JP5466698B2 - Systems that process encryption certificates - Google Patents

Description

  The present invention relates generally to the field of information security, and more particularly to a system for ensuring safety through encryption.

  Encryption is an area of computer science related to mathematical discipline and information security and related issues, particularly the encryption / decryption of information and identity authentication. In applications called “data-in-movement” applications, encryption is widely applied to secure the flow of information between communication participants, eg, client nodes, in a communication channel. . Encryption has also been applied to secure information in applications known as “data-at-rest” applications in data storage media and databases.

  Symmetric and asymmetric encryption schemes are known classes of algorithms that use keys with one or more secret parameters for information encryption and decryption, and authentication. In the symmetric encryption method, the key represents a shared secret that is known in advance among the communication participants. Systems that ensure security with symmetric key algorithms use relatively simple encryption and decryption calculations. Such a system also requires selection, distribution, and maintenance of a shared secret key between communication participants. To avoid security breaches and potential discoveries by cryptanalysts, shared secrets must be changed frequently during distribution and operation to maintain security, and symmetric encryption methods are large-scale It is not practical for ensuring safety in the system and is difficult to expand.

  The asymmetric encryption method uses a mathematically related key pair known as a public key and a secret key, so there is no need to know in advance the shared secret key between communication participants. The asymmetric encryption method has a large computational load, but overcomes the disadvantage of scalability related to the symmetric encryption method. Public Key Infrastructure (PKI) is a known system for securing information using asymmetric key cryptography. In such a system, a party at one computer station digitally signs a message using a randomly generated secret key, and a party at another computer station uses a distributed public key derived from that private key. Verify the signature. The communication participant's public key is issued by one or more trusted third parties called Certificate Authorities (CA) and the corresponding ID certificate, also known as the Public Key Certificate (Identity Certificate). In this way, PKI retains the confidentiality of a message against a person who does not have a private key, and anyone whose ID certificate has an associated public key and ID certificate is the message whose private key It is possible to verify that it was created with. Thus, the PKI allows the communicating parties to authenticate each other and use the public key information of the ID certificate for message encryption and decryption, so that the message's Confidentiality, integrity and authentication can be achieved.

Each ID certificate contains a public key, name, e-mail address, a digital signature associating the identification represented by information such as. By digitally signing a certificate, a certificate authority (CA) can identify the public key, ie, the property of the person, organization, server, or other entity described in the certificate. Prove that there is. A CA is usually a trusted third party that issues digital certificates for use by communicating parties. As a requirement to be trusted, the CA is obligated to verify the authenticity of the identity of the communicating party in some way. If the party trusts the CA and can verify its signature, it is assumed that it can verify that the public key is the property of the person identified in the certificate.

  Some enterprise-wide public key infrastructure (PKI) systems rely on certificate chains to establish party identity. In such a configuration, the certificate is issued by a single certificate authority (CA), the validity of that CA for that purpose is established by a higher level CA, and a higher level CA is also valid for its validity. And so on. This creates a certificate hierarchy consisting of multiple CAs, which are often one or more organizations. The CA can manage certificate issuance using an interoperability software package selected from various computers and several sources. This makes the standard for PKI operation important. The IETF PKIX workgroup Involved in the standardization of public key certificate formats including a certificate standard known as 509.

  Various point-to-point secure communication protocols using encryption are known. Examples of such protocols include Secure Sockets Layer ™ (SSL), Transport Layer Security (TLS), Secure Shell (SSH), IP Security (IPsec), and High Assurance Level IP interoperability specifications (High Assurance Internet Protocol Interoperability Specification, HAIPIS). SSL and TLS provide cryptographic endpoint authentication for applications communicating in a client-server based network that avoids interception, tampering, and message forgery during communication. SSH is a set of standards and associated network protocols that allow the establishment of a secure channel between a local computer and a remote computer. This protocol uses public key encryption to authenticate the remote computer. IPsec is a standard for securing Internet Protocol (IP) communications by encrypting all IP packets for authentication, data confidentiality, and message integrity. High Assurance Internet Protocol Encryptor (HAIPE) is the National Security Agency (NSA, USA) High Assurance Internet Protocol Interoperability Standard (HAIPEIS) Is a type 1 encryption device conforming to The encryption schemes used are suite A and suite B, which are defined by the NSA as part of the Cryptographic Modernization Program. HAIPEIIS is based on IPsec with restrictions and enhancements added. A HAIPE is generally a secure gateway that allows data to be exchanged between two minorities over an untrusted or lower class network. In conventional security systems, such as those using the aforementioned protocols, encrypted messages are communicated over a channel, most often through a firewall, based on the authentication of the identity of the communicating party by the CA. Conventional security systems allow parties to communicate with each other over a channel as long as the identity of the communicating parties is authenticated.

  Applications typically provide access to resources based on the trust provided by the user. In general, such applications verify a user's role and provide access to resources based on that role. Roles are often used in financial or business applications to enforce policies. For example, an application may impose a limit on the size of transactions that are processed depending on whether the requesting user is a member of a particular role. The clerical office may have authorization to process transactions below a predetermined threshold, the supervisor may have higher limits, and the vice president may have higher limits (or no limits). Role-based security can also be used when an application requires multiple authorizations to complete an action. Such cases include a purchasing system, where any employee can generate a purchase request, but only the purchaser may be able to convert the request into a purchase order that can be sent to the supplier.

  One known role-based identity management system is provided by Microsoft as the .NET Framework. In the .NET Framework, a “principal” represents a user's identity and role and acts on behalf of the user. .NET Framework applications make authorization decisions based on principal identification and / or role membership. A role is a name (bank teller, manager, etc.) given to a set of principals who have the same rights regarding security. A principal may be a member of one or more roles. Thus, the application can use role membership to determine whether the principal is authorized to perform the requested action.

  Another role-based system includes an analytic collaboration platform called Eurekify's Sage Enterprise Role Manager (ERM), which allows organizations to create and manage role-based rights models deployed on the target platform. Can do. Sage ERM enables organizations to take advantage of Role-Based Access Control (RBAC) to manage their rights and policies from a business perspective and achieve identity management and compliance goals To do.

  Currently, the Object Management Group (OMG) defines a role-based access policy (Roll) that defines RBAC policies and agent authorizations that are applied in the role based access control (RBAC) runtime environment. Based Access Policy (RBAP) Metamodel proposal request document (OMG document: bmi / 2008-02-07) This metamodel is intended to be a non-platform dependent model (PIM) corresponding to the exchange of RBAP models between modeling tools and runtime systems.

In another traditional approach, Lawrence Berkeley National Laboratory, also known as Berkeley Laboratories, has developed a system called Akenti (http://dsd.lbl.gov/security/Akenti/homepage.html). Akenti addresses the issues raised for allowing limited access to resources in a distributed network controlled by multiple stakeholders . Akenti provides a way to express and enforce an access control policy without the need for a central enforcer and administrator. Akenti's architecture is intended to provide scalable security services in a distributed network environment. Akenti is designed to allow each resource stakeholder to enforce its access control requirements without relying on other stakeholders . Akenti will ensure that each stakeholder can change its requirements at any time, be confident that the new requirements will be effective immediately, and provide a high degree of integrity and non-repudiation assurance in asserting access control requirements. Yes.

Akenti uses a digitally signed certificate. A certificate can claim identity (ID certificate), prove the attribute of interest (attribute certificate), or declare matching conditions (use condition certificate). Akenti's certificate can have resource usage requirements and user attribute authorization along with user identity authentication. Terms of use in Akenti are related to stakeholder requirements, and prospective users must show and meet the corresponding attribute certificate before being allowed to use the resource. Attributes are associated with characteristics of a person or other identifiable entity . Akenti stakeholders can impose usage conditions that users must belong to a specific group in order to access resources controlled by that stakeholder . Thus, a user who wants to access such a resource must verify the membership of that particular group with the corresponding attribute certificate. An attribute certificate claims that a user or resource possesses the attributes specified for a particular usage condition.

  In Akenti's system, however, stakeholders are tied to resources. Such stakeholders control access to resources based on usage conditions that require users to match specified attributes. In Akenti, access to resources is allowed as long as the user meets the attribute requirements specified for the resource stakeholder. One disadvantage of the Akenti system is that it does not adapt to the security requirements of stakeholders or authorities who are not resource stakeholders. Such a non-resource stakeholder cannot control the user's access rights to the resource unless the resource stakeholder avoids the user's access to the resource. In other words, Akenti's resource stakeholder grants access to the user's resources that are prohibited from access by non-resource stakeholder.

  A computer network authentication protocol called Kerberos is known that allows individuals communicating over an insecure network to prove each other's identity in a secure manner. A set of free software published by the Massachusetts Institute of Technology (MIT) that implements a Kerberos protocol that provides mutual authentication in which both client and server verify each other's identity, primarily in a client-server model. be able to. Kerberos protocol messages are protected against interception and replay attacks.

  Kerberos is built on a symmetric key encryption scheme and requires a trusted third party called the Key Distribution Center (KDC), which is an authentication server (AS) and It consists of two logically separated parts with a ticket granting server (TGS). Kerberos operates on a “ticket” that verifies the identity of the user.

The key distribution center (KDC) maintains a secret key database. Regardless of client or server, each entity on the network shares a secret key known only to itself and the key distribution center (KDC). Knowing this key proves the identity of the entity . In communication between two entities , the KDC generates a session key, which can be used to secure their interaction. However, to use the Kerberos protocol, the “ticket” must be verified by querying the KDC, or central server, leading to a single point of failure for the implemented system. Kerberos single point of failure characteristics are not convenient for systems with intermittent or failure-prone communication capabilities, such as embedded systems and autonomous systems.

  Thus, the security needs of information systems are becoming more complex and there is a need for a secure system and method that controls access based on advanced and advanced security parameters.

Briefly, according to one aspect of the invention, a system for processing encryption certificates includes a plurality of entities. The system also includes one or more membership certificates. Each membership certificate has one or more prerequisite group names, one or more target group names, and one or more prerequisite group stakeholders and one or more functioning as target group stakeholders. Includes the names of several stakeholders. Stakeholders are executed by hardware resources. A group membership certificate is valid if it is cryptographically signed by one or more prerequisite group stakeholders that allow an entity of the prerequisite group to become an entity of another group. The group membership certificate is further cryptographically signed by one or more target group stakeholders that allow the entity to join the target group. The node receives an encryption certificate from the entity. The node checks the valid group membership certificate and if the received encryption certificate effectively binds the entity to the prerequisite group specified in the valid group membership certificate, the node validates the entity. Add to the target group specified in the group membership certificate.

In addition, the system for processing the encryption certificate receives an encryption certificate that describes at least one of the prerequisites including at least one membership of the entity's prerequisite group, and the encryption certificate makes a decision. It is determined whether or not it has been effectively signed by at least one prerequisite group stakeholder that requires approval of membership usage in the prerequisite group to do.

According to another aspect of the invention, a system for processing an encryption certificate describes one or more preconditions in the encryption certificate. The one or more preconditions include membership of the entity's precondition group. An entity may be a participant, resource, or right. The present invention also describes the name of the target group of one or more entities. That one or more prerequisite stakeholders or authorities have signed an encryption certificate and are added to one or more prerequisite group entities as members of another one or more entity target groups To give permission. Examples of preconditions relate to, among other things, membership, physical characteristics, time characteristics, location characteristics, or location characteristics of a group of one or more other entities.

According to a further detailed feature of the invention, the name of the one or more prerequisite groups is the name of one or more prerequisite group stakeholders that allow members of the prerequisite group to join another group. , and includes one or names of a plurality of preconditions group stakeholders to allow membership in the one or more prerequisite group. Name of one or more prerequisite group further includes one or more free identifiers ambiguous prerequisite group. In one exemplary embodiment, one or names of a plurality of preconditions group stakeholder comprises the public key of one or more prerequisite group stakeholders. The signature of the one or more prerequisite group stakeholders includes an encryption signature of an encryption certificate created using the stakeholder 's private key.

Similarly, the name of one or more target groups may be the name of one or more target group stakeholders that allow membership or addition of another target group entity to another group, and one or more of the entities. Including the names of one or more target group stakeholders who are allowed to become members of the target group. One or names more target group stakeholders, one or more includes the public key of the target group stakeholder, one or signatures of a plurality of target group stakeholders, one or more target groups • It contains an encryption signature of an encryption certificate created using the stakeholder 's private key.

According to yet another aspect of the invention, the encryption certificate includes a name of one or more prerequisite groups, a name of one or more target groups, and an entity of the prerequisite group. one or a plurality of cryptographic signature prerequisite group stakeholder that allows the entity, one of the goals group stakeholders that permits adding the name of the entity to the target group or a cryptographic signature Contains.

FIG. 1 is a conceptual diagram illustrating an example of grouping client station participants interacting with storage resources by read, write, and read / write rights.

FIG. 2 is a diagram illustrating an example of the group name.

FIG. 3 is a diagram illustrating a group membership certificate (GMC) that links the preconditions related to the entity to the target group.

FIG. 4 is a diagram illustrating a GMC that links one or more preconditions related to a group to a target group.

FIG. 5 is a block diagram of a system that implements an example embodiment of the present invention.

FIG. 6 is a diagram illustrating an example of GMC for grouping participants.

FIG. 7 is a diagram illustrating an example of GMC for resource grouping.

FIG. 8 is a diagram illustrating an example of GMC for right grouping.

The present invention relates to a system or method for applying an encryption certificate to define a group of entities . Entities that are grouped may vary in nature and are not required to have more properties than are named or identified in the encryption certificate. Examples of entities include both physical and logical entities , humans, processing units, nodes, client stations, file systems, computer hardware, execution instances of computer programs, read or write access rights, operating system rights, storage Resources, computer resources, and / or communication resources, or other groups are included. In addition, an entity is sometimes translated as “entity” in the technical field, and in consideration of this, the term “entity” has the same meaning as “entity” in the following description and accompanying drawings. Is used.

  FIG. 1 is a conceptual diagram illustrating an example of grouping client station participants that interact with storage resources by one or more rights. Participants have standardized, for example, in ANSI X9.63, IEEE 1363-2000, and ISO / IEC 15946-3, that confidentiality is maintained and that other parties are able to recognize that secret without revealing the secret. It consists of any entity that is possible using a mutual authentication protocol such as the elliptic curve MQV (Elliptic Curve MQV) protocol. In one embodiment, participants can be implemented in hardware or software and can be identified or named using an encrypted public key. Participants may be web clients, SQL clients, file servers, Ethernet cards, partitions, applications, nodes, systems, computers, or equipment, among others.

  In one embodiment, a participant consists of an entity that can interact directly with the resource and indirectly with other participants through the resource. A resource consists of non-participant entities, including but not limited to any hardware, firmware, data, and / or software that is executed, used, utilized, created, or protected. included. The resource is not a participant. Examples of resources according to the present invention that can be cryptographically grouped include files stored in a file system, network stack ports, computer random access memory, and the like. Examples of other resources include socket libraries, protocol stacks, device drivers, etc. along with any available processing power, links, communication channels, I / O buses, memory buses, hardware or software. Resources can also include any suitable asymmetric and / or symmetric key encryption algorithms and encryption / decryption units that implement the method according to the present invention.

  In one embodiment of the invention, a resource is an entity that can be acted upon or consumed by a participant with the necessary rights. A right consists of an allowed interaction between one or more participants and one or more resources. For example, the rights related to a file resource include the right to read from the file resource, the write to the file resource, or both. Another example is the right to execute programs using random access memory (RAM).

  As described above, in one example embodiment, a participant can maintain a secret and verify the identity of the secret to other participants without revealing the secret, so that the encrypted public key Named or identified by However, resources and rights are named, referenced or identified using a resource or rights description that is sufficiently detailed to identify the resource or right.

  In general, the present invention uses and creates one or more named entities, eg, one or more certificates as a means of determining whether a participant, resource, or right is a member of a group. Relates to a system or method. The certificate of the present invention can be verified without querying the central server. Optionally, a system or method implementing the present invention may include additional certificates that can associate or associate additional identifiable information with any of a plurality of entities or groups. Thus, in the present invention, one or more certificates known as Group Membership Certificates (GMC) determine whether one or more entities are members of one or more target groups. Defined. Individual entities and groups of one or more entities are designated with GMC membership in the target group. The GMC describes one or more group membership prerequisite conditions (GMPC) along with the name of the target group name. In a typical GMPC example, when the satisfiability of the GMPC is evaluated, it may require proof of conformance with conditions verifiable by parties relying on the GMC. The conditions include group membership of another name, proof of being an entity with a particular name, and state, height, width, shape, time, location, position, placement, amplitude, phase, frequency, Includes proof of having physical (eg, mechanical, optical, thermal, geometric, etc.), non-physical, temporal or non-temporal properties including properties related to current, voltage, resistance, etc. It is. Examples of typical proofs include a proof of match between the current arrangement and a predetermined arrangement, a proof of biometric matching, and a proof of coincidence between the current date and a predetermined date.

  For example, multiple entities can become part of a designated precondition group that can itself be a member of a target group if it meets the preconditions required for membership. Thus, each GMC represents membership preconditions for a specified target group. A goal group membership is granted to an entity by satisfying one or more preconditions according to defined satisfaction criteria. In various embodiments of the present invention, the goal group membership precondition satisfaction criteria is to satisfy each precondition, satisfy one of the preconditions, and the operator is AND and It can be related to any one of satisfying a combination of preconditions described by a Boolean algebra expression composed of declaration limbs (OR) and satisfying m of n preconditions in total.

As described above, in order for a target group to be given membership to an entity , it is necessary to satisfy the group membership precondition. As described below, a stakeholder with the necessary authority signs a Group Membership Certificate (GMC) and binds one or more Group Membership Preconditions (GMPC) to the target group, One or more entities that meet one or more preconditions can be members of a specified target group. In this regard, stakeholder may be translated as `` stakeholder '' in the technical field, and in the following description and accompanying drawings, `` stakeholder '' is synonymous with `` stakeholder ''. The term “person” is used.

  Thus, the present invention extends existing certificate-based methods for grouping entities by requiring additional information to be included in the name of the group. In one example embodiment, the group name includes, directly or indirectly, the public key of the authorized person whose permission is required to use the group membership as a decision factor. This means that the two groups have the same name only when the decision and use authority set is equal. The group name may include other information as long as the information and constraints of the present invention are included and applied, and may have additional equality constraints in the system that implements the present invention. Thus, each group membership certificate (GMC) links one or more preconditions to the name of the target group. FIG. 2 shows an example of a group name template.

  In one example embodiment of the present invention, two types of group membership certificates (GMC) are implemented. FIG. 3 illustrates a GMC that associates preconditions related to an entity with a target group, and FIG. 4 illustrates a GMC that links one or more preconditions for membership of other groups to a target group. According to the GMC example of FIG. 3, the group membership precondition includes a proof that the entity has a particular name, eg, John Doe, and belongs to a target group, and that target group of that entity The connection to is clearly indicated by the signature of the appropriate GMC stakeholders. According to the GMC example of FIG. 4, the group membership precondition includes proof of membership of a precondition group of another name, and the connection of the precondition group of that name to the target group is also GMC. Explicitly signed by the appropriate stakeholders.

  Therefore, the validity of a group membership certificate (GMC) is determined by the presence of a valid cryptographic signature by the required interested parties of that GMC, which sets the group membership prerequisites for one or more target groups. Connect with membership. Stakeholders are identified by the name of one or more target groups and the name of the group or individual specified in the group membership prerequisite (GMPC). According to one embodiment of the present invention, one type of stakeholder, referred to as a “to-the-group” stakeholder, grants permission to join the target group. Is granted. Extension of a set of entities belonging to a target group requires the signature of a stakeholder in the certificate. Another type of stakeholder, called a “from-the-group” stakeholder, is identified by the group name. Such a group name contains, directly or indirectly, the public key of the authorized person whose permission is required to use the group membership as a decision factor. For example, the From Group stakeholder grants permission for one group entity to become a member of another group or to bind additional information, such as rights, to proof of membership in that group. To do. In order to allow the use of a proof of membership of a group as a prerequisite for membership of the target group, the GMC needs the signature of the From The Group stakeholders. The From The Group stakeholder signature is also required for other certificates that bind information to the group, such as a certificate that grants the right to require membership in the group as a prerequisite.

  The name of the group appearing in the group membership certificate (GMC) is composed of a plurality of parts regardless of the precondition group or the target group. First, the group name contains sufficient information to determine the encryption public key of each to-the-group stakeholder. Secondly, the group name contains sufficient information to determine the encryption public key of each from the group stakeholder. An example of a format of information describing a set of stakeholders is to explicitly list the stakeholders' public keys. Alternatively, a set of identifiers that convert the identifier into a unique ID certificate that binds the public key may be used. Optionally, the name of the group includes one or more unambiguous identifiers that serve to distinguish the group from other groups that have the same to-the-group and from-the-group stakeholder pairs. May be included. Examples of unambiguous identifiers include text common nouns, digital images, digital sounds, cryptographic hashes of these identifiers, or combinations of these identifiers.

  The group membership certificate (GMC) shown in FIG. 3 includes one group membership prerequisite (GMPC) that requires proof that the entity is given a name. In addition, the GMC contains the name of one target group of the group to which the certificate grants membership. The target group name is derived from an unambiguous identifier and the identifier of the to-the-group stakeholder represented by any number of variables m and the identifier of the from-the-group stakeholder represented by the variable n. Become. To enable the binding of the prerequisite entity name to the target group name, the GMC of FIG. 3 includes the signatures of the target group's to-the-group stakeholders 1-n. As described above, to-the-group interested parties 1 to n of the target group in FIG. 3 expand the target group membership to include the prerequisite entity name specified in the GMC of FIG. be able to. Since the GMC of FIG. 3 does not require proof of group membership as a prerequisite to membership in another group, the validity of the GMC does not require the signature of the From The Group stakeholders.

  The group membership certificate (GMC) shown in FIG. 4 includes an arbitrary number of group membership preconditions (GMPC) consisting of the number of precondition group names represented by the variable k. In order to gain membership in the target group, it is necessary to prove the membership of the corresponding prerequisite group. This GMC is designed to verify GMC validity signature requirements when group membership is used as a prerequisite for GMC. The names of the groups whose memberships are listed as prerequisites for the GMC in FIG. 4 are named to the group stakeholder represented by any number of variables m, and from the groups represented by variables n. With group stakeholders. These variables are within the range of the name of the precondition group, and different values of m and n can be used in each precondition group name of GMC. In order to validate the binding of the prerequisite name to the target group name, the GMC of FIG. 4 includes signatures of two types of stakeholders. The GMC of FIG. 4 includes the From The Group stakeholder signature of the group whose membership is listed as a prerequisite. Also, the GMC of FIG. 4 requires the signatures 1 to n of the to-the-group interested parties of the target group of FIG. 4 so that the members of the prerequisite group specified in the GMC of FIG. It is possible to expand the membership of the target group by including an entity that can prove the ship.

  A system that implements the present invention learns about group membership by examining each of the group membership certificates (GMC), which basically consists of a description of group membership. The system initially considers the group empty. Such a system then examines the GMC and learns sufficient conditions for an entity to become a member of a group. In one embodiment of the invention, if the system learns that multiple GMCs contain different group membership preconditions (GMPC) with the same target group, it satisfies the precondition of any certificate Suppose that the entity is sufficient to gain membership in the target group. Thus, a system that does not have access to each of the GMC errors issued to the entity that is excluded from group membership and to the introduction or addition of further GMC to the system has membership in the given group The number of entities can be increased, but not decreased. Thus, the GMC can be verified without making an inquiry to the central server. Thus, unlike the Kerberos system, there is no single point of failure.

  The two group names are the first group name To The Group Stakeholder and From The Group Stakeholder, the second group name To The Group Stakeholder and From -Same as a set of stakeholder of the group, and when the unambiguous identifier of the first group name is the same as the unambiguous identifier of the second group name, to name the same group Become.

  In the present invention, GMC can be applied to various situations. One application of the present invention is the generation, evaluation, and enforcement of security policies (SPs) that describe the allowed relationships between participants, resources, and / or rights. The relationship between participants, resources, and / or rights is granted by corresponding stakeholders and is enforced by one or more guards that mediate access to the participant's resources, if any, according to rights. .

  FIG. 5 shows an example of a system that implements enforcement of mandatory access control security policy (SP) using the present invention. This system is implemented using one or more nodes. A node typically includes a processing unit (not shown) such as one or more CPUs, microprocessors, embedded controllers, digital signal processors (DSPs) that execute code, programs, and / or applications. Each node may be one or a combination of wired or wireless nodes, clients, servers, routers, hubs, access points, and other known devices that communicate with other devices using resources.

  In one example embodiment, the node of FIG. 5 is connected to the node via a partition that runs on hardware under the control of a separation kernel (SK), and a wired or wireless network. Includes any number of clients. According to an example embodiment of the present invention, the node is executed under the control of SK. An example of the SK class that can be used in the present invention is “US Government Protection Profile for Separation Kernels in Environment Requiring High Robustness” published by the National Security Agency (NSA). The Protection Profile (PP), entitled “US Government Protection Profile of Separation Kernels (SKPP)”, which is incorporated herein by reference in its entirety. The present invention uses all types of computing models such as client-server mode with or without SK, real-time and non-real-time distributed networks, central networks, peer-to-peer networks, embedded systems, etc. It should be noted that it can be used in any system or network that does.

  According to an example embodiment of the present invention, at least one node shown in FIG. 5 is executed under the control of a corresponding separation kernel (SK). Each separate kernel provides its host software program with highly guaranteed partitions and information flow control characteristics that cannot be prevented and avoided. An isolated kernel is a hardware and / or software mechanism whose main function is the creation of multiple partitions of a node. A partition is an abstraction implemented by a decoupled kernel from resources under its control according to configuration data that implements all or part of one or more security policies (SPs). More specifically, the present invention uses a security policy signed by a stakeholder that implements the security parameters of the system. Each isolated kernel partition includes at least one object and / or resource. A target is an entity within the scope of control of a node that performs a function, and the function is, for example, an inter-node communication function. Resources are used individually or simultaneously by the target, allowing the target to access information in the resource. Participants of the system of the present invention are realized in nodes, partitions or objects defined by one or more separate kernels in the same node or in different nodes connected to each other via one or more communication channels. .

  A node operating under the control of a separate kernel (SK) protects objects and resources executed on partitions on the node from information flows that violate security policies (SP). The separation kernel separates resources into policy-based equivalence classes and controls the information flow between objects and resources assigned to partitions according to the separation kernel configuration data. In one embodiment, a node consists of hardware resources that run a single isolated kernel, where the isolated kernel is between multiple partitions of the node and / or its range according to the configuration data of the isolated kernel Control the flow of information within. In particular, each node runs its own isolation kernel, which protects its node-specific resources. Preferably, the specification of the separate kernel configuration data is unambiguous, and the examiner determines whether a connection is allowed (possibly using a tool) according to the policy and each resource allocation rule specified by the policy. ) What you can do.

  The present invention uses a variety of tools to generate or obtain public and private keys and digitally signed authorizations necessary to implement the desired security policy (SP). Each node has an associated node identification (NI) consisting of a public key and private key pair. Each partition in the node has a corresponding partition identification (PI). The PI of each partition consists of a pair of values consisting of the NI public key of the node where the partition was created and a unique index that refers to that partition on the node.

  In the system shown in FIG. 5, guards are implemented in partitions that can be trusted to protect the file system resources of the partitions. The guard must ensure that the client acting as a participant does not have access to the file system partition if the access is not consistent with the security policy (SP). The file system partition can only be accessed by clients that meet the security policy. In one embodiment, the file system partition attempts to satisfy each proposed request and does not participate in the security policy enforcement. Instead, a guard implements a policy that protects one client's data from other clients. The network connects the client to a guard partition that acts as a reference monitor for the file system partition. The client can run either a separate kernel operating system or a traditional operating system such as Microsoft Windows® or Linux. In another embodiment, resource stakeholder authorization may also be required for access to the file system.

  The guard can be realized by hardware or software. Examples of guards include a Partitioned Communications System (PCS) and a virtual private network (VPN) implementation. PCS is disclosed in US patent application Ser. No. 11/125099, filed May 10, 2005, assigned to the assignee of the present application and incorporated by reference. PCS supports multi-level secure (MLS) systems, thereby enabling secure distributed communication over many higher level technologies. Thus, the PCS can be used as a building block for a reliable distributed system implementation. The PCS is a communication control element in a node that exchanges data with another node or client via one or more channels. PCS supports data flow policies between partitions controlled by a separate kernel (SK). The PCS deploys a combination of hardware and / or software that provides communication between nodes / clients running or not running under the control of the corresponding SK. In this way, PCS allows the creation of a multi-domain network whose security is independent of physical hardware and protection or independent of specific network hardware.

  In the present invention, the guard shown in FIG. 5 can protect or control a wide variety of resources, including Ethernet switches, network routers, operating system kernels, display monitors, keyboards, mice, Projector, cable set top box, desktop computer, laptop computer, server computer, satellite, sensor, shooter, drone, avionics equipment, video / audio equipment, telephone, mobile phone, telephone switch, television A broadcast device, a television, a database server, a cross-domain guard, a separate kernel, a file server, a video and / or audio server, a smart card, or a PDA.

  In the present invention, a group membership certificate (GMC) is used to group all types of entities that are subject to a security policy (SP). For example, the GMC may be used to create a group of participants that are later associated with rights. Unlike conventional role-based access control (RBAC) systems that associate each individual participant with a desired right, the grouping according to the present invention allows a more concise and manageable statement security policy. The application of GMC of the present invention is higher than traditional role-based access control due to the existence of a pair of individual to the group stakeholders describing the group name and from the group stakeholders Bring expressive power. This stakeholder segregation involves a set of stakeholder trusted to grant an entity to join a group and the membership of that group to gain rights to that group or access to another group. Assigning the right to use is desirable when the set of trusted stakeholders is not the same. For example, a quality control inspector may be trusted to join one radio to a group that represents a standards-compliant radio, but another stakeholder (eg, FCC (US Federal Communications Commission) ))) May be involved in joining the wireless communication device to a group that the wireless communication device can transmit at a specific frequency.

  In another embodiment, a group membership certificate (GMC) can be used to implement a security policy by creating a group of resources. Instead of assigning rights by designating specific resources, the embodiment of the present invention grants rights over each resource of the group of resources defined in the applied GMC. For example, if the resource is a computer file, the file can be a member of a group defined in the corresponding GMC. The set of files defined in this group can be increased by issuing a new GMC. In yet another embodiment, rights can be grouped and participants can be granted each right of a group of rights in a given resource. Further, any combination of GMCs can be combined as a system, and participants, resources, and / or rights can be grouped as needed.

  Thus, the group membership certificate (GMC) of the present invention can be used to enforce a desired security policy. The GMC can be presented to the guard after proving it to the guard that the client satisfies a prerequisite such as having a particular name over the network. This proof is X. In combination with the presentation of the ID certificate of 509, it can be achieved by executing encryption authentication and key setting protocol such as ECMQV. Stakeholders wishing to implement the Bell-LaPadula model for multi-level security using GMC may treat the client as a participant and group according to the security clearance level of the individual using the client. Further, file system partitions may be treated as resources and grouped according to their security level. Factors other than the security clearance level of the individual using the client may contribute to the determination of whether the client should be entitled to access a given file system partition. The present invention can express the components of these decisions individually, and can delegate the satisfaction of each component to different parties without losing control over the outcome of the authorization decision.

  As an example, a stakeholder who controls access to sensitive level top-secret file system partitions may determine that the following conditions are required for read access to those partitions: They are implemented on a secure and secure operating system that the individual using the client has a confidentiality level or higher security clearance level, the client is in a secure facility It is that you are. In addition, this confidentiality level stakeholder knows the individual or institution that is able to determine each of these facts for the client and confirms that each condition is individually verified to the individual or institution that recognizes it. I want to delegate. However, this stakeholder does not want to delegate the ability to use these judgments in other situations to the individual or institution performing the different verifications.

  Using the present invention, a secret level stakeholder designates four groups. The first designated group states that it is a client computer that has been cleared and classified as a confidential level stakeholder and the group's only to the group stakeholder and the only from the group stakeholder Including as a person. This ensures that the security level stakeholder is the only entity that can issue a Group Membership Certificate (GMC) that provides rights to the group and that the security level stakeholder It is guaranteed that it is the only authorized person that can issue a GMC.

  Subsequently, the security level stakeholder designates one additional group for each prerequisite that must be met for access to the top secret file system. The names of these additional groups include institutions that are trusted to verify the conditions as To The Group stakeholders and Secret Level stakeholders as From The Group stakeholders. Yes. This ensures that the delegated stakeholder is the only entity that joins the client to the group that represents the condition verification, and that the secret level stakeholder uses the group of those condition verifications as a precondition. Is guaranteed to be the only interested party that can issue These groups represent the prerequisites for membership in the target group.

  Finally, as shown in FIG. 6, the security level stakeholder signs the Group Membership Certificate (GMC) and the clients who are members of the three groups representing the verification of the preconditions are the security level client group. Can be a member of Confidence level stakeholders are from the group stakeholders in these prerequisite groups and target group to the group stakeholders, so GMC is valid and requires other signatures It is not. If someone wants to access information that requires membership in the Sensitive Level Client Group on a new client computer, he or she will be assigned the To The Designated Secretary stakeholder designated in the Prerequisites Group. Interact with group stakeholders and convince them that the conditions have been met. When the condition verification stakeholder is convinced, the condition verification stakeholder can issue a GMC listing the client computer as a prerequisite entity and a group representing the verified condition as a target group. . Since the condition verification stakeholder is the to-the-group authority listed in the group name and no other groups are involved, the GMC does not require any further signatures. Thus, a new client can become a member of a confidential level client group simply by interacting with a stakeholder who has been delegated a conditional verification stakeholder without engaging with the confidential level stakeholder. it can.

  The present invention can be used to further strengthen the guard shown in FIG. 5 by grouping the resources that the guard protects according to its security sensitivity level. For example, if the two file system partitions of partition 1 and partition 2 have sensitivity level sensitivity, the security level stakeholder can create a security level sensitivity group that includes both resource partitions. This group can be created using a group membership certificate (GMC) for grouping resources as shown in FIG. The guard with the certificates of FIG. 7 can grant rights to the target group participants of those certificates that apply to both partition 1 and partition 2.

  As a further improvement of the system shown in FIG. 5, GMC is used to combine and group rights. For example, when one name conveys a plurality of rights, if the respective rights are read and write, the groups are named read access right and write access right. An entity named “All Controls” can be joined to both groups using the certificate shown in FIG. If the guard owns this GMC, the guard can treat this “all control” entity as possessing read and write rights by membership in the read access right group and the write access right group.

  According to the foregoing, in one example embodiment, the group name is the group's name to make a decision, eg, grant access to a resource, perform a function, or grant membership to another group. The use of membership is directly or indirectly related to the identification of one or more interested parties that require the approval of those interested parties, eg, the public key of these interested parties. In addition, interested parties can sign the encryption certificate to allow it to be added as a member of one or more target groups to the entity of the prerequisite group. Further, as a method of processing an encryption certificate, an encryption certificate that describes at least one precondition including at least one membership of an entity precondition group is received, and the encryption certificate is determined. It is determined whether the precondition group membership is validly signed by at least one of the precondition group stakeholders that need to be approved to use the precondition group membership.

  In one embodiment, each resource of the isolated kernel can be further controlled by one or more resource stakeholders that must authorize access to those resources. For authorization, the one or more resource stakeholders sign a corresponding cryptographic authorization permit (CAP). This CAP is published in US Patent Application No. 11 / 783,359 “SYSTEM AND METHOD FOR ACCESSING INFORMATION RESOURCES USING CRYPTOGRAPHIC AUTHORIZATION PERMITS” dated April 9, 2007, and is incorporated herein by reference. In one embodiment, using each public key, the CAP is signed by one or more resource stakeholders, and the group membership certificate (GMC) is one or more to the group and from. • Signed by The Group stakeholders. Approval of one or more resource stakeholders alone is not sufficient for access to participants' resources. Thus, one or more from the group stakeholders separately approve access to the resources of the prerequisite group members. In this way, the concepts of GMC and CAP may be combined to provide access to rights or resources based on the conditions of membership in the prerequisite group. Indeed, CAP and GMC can be implemented with the same or different certificates.

  In one example embodiment, a split communication system (PCS) mediates interactions over channels according to two security policies: a channel connectivity policy and a resource management policy. The channel connectivity policy defines the connections that can be allowed. This policy is basically an access right control policy that defines all access rights. A resource management policy defines how shared communication resources used to implement a channel are allocated between channels and the extent to which the channel affects (cooperatively or inadvertently) each other through the use of shared resources. Describe.

  A channel is a connection for a one-way flow of input or output information from a source partition to one or more destination partitions residing on the same or different nodes including any physical or logical components Consists of. The read access right allows a message to be read (read) from the channel in the permitted partition, and the write access right allows the message to be written (written) in the channel to the permitted partition. Channels are used to implement point-to-point, point-to-multipoint, or multipoint-to-multipoint communication between nodes. Each channel has a symmetric encryption / decryption key associated with the message being communicated. The symmetric key is a shared secret key between the parties used for message communication over the channel after channel access rights have been granted. The shared secret key is periodically changed according to the definition in the security parameter.

  All communication between partitions at individual nodes of the network is accomplished by communication of messages over the channel, i.e. read or write. Use Group Membership Certificate (GMC) to group one or more partitions as participants who have been granted write access, read access, or both to one or more of the channels be able to. Also, write access rights, read access rights, or both can be grouped using GMC so that they apply to individual participants or channels, or groups of participants or channels.

  Alternatively, an encryption certificate (CAP), signed and issued by one or more resource stakeholders, grants the channel read, write, or read and write access to the partition, and one or more tools. • A Group Membership Certificate (GMC) signed and issued by the Group and From The Group stakeholders if the participant satisfies the specified prerequisite group membership requirements Group participants to access a resource or its group. Each channel has one or more related resource stakeholders that are responsible for granting the necessary access to read messages from or write messages to that channel. The identification of each channel includes the resource stakeholder public key that controls the channel's read and write rights and a unique channel index under the control of the resource stakeholder. Channels that are identified with the same index but with different resource stakeholder controls are considered different channels.

  In the example of the system embodiment shown in FIG. 5, two types of partitions are used: a control partition and an application partition (also called a user partition). Interactions within a node between all partitions are controlled by that node's control partition in conjunction with the isolation kernel. The control partition only interacts with the isolated kernel, other partitions within that node, and the control partitions of other nodes. In some implementations, the partition functionality is implemented using multiple partitions, but each node has at least one of the control partitions. The control partition secures security data values including the node's private and public keys, other nodes' public keys, and cryptographic authorization (CAP) and group membership certificates (GMC) that implement system security. Store (in a way that cannot be secretly counterfeited). The application partition interacts with other partitions of the same node including the control partition via means permitted by the local separation kernel according to the corresponding configuration data and CAP and GMC authorization permission parameters. The control partition provides a mechanism by which the security parameters of the isolation kernel security policy are changed when receiving a CAP or GMC signed by each stakeholder.

  Prior to exchanging messages, the split communication system (PCS) ensures that nodes participating in the communication have consistent configuration data that permits the communication. The PCS initializes and tests each shared resource, such as access hardware / software, encryption hardware / software, etc. For each channel, a transmission channel endpoint (CE) partition performs mutual authentication with each receiving channel endpoint to establish a shared secret key. Encrypted mutual authentication is concerned with granting access to the channel. This authentication consists of identifying the communication object and verifying its access right. Verification of subject identity may be performed by executing the ECMQV protocol to authenticate the identity of the included nodes and / or partitions. Successful execution of this protocol will result in a shared secret that is known only to the authenticating channel endpoint. Verification of the right to communicate over the channel requires verification of the signatures contained in the encryption authorization certificate (CAP) and group membership certificate (GMC) that allow the object access to the channel. Further verification must be performed to ensure that these signatures correspond to the stakeholders identified as responsible for protecting the channel in identifying the channel. Finally, match the subject whose channel endpoint is specified in CAP and GMC with the subject whose identity has been verified in the previous step. If the above steps are successfully performed at all channel endpoints, the shared secret key will be used for encryption and decryption of messages exchanged over the channel.

  When the initialization of the shared resource and the channel is completed, the divided communication system (PCS) is notified that the channel is ready to exchange messages. Access to the channel requires the individual permission of one or more interested parties that are responsible for issuing cryptographic certificates (CAPs) or group membership certificates (GMCs) in accordance with published security policies . Access to the channel via CAP and / or GMC may require separate authorization by multiple authorities. As mentioned above, the present invention uses a policy signed by the authority that enforces the security parameters. In one example embodiment, the signed policy includes a list of CAPs and a GMC and a corresponding stakeholder public key. The policy is signed by one or more interested parties responsible for protecting the channel and one or more interested parties responsible for controlling group membership. The combination of GMC and CAP results in the implementation of a highly extensible security policy in any information system. The GMC can group participants into equivalent classes that the CAP can use as a precondition instead of participant identification, thereby avoiding repetition. Furthermore, transitive coupling via GMC provides further extensibility by allowing groups to be defined in terms of associative and separable combinations with other groups. This is in contrast to other schemes that link roles (or attributes) directly to participants.

  As stated above, authorization for grouping entities is based on public keys issued by one or more interested parties, and each group membership certificate (GMC) is digitally signed by that interested party. It will be appreciated that, consisting of cryptographic certificates, grouping entities requires one or more stakeholder cryptographic signatures that control the preconditions that allow such entity groupings.

The present invention enforces a security policy without placing a prior limit on the number of nodes in the system. Also, the present invention does not require any restriction on the number of recognized security domains or the information flow policy enforced in those domains. As a result, the security policy of the system can be dynamically changed as necessary without changing the deployed software. In addition, the system created in the present invention does not rely on access to third parties (including authorized persons or interested parties) to perform the verification. Verification can be performed by any entity that processes the group membership certificate (GMC) and the stakeholder public key. Such a system continues to function with little or no degradation in performance or security even when any node is missing or fails. The present invention can be used for military applications, security level information, restricted matters that only business personnel need to know, banking, and clearing centers that use separate partitions for separate accounts.

Claims (14)

A system for processing digital encryption certificates,
Multiple entities,
One or more digital group membership certificates stored on one or more tangible non-transitory computer readable storage media, each group membership certificate having one or more prerequisites The one or more digital group membership certificates comprising a group name and one or more target group names;
One or more stakeholder implemented by a hardware resource that acts as one or more prerequisites from the group stakeholder, prerequisite to the group stakeholder, and target group stakeholder The group membership certificate is received by the one or more prerequisites from the group stakeholder permitting an entity name of the one or more prerequisite groups to be an entity name of another group. One or more preconditions to the group that are valid if digitally cryptographically signed and the group membership certificate allows membership in the one or more precondition groups. Describe your stakeholders And, as a condition for making a decision to add the entity name of the another group by one or more signatures of the certificate by the one or more prerequisite from the group stakeholders, Use of membership in the one or more prerequisite groups authorized by one or more prerequisite to the group stakeholders is further permitted, and the group membership certificate The one or more target groups are digitally cryptographically signed by the one or more target group stakeholders that allow the entity name to be added to the one or more target groups With other stakeholders
A node receiving a digital encryption certificate from the entity, wherein the node examines the one or more group membership certificates and the received encryption certificate identifies the corresponding entity as the valid entity; If effectively associated with a prerequisite group included in the group membership certificate, the corresponding entity name is added to the target group specified in the one or more valid group membership certificates. A system for processing an encryption certificate, comprising: the node. The encryption of claim 1, wherein the determination relates to at least one of joining an entity to another group membership, granting access to a resource, granting a right, or performing an action . A system for processing certificates . The system of claim 1, wherein the name of the at least one prerequisite group is associated with the identification of the prerequisite from the group stakeholder. 4. The system for processing an encryption certificate of claim 3, wherein the identification of the at least one prerequisite from the group stakeholder includes a public key of the stakeholder. The system of claim 1, wherein the encryption certificate is further signed by one or more resource stakeholders that control access to rights or resources. One or more of the prerequisite from the group stakeholders allow the entity of the at least one prerequisite group to be an entity of at least one target group, and the encryption certificate includes the at least The system for processing an encryption certificate of claim 1, further signed by at least one target group stakeholder allowing the entity to be added as a member to a target group. The at least one precondition relates to at least one of membership, physical characteristics, non-physical characteristics, temporal characteristics, non-temporal characteristics, location characteristics, or location characteristics of another entity group; A system for processing the encryption certificate according to claim 1. The name of the at least one prerequisite group is
The name of at least one prerequisite from the group stakeholder that allows an entity of said at least one prerequisite group to be a member of a group of another entity ;
Wherein and at least one name of a prerequisite to-the-group stakeholders to allow membership of the at least one prerequisite group entities, the system for processing encryption certificate of claim 1. 9. The system for processing an encryption certificate of claim 8, wherein the name of the at least one prerequisite group further includes an unambiguous identifier of the at least one prerequisite group. The name of the at least one prerequisite from the group stakeholder includes the public key of the at least one prerequisite from the group stakeholder, and the at least one prerequisite from the group stakeholder 9. The system for processing an encryption certificate of claim 8, wherein a signature includes an encryption signature of the encryption certificate created using the stakeholder's private key. The name of the at least one target group is
The name of at least one target group stakeholder that permitted in the at least one membership of another group entity members of the target group,
The system for processing an encryption certificate of claim 6, including a name of the at least one target group stakeholder authorizing the entity to become a member of the at least one target group. 12. The system for processing an encryption certificate of claim 11, wherein the name of the at least one target group further comprises an unambiguous identifier of the at least one target group. The name of the at least one target group stakeholder includes the public key of the at least one target group stakeholder, and the signature of the at least one target group stakeholder includes the secret key of the at least one target group stakeholder. The system for processing an encryption certificate according to claim 11, comprising an encryption signature of the encryption certificate created using. The system for processing an encryption certificate of claim 1, wherein an entity includes at least one of a participant, resource, or right that uses a hardware resource to access the system .

Images