically bound to a public key. Alternatively, the cryptographic key may be a symmetric secret key. This package is then sent to a data storage system, such as a cloud network, via an air gapped data transmission system implementing a protocol break, where it is stored. The cryptographic key is never stored at the secure storage facility and any information relating to the cryptographic key, public key (where applicable) and/or metadata may be deleted from the secure storage facility. Importantly, the cryptographic key in its unencrypted form is not stored on any device. The encrypted cryptographic key and the master key are stored in two different locations, where there may be no internet connection between those two locations, that is to say, communications between the two locations may be separated via an air gapped data transmission system implementing a protocol break.
To then make use of the cryptographic key, for example to perform a cryptographic operation such as obtaining an authorised signature on data (such as a transaction) using the cryptographic key, a request to perform the cryptographic operation using the cryptographic key will be received from a user at the cloud network. This may be accompanied by a set of completed authorisation checks relating to the user's authority to make use of the cryptographic key, or such authorisation checks may be initiated and performed by a verifier system within the cloud upon receiving the request. Once the checks have been completed, the encrypted cryptographic key, along with details of the cryptographic operation request and data indicative of the completed authorisation checks will be sent back to the secure storage facility via an air gapped data transmission system implementing a protocol break. Here, the encrypted cryptographic key can be decrypted by the master key and used to securely perform the cryptographic operation. The result of the completed operation can then be sent back to the cloud network for its intended use. For example, in the case of signing a blockchain transaction relating to the transfer of a digital asset held on a blockchain, the signed transaction may be broadcast to nodes participating in the blockchain to order to complete the transfer. As the master key needed to decrypt the encrypted cryptographic key is only stored at the secure storage facility, use of the cryptographic key is restricted to that location.
In summary, the cryptographic key can only be used when decrypted by the master key within the secure storage facility. The cryptographic key is not stored in the secure storage facility, nor does it ever leave the secure storage facility in an unencrypted form.
Therefore, when it needs to be used, the encrypted cryptographic key is transmitted to the secure storage facility, where it is decrypted and used to perform the desired cryptographic operation. This increases security for using and storing the cryptographic key, without imposing the additional security risk/burden of storing the cryptographic key within the secure storage facility. Furthermore, the air gapped data transmission system implementing a protocol break ensures that the HSM remains unconnected to any external network, but enables data to be transmitted to and from the HSM quickly and without the need for human intervention.
Figure 1 shows an example schematic representation of a system 100 in accordance with the present disclosure.
The system 100 comprises one or more digital storage device 110, which in this particular example is a hardware security modules (HSM) 110. The HSM 110 is configured to securely store one or more master keys. Optionally, each FISM 110 may be subdivided, for example, by means of a plurality of processing means 115A, 115B and 115C so that multiple different master keys may be logically segregated and therefore held securely and independently. Each master key may be associated with a different tenant, as explained later. The HSM 110 may also comprise a smartcard reader (not shown), or some other interface, used for back-up and restoration of master keys in the event that a master key stored on the HSM 110 is deleted, for example, upon identification of a security breach.
The system 100 further comprises an interface device 130 and a data transmission system 120 that comprise an air gap and implement a protocol break that uses a simple data transfer protocol. As will be described further below, this will terminate any network connection with the HSM 110. It will be appreciated that any apparatus suitable for providing an air gap and protocol break may be used. In this non-limiting example, the data transmission system 120 comprises a data diode arrangement that only allows data to travel in one direction (although data diodes are not essential for achieving a protocol break). In this example, the air gapped data transmission system 120 comprises at least two data diodes 122A and 12M that each enable data flow in one particular direction, which each provide an air gap between the HSM 110 and the interface device 130. The first data diode 122A is configured for the transfer of data from the HSM 110 to the interface device 130 (i.e. data flow out of the HSM 110 only) using the data transfer protocol, whilst the second data diode 122B is configured for the transfer of data from the interface device 130 to the HSM 110 (i.e. data flow into the HSM 110 only) using the data transfer protocol. The term 'diode' is used herein to indicate one way data communication. In this particular example, each data diode 122A, 122B comprises a transmitter 124A, 124B and a receiver 126A, 126B. For example, the transmitter 124Amay be an optical light source such as a light emitting diode (LED) for generating an optical signal indicative of the data to be transmitted from the HSM 110, whilst the transmitter 124B may be an optical light source such as an optical display for generating an optical signal in the form of a unique barcode such as a QR code. The receiver 126A, 126B may then be implemented as an optical device 126A, 126B, such as a photodiode or camera, for receiving the light transmitted or displayed at the transmitter 124A, 124B and thereby receiving the transmitted data. In doing so, the data diode 122A for transmitting data from the HSM 110 may have more communication flexibility than the data diode 122B since the HSM 110 is a secure and trusted device, whilst the data that can be transmitted via data diode 122B may be more constrained in order to control what data is received at the HSM 110 and ensure that the HSM 110 does not receive malicious or corrupted data.
In such cases, it will be appreciated that the optical light sources 124A, 124B may include some sort of processing means for encoding the data using the data transfer protocol, and likewise the optical devices 126A, 126B may include some sort of processing means for decoding the received data.
Additionally or alternatively the interface device 130 and/or HSNI 110 (or some other device between the data transmission system 120) may encode and decode data so that data may be transmitted from the data storage system 140 to the HSM 110 via the protocol break, and likewise transmitted from the HSM 110 to the data storage system 140 via the protocol break. It will also be appreciated that when the data transmission system 120 comprises data diodes 122A, 122B, they may be implemented in any suitable way, using any means suitable for providing one way data communication, for example, through fiber optic cables or the like.
The data transfer protocol is a different communications protocol to that used for communications between the interface device 130 and the data storage system 140. As such, an air gap and a protocol break between the HSM 110 and outside entities is achieved to protect the HSM 110 from protocol based attacks. Optionally, the data transfer protocol may also be different to the communications protocol used by the HSM 110.
The interface device 130 for receiving data from or inputting data to the data transmission system 120 may be connected to the data storage system 140 (which in this particular example is a cloud network 140) via a "closed" connection/network comprising wired means, for example, through the use of private fiber optic cables. As such, in this example the interface device 130 is not connected to the cloud network 140 via an internet connection. By using this closed connection to the cloud network 140, as well as the air gap and protocol break achieved using the data transmission system 120, data may be quickly and securely transmitted between the cloud network 140 and the HSM 110 without the need for any human intervention.
As such, only the interface device 130 is network terminated, whether connected to a closed network or otherwise, and thus it is only on the side of the interface device 130 that there is any network connection to the air gapped data transmission system 120. The HSM 110 is thus on the secure side of the air gapped data transmission system 120 where there is no network connection.
The HSM 110, data transmission system 120 and interface 130 may all be further housed within a secure storage facility 105, such as a vault or bunker, as an added layer of physical security.
Within the cloud network 140, one of more data centres 150, 160 may exist (which may each be located in different geographical places), each comprising a plurality of digital storage entities 155A-C and 165A-C, such as servers, etc. As will be described in more detail below, these data centres 150, 160 may be used to store multiple copies of encrypted private keys in multiple locations for redundancy purposes.
A client 170 of the system may communicate with the cloud network 140 using any suitable client computing device (for example, a desktop computer, smart phone, tablet, etc.), either directly (for example via the internet, or any other suitable communications network/means) or via some other third party system (not shown). The client 170 may request the generation of a private key, and subsequently make use of the private key for carrying out cryptographic operations, for example signing electronic data/objects such as transactions of digital assets.
Figure 2 shows an example process by which the system 100 may be used to create and store private cryptographic keys.
At step 205, a request from the client 170 is received by the private key service provider that is tenanted at the cloud network 140. The client request may request that a new private key is created, for example for future use with some digital asset such as cryptocurrency. This request may include an "access policy" providing details of one or more verification checks (for example, two or three factor authentication checks) needed to authorise subsequent use of the private key, including the form of the verification checks needed to complete those verification checks. One example verification check may be in the form of an application programming interface (API), for example, the API that the client 170 is using to make the request, the verification being that the user has securely logged into that API via some password or the like. Another example verification check may be in the form of a push notification sent to a personal computing device of the client or some other authorised person. This push notification may prompt the user to enter a passcode or complete some other security measures on the computing device such as finger-print or facial recognition technology. Another example verification check may be in the form of an email sent to the email address associated with the client 170 requesting the user to confirm that they have requested the use of the private key. Another example verification check may then be in the form of a voice recognition test, wherein the user is required to speak one or more words into their computing device or other interactive voice response (IVR) system to confirm their identity. It will of course be appreciated that any number and combination of suitable verification checks may be implemented, which may be defined by the client 170, or the third party operating the API through which the request is being made, or by the private key service provider.
At step 210, a request for the generation of a new private key, and optionally also data relating to the access policy for that private key, is sent to the interface device 130. At step 215, the data will be sent across the air gapped data transmission system 120, according to the data transfer protocol, to the HSM 110. To do this, the interface device inputs the data to the transmitter 124B of the data diode 122B using the data transfer protocol, where it is which is then observed by the receiver 126B. This data will then be received at the I-ISM 110 for processing. At step 220, a public-private key pair is generated using any suitable asymmetric cryptographic algorithm. The generated private key may be suitable for any type of cryptographic operation, for example encrypting data, digitally signing data, hashing data, etc. The generated private key is then encrypted using a master key stored in the part of the HSM 110 tenanted by the private key service provider, using any suitable cryptographic technique, such as using an authenticated encryption with associated data (AEAD) cipher. The private key is encrypted in such a way that the master key can decrypt the encrypted private key. The encrypted private key may also be cryptographically bound to the access policy and the public key. For example, if the private key is encrypted by the master key using an AEAD cipher to encrypt the private key, the access policy and public key may be cryptographically bound by including them as part of the "associated data". In another example, the access policy and public key may be cryptographically bound by using the master key to create a digital signature (using any suitable signature algorithm) or a hash (such as a hash-based message authorisation code (HMAC)) over the encrypted private key, public key and access policy.
In an alternative, rather than generating a public-private key pair, the HSM 110 may generate a stand-alone key (for example, a symmetric secret key, such as an AES symmetric key), in which case a public key would not be cryptographically bound to the encrypted cryptographic key. In this respect, the cryptographic key created and encrypted at the HSM 110 may be any cryptographic key that is inaccessible without the master key stored in the HSM 110.
At steps 225 and 230, the encrypted private key, along with the bound access policy and public key (if appropriate), is sent to the private key service provider in the cloud network via the air gapped data transmission system 120. Any data directly related to the new private key, optionally also any other data associated with the new private key such as the access policy and/or public key, is then removed/deleted from the HSM 110. Because the encrypted private key, and any data directly related to it, are not stored on the HSM 110, and the master key never leaves the HSM 110, the encrypted private key and the master key needed to decrypt the encrypted private key are not stored in the same location. Optionally, a copy of the master key may be sharded (either when the master key is created, or at any other time) into a plurality of shards, so that each shard may be stored on a different electronic device in a different location. For example, each shard may be stored on a different smartcard to be held in a different secure location. In this way, the key shards may serve as a back-up master key in the event that the HSM master key is destroyed for any reason, for example, due to a security breach.
The encrypted private key and bound associated data is sent across the air gapped data transmission system 120 to the interface device 130 according to the data transmission protocol. Here, the transmitter 124A of the data diode 122A will transmit the encrypted private key and associated bound data to the receiver 126A according to the data transmission protocol. The interface device 130 may then decode the data and transmit the encrypted private key and associated bound data to the private key service provider at the cloud network 140 using whatever communications protocol is in place between the interface device 130 and the cloud network 140. It may then be stored at the cloud network 140. In one configuration of the system 100, a single copy of the encrypted private key and associated bound data may be stored in one of the digital storage entities 155A-155C, 165A-165B at step 235. In an alternative configuration of the system 100, a plurality of copies of the encrypted private key and associated bound data may be stored across a plurality of the digital storage entities 155A-155C, 165A-165B at step 235. By storing copies the encrypted private key and associated bound data in multiple digital storage entities 155A-155C, 165A-165B (ideally at least one copy in each of two or more different data centres 150, 160), if any digital storage entities 155A-155C, 165A-165B or data centres 150, 160 are lost for any reason, for example, due to equipment failure, power failure of network outage, the encrypted private key should not be lost altogether and should be accessible and usable at all times. This may be particularly beneficial since the HSM 110 has no record of any of the private keys that may have been generated at it. The inventors have unexpectedly realised that owing to the nature of typical data centres, there tend to be 100s or 1000s of digital storage entities 155A-155C, 165A-165B in each data centre, used by many 100s, 1000s or 10000s of tenants, with each storage entity typically storing a vast range of different data. Consequently, storing multiple copies of encrypted private key across different of digital storage entities 155A-155C, 165A-165B does not make it appreciably easier for an unauthorised entity to gain access to the encrypted private key, even in the event of physical intrusion to the data centre, since they have only a very small likelihood of correctly attacking an entity that actually stores a copy of the encrypted private key. Furthermore, both the physical and cyber security of commercial cloud-based data centres is very high, so the risk of unauthorised access to the encrypted private key at the data centres 150, 160 is acceptably low. Even then, the encrypted private key is useless without the master key, which is securely held elsewhere.
At step 240, a notification may be sent to the client 170 confirming that the encrypted private key has been generated and is ready to use. In the case of a private key, as opposed to a symmetric secret key, the public key may also be communicated to the client.
The encrypted private key and associated bound data may then remain in the cloud network 140 until a request to use the private key is received by the cloud network 140. A client identifier (which could be the public key, or any other suitable identifier) that identifies the client 170 may also be stored by the cloud network in association with the encrypted private key, so that they can be located as needed in the future.
An example process by which the system 100 is used to perform a cryptographic operation using an encrypted private key stored in the cloud network 140 will now be described with reference to Figure 3.
At step 305, a client request to perform a cryptographic operation using a private key is received from the client 170 at the cloud network 140. The client request may comprise a client identifier (for example, the public key or any other suitable information using which the correct encrypted private key and associated bound data may be found), and any other suitable information, for example data on which the client would like a cryptographic operation to be performed (such as transaction data to be signed using the private key, etc). This may be received via the API of a third party, for example, a bank, where the client 170 has requested that a transaction takes place.
At step 310, the relevant encrypted private key is identified, for example using the client identifier, and verification checks associated with that encrypted private key are performed. These verification checks may be carried out by a verifier system in the cloud 140, or they may be completed and sent to the cloud network 140 with the request to perform the cryptographic operation, for example, by the third party system sending the client request. The verification checks may be those defined by the access policy associated with the encrypted private key, and may be any combination of suitable verification checks, which may vary depending on the level of security needed. As described above, the verification checks may use voice biometrics, push notifications and/or email messages to obtain the verification from the relevant user(s).
The verifier system may have one or more associated verifier keys (for example, a single verifier key, or a different verifier key for each of the different verification checks the verifier system is configured to be able to perform). The verifier keys may be stored within a cloud-based HSM. Corresponding validation keys (which may have copies of the verifier keys) may be stored in the HSM 110 for later validation of the verification checks.
Once the verification checks are completed, verification data indicative of successful verification checks may be signed using an appropriate verification key(s). Subsequently, at steps 315 and 320, the encrypted private key and associated bound data, along with the signed verification data and details of the cryptographic operation to be performed (for example, including the data on which the operation is to be performed, such as a blockchain transaction to be signed), are sent to the HSM 110 via the air gapped data transmission system 120. As before, the data is received at the interface device 130 and transmitted to the HSM 110 using the data transmission system 120 according to the data transmission protocol.
Once received at the HSM 110, at step 325 the master key may be used to decrypt the received encrypted private key. Furthermore, the integrity of all of the received data may also be verified. The received verification data is cryptographically verifiable by the HSM 110, such that the HSM 110 confirms that the source of the verification data is trusted, whether that be a verification system in the cloud network 140 or that of a third party system, and confirms the integrity of the information in the verification data. To do this, for example, the HSM 110 may use its validation key(s). For example, where the verification data includes data relating to multiple different verification checks, each of which are protected by a signature or a keyed message authentication code using distinct verification key, the HSM 110 may use its own validation keys, which may be copies of the verification keys, to verify the signature or keyed message authentication code generated by the verification keys. For example, the HSM 110 may generate its own the digital signatures or keyed message authentication codes using the verification data and its validation keys. If they match the signatures or keyed message authentication codes generated by the verifier system, the HSM 110 is assured that the signed verification data came from the verifier system and has not been tampered with. The HSM 110 may also confirm that the verification checks relate to the details of the cryptographic operation to be performed, for example, that the checks do relate to the transaction that the user is trying to make, and that the verification checks meet the requirements of the access policy that was bound to the received private key. Once the HSM 110 has verified the integrity of the received data, it will use the decrypted private key to perform the cryptographic operation, for example, signing a transaction. Again, the decrypted private key is not stored on the HSM 110.
At steps 330 and 335, the result of the completed operation will be output from the HSM 110 and sent back to the cloud network 140 via the air gapped data transmission system and interface device 130. As before, the completed operation may be transmitted to the interface device 130 through the first data diode 122A, before then being transmitted back to the cloud network 140.
At step 340, any necessary/desired processing of the completed operation may be performed. For example, it may optionally be stored for future access by the client 170, or may be forwarded to any other suitable entity (for example, in the case of a blockchain transaction that has just been signed using the private key, the signed transaction may broadcast to nodes participating in the blockchain, or in the case of a traditional signed financial transaction, it may be forwarded to the bank making the transaction). Optionally, the outcome of the cryptographic operation and/or confirmation of completed handling (for example, confirmation of forwarding the signed transaction to the relevant entities) may then be sent to the client 170 at step 345.
Various modifications, whether by way of addition, deletion and/or substitution, may be made to all of the above described embodiments to provide further embodiments, any and/or all of which are intended to be encompassed by the appended claims.
For example, in the above description, the private keys are stored in a cloud based network 140. However, the encrypted private keys may alternatively be stored in any suitable type of data storage system, provided it is located remote from the HSM 110 and is separated from the HSM 110 using a data transmission system 120 that provides a protocol break between the HSM 110 and the data storage system. Furthermore, in the above examples a data transmission system 120 is used such that the HSM 110 acts as a cold storage system (i.e., there is an air gap and a protocol break between the HSM 110 and any outside devices), and the HSM 110 is housed within a physically secure location 105. It may be beneficial for the security of the master key and the processes performed by the HSM 110 to use cold storage and a secure storage facility 105. However, neither the cold storage (and therefore the data transmission system 120) nor the secure storage facility 105 are essential to the invention. Furthermore, using an HSM 110 to store the master key and perform the operations described above may be beneficial owing to the secure properties of HSMs. However, in an alternative, any digital storage device configured to perform the operations described above may be used.
In the above example, the encrypted private key is cryptographically bound to an access policy and various verification checks are performed by a verifier system and the HSM 110 before the private key can be used. However, in an alternative, there may be no access policy and the encrypted private key may not be cryptographically bound to anything (or it may be bound only to other data, such as a corresponding public key). For example, the verifier system may always perform the same types of verification processes for all clients and all private keys. Likewise, the HSM 110 may also perform the same validation processes on data received from the cloud network 140. In a further example, the system 100 may be configured such that the HSM 110 need not perform any validation on data received from the cloud network 140. For example, if the data connection between the cloud network 140 and the HSM 110 is sufficiently secure and the cloud network 140 is sufficiently reliable for all communications coming into the HSM 110 to be reliable, it may be decided that the HSM 110 does not need to perform any validation on data received from the cloud network 140. Furthermore, whilst verification of the client 170 may be important for ensuring that use of the private key is restricted to authorised persons, in some alternative configurations it may not be required, for example where the client 170 is communicating with the cloud network within a closed network, access to which is inherently restricted only to authorised persons.
In the above example, communications between the interface device 130 and the cloud network 140 use a 'closed' connection/network, which may be beneficial for enhancing the security of those communications. However, in an alternative, any suitable form of data connection may be used. Furthermore, the interface device 130 may be omitted entirely and the cloud network 140 may interface directly with the data diodes 122A and 122B.
In the above example, the storage facility 105 comprises a single HSM 110 with a plurality of processing means 115A-C, each processing means storing a logically separated master key. However, in an alternative, a single HSM 110 with a single processing means may be provided and may be configured to store one or more master keys. In a further example, the storage facility 105 may comprise a plurality of HSMs 110, which may each be configured to store one master key, or alternatively, a plurality of master keys.
The aspects of the present disclosure described in all of the above may be implemented by software, hardware or a combination of software and hardware. For example, the functionality of the HSM and the functionality of the cloud network 140 may be implemented by software comprising computer readable code, which when executed on the processor of any electronic device, performs the functionality described above. The software may be stored on any suitable computer readable medium, for example a non-transitory computer-readable medium, such as read-only memory, random access memory, CD-ROMs, DVDs, Blue-rays, magnetic tape, hard disk drives, solid state drives and optical drives. The computer-readable medium may be distributed over network-coupled computer systems so that the computer readable instructions are stored and executed in a distributed way.

Claims (25)

  1. Claims 1. A system for securely performing cryptographic operations on electronic data, the system comprising: a data storage system configured to: receive a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data; and retrieve an encrypted version of the cryptographic key associated with the client request; and a digital storage device configured to: receive a cryptographic operation request from the data storage system, via an air-gap that implements a protocol break, the cryptographic operation request comprising the electronic data and the encrypted cryptographic key; decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device; perform the requested cryptographic operation on the electronic data using the cryptographic key; and output a result of the cryptographic operation via the air-gap.
  2. 2. A method for securely performing cryptographic operations on electronic data, the method comprising: receiving at a data storage system a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data; retrieving, at the data storage system, an encrypted version of the cryptographic key associated with the client request; transmitting, from the data storage system to a digital storage device via an air-gap that implements a protocol break, a cryptographic operation request comprising the electronic data and the encrypted cryptographic key; decrypting, at the digital storage device, the encrypted cryptographic key using a master cryptographic key stored on the digital storage device; performing, at the digital storage device, the requested cryptographic operation on the electronic data using the cryptographic key; and outputting, via the air-gap, a result of the cryptographic operation from the digital storage device.
  3. 3. A computer implemented method of generating a cryptographic key for secure storage, the method comprising: generating at a digital storage device a cryptographic key; encrypting the cryptographic key using a master cryptographic key stored on the digital storage device; outputting the encrypted cryptographic key from the digital storage device to a data storage system remote from the digital storage device; and removing any data associated with the cryptographic key from the digital storage device.
  4. 4. A method according to claim 1, wherein outputting the encrypted cryptographic key comprises transmitting the encrypted cryptographic key via a data transmission system that implements a protocol break and comprises an air gap.
  5. 5. A method according to claim 4, wherein transmitting the encrypted cryptographic key via data transmission system comprises: transmitting the encrypted cryptographic key from the digital storage device to an interface device using a first communications protocol; and transmitting the encrypted cryptographic key from the interface device to the data storage system using a second communications protocol.
  6. 6. A method according to any of claims 3 to 5, further comprising cryptographically binding an access policy to the encrypted cryptographic key, wherein the access policy is indicative of one or more verification checks for using the cryptographic key.
  7. 7. A method according to claim 6, wherein encrypting the cryptographic key using the master cryptographic key comprises using an authenticated encryption with associated data, AEAD, encryption, with the access policy attached as associated data.
  8. 8. A method according to claim 6, wherein encrypting the cryptographic key comprises generating a digital signature over the cryptographic key and the access policy.
  9. 9. A method according to any of claims 3 to 8, further comprising sharding the master key into a plurality of shards, each shard being stored in a different storage entity.
  10. 10. A method according to claim 9, wherein the different storage entities are in different geographic locations.
  11. 11. A system for generating a cryptographic key for secure storage, the system comprising: a digital storage device configured to generate a cryptographic key, wherein the cryptographic key is encrypted using a master cryptographic key stored on said digital storage device; and a data storage system remote from the digital storage device for storing the encrypted cryptographic key; wherein any data associated with the encrypted cryptographic key is removed from the digital storage device once output from the digital storage device to the data storage system.
  12. 12. A system according to claim 11, wherein the data storage system remote from digital storage device is a cloud-based storage system.
  13. 13. A system according to claim 12, wherein the cloud-based storage system comprises a plurality of digital storage entities, and wherein copies of the encrypted cryptographic key are stored in two or more of the plurality of digital storage entities.
  14. 14. A system according to claims 12 or 13, wherein the cloud-based storage system comprises two or more data centres located in different geographic locations, each geographic location having a plurality of storage entities, and wherein copies of the encrypted cryptographic key are stored in the two or more data centres.
  15. 15. A system according to any of claims 11 to 14, wherein the digital storage device is a hardware security module.
  16. 16. A system according to any of claims 11 to 15, further comprising a data transmission system, wherein transmission of the encrypted cryptographic key from the digital storage device to the data storage system takes place via the data transmission system.
  17. 17. A system according to claim 16, wherein the data transmission system comprises an air-gap and uses a data transfer protocol to implement a protocol break.
  18. 18. A system according to claims 16 or 17, wherein the data transmission system comprises an interface device for receiving the encrypted cryptographic key from the digital storage device using a first communications protocol, wherein the interface device is further configured to transmit the encrypted cryptographic key to the data storage system using a second communications protocol.
  19. 19. A system according to any of claims 16 to 18, wherein the data transmission system comprises at least one data diode.
  20. 20. A system according to any of claims 16 to 19, wherein the data transmission system comprises: an optical transmitter for transmitting an optical signal indicative of the encrypted cryptographic key; and an optical receiver for receiving and processing the optical signal to thereby output the encrypted cryptographic key to the data storage system.
  21. 21. A digital storage device for generating a cryptographic key for secure storage, wherein the digital storage device is configured to: generate a cryptographic key; encrypt the cryptographic key using a master cryptographic key stored on the digital storage device; output the encrypted cryptographic key to a data storage system remote from the digital storage device; and remove any data associated with the cryptographic key from the digital storage device.
  22. 22. A system for generating and transmitting a cryptographic key for secure storage, the system comprising: a digital storage device configured to generate a cryptographic key, wherein the cryptographic key is encrypted using a master cryptographic key stored on said digital storage device; and a data transmission system for transmitting the encrypted cryptographic key from the digital storage device to a data storage system, wherein the data transmission system comprises an air-gap and uses a data transfer protocol to implement a protocol break; wherein any data associated with the encrypted cryptographic key is removed from the digital storage device once transmitted from the digital storage device to the data storage system.
  23. 23. A digital storage device for securely performing cryptographic operations on electronic data, wherein the digital storage device is configured to: receive a cryptographic operation request, the cryptographic operation request comprising an encrypted cryptographic key associated with a client request to perform a cryptographic operation on electronic data using a cryptographic key and the electronic data; decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device; perform the requested cryptographic operation on the electronic data using the cryptographic key; and output a result of the cryptographic operation.
  24. 24. A system for securely performing cryptographic operations on electronic data, 10 comprising: a data transmission system comprising an air-gap and configured to transmit a cryptographic operation request from a client using a data transfer protocol to implement a protocol break, the cryptographic operation request comprising an encrypted cryptographic key associated with a client request to perform a cryptographic operation on electronic data using a cryptographic key and the electronic data; and a digital storage device configured to receive the cryptographic operation request from the data transmission system, wherein the digital storage device is further configured to decrypt the encrypted cryptographic key using a master cryptographic key stored on the digital storage device, and perform the requested cryptographic operation on the electronic data using the cryptographic key; wherein the result of the cryptographic operation is transmitted from the digital storage device via the data transmission system,
  25. 25. A data storage system for use in performing cryptographic operations on electronic data, wherein the data storage system is configured to: receive a client request from a client to perform a cryptographic operation on electronic data using a cryptographic key, the client request comprising the electronic data; retrieve an encrypted version of the cryptographic key associated with the client 30 request; transmit a cryptographic operation request to a digital storage device, the cryptographic operation request comprising the electronic data and the encrypted cryptographic key; and receive from the digital storage device a result of the requested cryptographic 35 operation.
GB2005495.3A 2020-04-15 2020-04-15 A security system Pending GB2594073A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB2005495.3A GB2594073A (en) 2020-04-15 2020-04-15 A security system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB2005495.3A GB2594073A (en) 2020-04-15 2020-04-15 A security system

Publications (2)

Publication Number Publication Date
GB202005495D0 GB202005495D0 (en) 2020-05-27
GB2594073A true GB2594073A (en) 2021-10-20

Family

ID=70848006

Family Applications (1)

Application Number Title Priority Date Filing Date
GB2005495.3A Pending GB2594073A (en) 2020-04-15 2020-04-15 A security system

Country Status (1)

Country Link
GB (1) GB2594073A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268165A1 (en) * 2018-02-27 2019-08-29 Anchor Labs, Inc. Cryptoasset custodial system with different rules governing access to logically separated cryptoassets
US20190372779A1 (en) * 2018-02-27 2019-12-05 Anchor Labs, Inc. Cryptoasset custodial system with different rules governing access to logically separated cryptoassets and proof-of-stake blockchain support
US10607027B1 (en) * 2018-12-05 2020-03-31 Cyberark Software Ltd. Secretless secure data distribution and recovery process

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190268165A1 (en) * 2018-02-27 2019-08-29 Anchor Labs, Inc. Cryptoasset custodial system with different rules governing access to logically separated cryptoassets
US20190372779A1 (en) * 2018-02-27 2019-12-05 Anchor Labs, Inc. Cryptoasset custodial system with different rules governing access to logically separated cryptoassets and proof-of-stake blockchain support
US10607027B1 (en) * 2018-12-05 2020-03-31 Cyberark Software Ltd. Secretless secure data distribution and recovery process

Also Published As

Publication number Publication date
GB202005495D0 (en) 2020-05-27

Similar Documents

Publication Publication Date Title
US20220191012A1 (en) Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System
CN105103119B (en) Data security service system
CN107925581B (en) Biometric authentication system and authentication server
JP6118778B2 (en) System and method for securing data in motion
US8737624B2 (en) Secure email communication system
US11943350B2 (en) Systems and methods for re-using cold storage keys
US20170142082A1 (en) System and method for secure deposit and recovery of secret data
CN105743638B (en) Method based on B/S architecture system client authorization certifications
KR20180129028A (en) Methods and system for managing personal information based on programmable blockchain and one-id
CN110990827A (en) Identity information verification method, server and storage medium
CN105103488A (en) Policy enforcement with associated data
CN105191207A (en) Federated key management
US8566952B1 (en) System and method for encrypting data and providing controlled access to encrypted data with limited additional access
EP0912011A2 (en) Method and apparatus for encoding and recovering keys
Chidambaram et al. Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique
TWI476629B (en) Data security and security systems and methods
KR101651563B1 (en) Using history-based authentication code management system and method thereof
KR101745482B1 (en) Communication method and apparatus in smart-home system
KR102053993B1 (en) Method for Authenticating by using Certificate
CN113656818B (en) Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security
CN111541708B (en) Identity authentication method based on power distribution
KR102357595B1 (en) Blockchain-based authentication system and method for preventing interception hacking attacks
GB2594073A (en) A security system
KR20140142951A (en) Device and method creating one time password using physically unclonable function
KR102648908B1 (en) User authentication system and method