WO2012120313A1 - A cryptographic system and method - Google Patents

A cryptographic system and method Download PDF

Info

Publication number
WO2012120313A1
WO2012120313A1 PCT/GB2012/050535 GB2012050535W WO2012120313A1 WO 2012120313 A1 WO2012120313 A1 WO 2012120313A1 GB 2012050535 W GB2012050535 W GB 2012050535W WO 2012120313 A1 WO2012120313 A1 WO 2012120313A1
Authority
WO
WIPO (PCT)
Prior art keywords
cryptographic
user
request
user entity
cryptographic material
Prior art date
Application number
PCT/GB2012/050535
Other languages
French (fr)
Inventor
Kevin Sloan
Chris GREENGRASS
Original Assignee
Amethyst Cryptographic Services Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Amethyst Cryptographic Services Limited filed Critical Amethyst Cryptographic Services Limited
Priority to GB1315678.1A priority Critical patent/GB2502230B/en
Publication of WO2012120313A1 publication Critical patent/WO2012120313A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to a cryptographic system and method and, more particularly, to a system and method for managing cryptographic services on behalf of a plurality of user entities located remotely from the system.
  • Cryptography is increasingly relied on as a means for protecting confidentiality and identifying the authenticity of digitally generated documents and other data.
  • data is encrypted and decrypted using cryptographic keys or other cryptographic material such as digital certificates. Accordingly, once a document is encrypted, cryptographic material suitable for decrypting the document must be available to those with authorised access to the content of the data file. At the same time, however, it is important that the cryptographic material is stored confidentially, to prevent unauthorised access to the contents of the data file.
  • an organisation requires a digital certificate for the purpose of encrypting, decrypting, digitally signing and verifying the authenticity of digital communications with a particular end point application or entity.
  • the organisation may wish to submit documents associated with a patent application to a patent office and receive authenticated confirmation of receipt, using an online filing application established and run by the patent office.
  • the organisation first configures their hardware to generate a public-private key pair.
  • the public key is then added to a certificate signing request, and transmitted to a Registration Authority together with adequate credentials to allow the Registration Authority to authenticate the identity of the organisation.
  • the registration authority will pass the signing request on to the Certificate Authority, which will issue a digital certificate comprising the Certificate Authority's root signing key wrapped around the public key generated by the organisation.
  • the certificate is then sent to the organisation, and installed on their systems to enable cryptographic functions to be performed.
  • digital certificates are issued for finite periods of time, typically 1 year, and must therefore be periodically renewed or re-issued.
  • a digital certificate is compromised in some way, for example through the loss or theft of a portable computing device on which the certificate is installed, it is necessary to replace the certificate to protect future communications.
  • a digital certificate is only valid for the particular end point application/entity for which it was issued, and the process must be repeated for each end point application used by the organisation. For example, if they wish to exchange communications with a different patent office, a different digital certificate will be required. The steps required to obtain digital certificates and the procedures for performing cryptographic operations can differ significantly between different end point applications.
  • PKI Public Key Infrastructure
  • WO 00/33506 Al that prior art provided for a system for provision of a hosted secure electronic messaging facility whereby a client computer with a browser communicates with a local application and the electronic messages are encrypted in storage via hosted hub, and protected by encryption in transit between hubs.
  • This example of prior art has a limitation in that it provides for secure electronic messaging only and provides limited interface to any other system.
  • This example of prior art also only relates to handling of a client "passphrase" for authentication purposes.
  • the present invention can provide support for a plurality of applications, outside of the system boundary, including not just electronic messaging, but also secure data storage and secure electronic transaction processing.
  • the present invention can also support a plurality of methods of authentication, not just "passphrase” authentication as allowed for in this example of prior art.
  • WO 02/43316 A2 HETLOCKER
  • prior art provided a method for secure electronic document exchange using a prior and specific method of cryptography that involves distribution of encryption/decryption software by means of Java "applets”.
  • the present invention can provide support for a plurality of applications, outside of the system boundary, including not just electronic document exchange, but also secure messaging, secure data storage and secure electronic transaction processing. Is also deliberately does not rely on software downloaded from the system to any end point. Rather the present invention allows for the use of industry standard hardware and software components.
  • a system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system comprising: - storage means for storing cryptographic material for each of the user entities;
  • interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
  • authentication means for identifying the user entity based on said authentication information
  • cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
  • a system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system comprising: - storage means for storing cryptographic material for each of the user entities;
  • interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
  • authentication means for identifying the user entity based on said authentication information
  • cryptography means for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
  • the present invention relies on authentication techniques to ascertain the identity of a user entity, in order to permit or deny access to cryptographic operations. This contrasts with prior art techniques, in which the ability to perform a cryptographic operation is determined by physical possession of the necessary cryptographic material .
  • the present invention allows a third party to take on the complexity associated with managing and maintaining cryptographic material for a multitude of end applications.
  • a user entity may be an individual user or an organisation such as a company. In the case where the user entity is an organisation, the request and associated authentication information may be received from a user within the organisation.
  • the reference to a user entity being located remotely from the system means a user entity having a user computing system which is located remotely from the system.
  • the user computing system may comprise one or more user devices.
  • the cryptographic material associated with a user entity is preferably unique to said user entity.
  • the system preferably further comprises access rights storage means (for example one or more access rights storage modules) for storing access rights data associated with each of said user entities, and determining means (one or more determining modules) for determining whether the cryptographic operation (s) requested by a user entity are permitted in accordance with the access rights stored for the user entity as identified by the authentication means, and permitting only those operation (s) which are permitted by said access rights to be performed.
  • access rights storage means for example one or more access rights storage modules
  • determining means one or more determining modules
  • the ability to access encrypted data files, and to perform other cryptographic operations is controlled by ascertaining the identity of a user entity, and then determining what operations may be performed by that user entity. This contrasts with prior art techniques, where access to the content of encrypted data files and the ability to perform other cryptographic operations is controlled by controlling availability of the cryptographic material required to decrypt the files.
  • the access rights storage means is preferably configured to store access rights data for users within the organisation.
  • the access rights storage means may also be configured to store access rights details associated with the organisation.
  • the access rights data stored in the access rights storage means may also be associated with a specified data file or group of data files.
  • a user A within an organisation creates a data file X
  • user A may specify these requirements when they submit the initial request for file X to be encrypted.
  • the system will interpret these requirements and store appropriate details in the access rights storage means.
  • the cryptographic material stored in the storage module may comprise cryptographic keys and/or digital certificates .
  • the cryptographic operations performed by the system preferably include encryption of specified data and decryption of specified data. They preferably include digital signing of specified data and verification of digital signatures and data. They preferably include re-keying of data .
  • Encryption of data comprises encrypting data using a key or other cryptographic material, preferably in accordance with a protocol previously specified by the user entity, and stored with the system in association with said user entity.
  • Decryption of data comprises decrypting data using a key or other cryptographic material, preferably in accordance with a protocol previously specified by the user entity, and stored with the system in association with said user entity.
  • Digital signing of data comprises generating and attaching to the data a digital signature which can be validated by other parties, for example to authenticate the identity of the sender, to verify that the contents has not been changed in transit, and/or to add a trusted time-stamp which records the date and time of signing.
  • Digital signing may be based on ownership of a digital certificate.
  • a "hash”, also known as a message digest, or reliable cryptographic checksum, of digitally signed data can also be generated for use in subsequent verification of the signature .
  • Verification of digital signatures and data comprises verifying the veracity of a digital signature and/or the data that the signature protects. If either the signature or the hash is invalid, an error message may be returned.
  • Re-keying of data comprises replacing the cryptographic material with which data is encrypted with new cryptographic material. For example, replacing the key with which data is encrypted with a new key in accordance with the same or a revised protocol.
  • Re-keying of data may be performed on demand by the user entity who owns the data, in order to refresh or change the key and/or protocol with which the data is protected. This may be done regularly, or in response to a possible compromise of the key or protocol which protects the data.
  • the request to perform one or more cryptographic operations may specify one or more data files to be subject to said operations.
  • the specified data file(s) may be, for example, new data files generated by the user entity and which may require encryption, or existing data files which the user entity wishes to read or amend, and which may require decryption.
  • the system may further comprise data retrieval means for obtaining data specified in the request from the user.
  • data retrieval means for obtaining data specified in the request from the user.
  • this will typically be received by the system from the user entity.
  • this may be received from the user entity, or from a data centre connected to the system via a network such as the internet.
  • Each user entity will typically access the system using a computing device such as a server computer, personal computer, laptop or mobile telephone, which may be connected to the system via a network such as the internet.
  • a computing device such as a server computer, personal computer, laptop or mobile telephone, which may be connected to the system via a network such as the internet.
  • a secure connection such as a virtual private network (VPN) session may be established between each user entity's computing device and the system.
  • VPN virtual private network
  • the system is also configured for managing cryptographic material for a plurality of user devices located remotely from the system.
  • the system further comprises :- interface means for receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
  • session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations;
  • the system is also capable of temporarily providing cryptographic material to user devices located remotely from the system.
  • the preferred and optional features of the fifth to ninth aspects of the invention also apply to this embodiment.
  • a method of managing cryptographic operations on behalf of a plurality of user entities comprising: - storing in a storage means cryptographic material for each of the user entities;
  • a method of managing cryptographic operations on behalf of a plurality of user entities comprising: - storing in a storage means cryptographic material for each of the user entities;
  • the method may be performed by a system located remotely from said user entities.
  • the method preferably further comprises :- storing access rights data associated with each of said user entities in an access rights storage means; and determining whether the cryptographic operation (s) requested by a user entity are permitted in accordance with the access rights stored for the user entity as identified at the authentication step; and
  • the method preferably further comprises the step of obtaining data file(s) which is/are to be subject to said cryptographic operations.
  • the method may further comprise the step of establishing a secure connection between a user entity's computing device and a system performing the management method of the invention.
  • a system for managing cryptographic material for a plurality of user devices located remotely from the system comprising: - interface means for receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
  • session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations;
  • erasure means for causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session.
  • the system may comprise generating means for generating cryptographic material for provision to each user device.
  • the system may further comprise storage means for storing cryptographic material for each user device.
  • a user device is able to perform encryption and decryption of data using cryptographic material provided by the system.
  • a user device is able to produce electronic signatures attached to data for the purpose of enabling third parties to authenticate that data, using cryptographic material provided by the system.
  • the system may comprise monitoring means for monitoring the cryptographic material used by a user device in a cryptographic session, to enable the same cryptographic material to be provided to said user device in a later cryptographic session.
  • the system may provide a cryptograph key to a user device to enable the device to encrypt a document during a first cryptographic session. Then, if it is required to decrypt that document in a later session, the system is able to identify the relevant cryptographic material, and to provide this to the user device for the purpose of the decryption operation.
  • the system may comprise interface means for receiving authentication information for identifying a user entity of the user device. This may be the same interface means which receives the authentication information for identifying the user device, or a separate module.
  • the system may comprise authentication means for identifying the user entity. This may be the same authentication means which identifies the user device, or a separate module.
  • the session management means is preferably configured to establish a cryptographic session, only in the event that the user device and the user entity are successfully authenticated .
  • an unauthorised user gains access to one of said user devices, they will be unable to establish a cryptographic session.
  • cryptographic material is only ever held on a user device temporarily, an unauthorised user of a device is prevented from obtaining access to cryptographic material and will thus be unable to decrypt any encrypted data which may be stored on the device. They will also be prevented from masguerading as the authorised user, and issuing fraudulent signing operations. Accordingly, the present invention provides enhanced security as compared with prior art systems.
  • a further advantage of the present invention is that the system may utilise functionality located on or otherwise associated with the user devices.
  • a device "attestation" function can be used to check the integrity of the device before commencement of cryptographic operations, or utilised as part automation of the registration process.
  • a reliable clock source located on a user device can be used for time-stamping operations.
  • Each user device is preferably registered with the system.
  • a digital certificate is issued to a user device on registration with the system, to allow for authentication of said user device by the system.
  • the system may be configured to apply conditions of registration which must be met by each user device, for that user device to be registered with the system. For example, certain security and/or integrity characteristics may be required .
  • a user device may be required to be capable of generating a public/private cryptographic key pair.
  • the private key of said pair is preferably immutable and unavailable outside its trusted environment.
  • the public key of said pair is preferably made available as part of the registration by the system of the respective device.
  • a condition of registration may be that the device and/or the computer operations location at which the device is installed is certified to a recognised standard. For example, ISO/IEC 27001.
  • the system may also specify other technical and/or non-technical requirements, standards and/or protocols for conformance, and/or means of assurance of conformance, as conditions for registration. For example, by evidencing of test outcomes and management of security vulnerabilities.
  • the system may also be configured to provide two or more registration regimes, each having a different level of rigor.
  • the system may be configured to indicate within the digital certificate issued as part of registration which regime has been verified as applying. This may be referred to as the system "trust level”.
  • Examples of user devices which may be registered with the system as trusted include: a Hardware Security Module (HSM) ; a software security module (SSM) running on a Trusted Computing Base (TCB) ; a TCB itself; a cryptographic co-processor; a Trusted Platform Module (TPM) ; a virtualised TPM running on a TCB; a personal electronic device (PED) which containing a Subscriber Identity Module (SIM) with enhanced trusted computing functions; or any multiples or permutations of the aforementioned examples.
  • HSM Hardware Security Module
  • SSM software security module
  • TPM Trusted Platform Module
  • PED personal electronic device
  • SIM Subscriber Identity Module
  • the system is also configured for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system.
  • the system may further comprise :- storage means for storing cryptographic material for each of the user entities;
  • interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
  • authentication means for identifying the user entity based on said authentication information; and cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
  • the cryptography means may be for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material .
  • the system is also capable of performing cryptographic operations on behalf of a user entity even if their user device is not registered with the system. In such circumstances, cryptographic operations are performed by the cryptography means on the system, and cryptographic material is retained within the physical service boundary of the system.
  • a distributed system for managing cryptographic material comprising a system as described herein, and one or more user devices located remotely from the system.
  • a user device for use with a system for managing cryptographic material, the user device comprising : - interface means for transmitting to the system a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request, and for requesting and receiving cryptographic material from the system once a session is established;
  • cryptography means for performing cryptographic operations using said cryptographic material during a cryptographic session
  • erasing means for deleting cryptographic material provided by the system on termination of a cryptographic session e.g., a computer program product which, when installed on a user device enables said user device to:- register with a system for managing cryptographic material;
  • a ninth aspect of the invention there is provided a method of managing cryptographic material for a plurality of user devices located remotely from the system, the method comprising: - receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request ;
  • Figure 1 shows a cryptographic management system which embodies the present invention
  • Figure 2 illustrates the cryptographic management system of figure 1 in more detail
  • Figure 3 illustrates an alternative embodiment of the present invention
  • Figure 4 illustrates a UML use case diagram of an embodiment of the present invention.
  • Figure 5 illustrates a UML use case diagram of a prior art system, for comparison with the diagram illustrated in figure 4.
  • Common reference numerals are used where elements, module or components are common to more than one embodiment or more than one figure.
  • the cryptographic management system 10 is connected to a plurality of end user environments 12 by a network such as the internet.
  • Each end user environment 12 represents the computer system (s) of a particular user organisation or user entity.
  • Each end user environment 12 comprises a plurality of computing devices 13, which may include mobile telephones, laptop computers, personal computers and servers, operated by users from within the user entity.
  • the cryptographic management system 10 is also connected by a network such as the internet to one or more data centres 14 which provide a data storage service.
  • the data centres 14 are further connected by a network such as the internet to the end user environments 12.
  • the cryptographic management system 10 provides a trusted and secure environment which carries out cryptography functions, such as encrypting and decrypting data files, on request from a registered user from within a user entity of the system.
  • the data centres 14 provide external file storage and file management services for the user entities.
  • Figure 2 illustrates the cryptographic management system 10 in more detail.
  • the cryptographic management system 10 comprises an abstracted interface module 20, through which users within a user entity interact with the system to perform cryptographic operations.
  • the abstracted interface module 20 provides a graphical user interface which can be accessed by users of the system. Alternatively, or in addition, the abstracted interface module 20 may provide an automated mechanism which operates under software control without user intervention.
  • the abstracted interface module is used to submit a request for cryptographic services to the system.
  • the graphical user interface (if present) may prompt the user to provide authentication credentials, details of cryptographic operations to be performed, and to attach any relevant data/documents/files.
  • the abstracted user interface module extracts the data input by the user, converts this to the required format, and passes this on to other modules within the system for subsequent processing.
  • the abstracted interface module 20 is a high level language interface.
  • the programming interface is "key-less" in the sense that all keys and other cryptographic material used in the encryption, decryption and digital signing of documents are held and managed internally within the cryptography management system 10, as described in more detail below. Accordingly, the end user does not need to possess cryptographic material to access the content of encrypted files or perform other cryptographic operations. Rather, access to cryptographic operations provided by the system is granted or denied on the basis of authentication of the identity of the user and the access rights policy in place for that user, as described in more detail below.
  • the system optionally further comprises a legacy interface module 21, by means of which the cryptographic management system 10 is able to manage cryptographic operations for any legacy applications used by the user entity, which require the physical possession of cryptographic material by the user.
  • the legacy interface module 21 provides a graphical user interface, and/or an automated mechanism, which is substantially similar to that of the abstracted interface module 20. This allows the system to provide cryptographic services transparently, in the sense that the user/user entity is unaware of a difference in use between legacy applications using the legacy interface module 21 and new applications using the abstracted interface module 20. It is thus straightforward for user entities to manage cryptographic operations for a wide variety of applications, both new and old.
  • a user/external device authentication module 22 is connected to both interface modules 20, 21.
  • the user authentication module is configured to receive users' authentication credentials from the relevant interface module, and then to verify the authentication of a user by means of, for example, a username and password, RADIUS authentication, two factor authentication, and/or service issued third party digital certificates.
  • Such authentication means are referred to herein as "identity tokens”.
  • the device authentication module 22 is connected to an identity token provisioning module 23, which performs the authentication operation and provides an identity token in the event of successful authentication.
  • the identity token provisioning module 23 is configured to support diverse authentication methods, as listed in the preceding paragraph, to allow users or external devices to authenticate their identity. Unlike prior art systems, the need for external distributed certificate revocation lists is removed, as the issuing authority for all certificates is a module located within the system.
  • a central control module 24 is connected to the interface modules 20, 21 and to the user authentication module 22. The central control module 24 is configured to start a cryptographic operation session on receipt of an identity token issued on successful authentication of a user by the authentication and identity token modules. If an identity token is not issued in association with a particular request, the central control module will trigger the relevant interface module to return an error message to the user without starting a session.
  • the central control module 24 receives details of the requested operation (s) from the interface module 20. These details, together with user details contained in the identity token are looked up in an access rights policy database 25.
  • the access rights policy database stores details of access rights for each registered user. These details indicate whether a requested cryptographic operation may be performed on behalf of that user.
  • the access rights database may comprise general access rights details, and access rights details which relate to specific data files. For example, the database may specify that a user A is entitled to create and send encrypted, digitally signed documents in a specified application. It may also specify that user A is entitled to read and overwrite a specified data file X. By default, access rights are positively specified.
  • a key management and storage module 26 is connected to the central control module.
  • the key management and storage module is configured to create, transport, refresh, archive and destroy cryptographic material including cryptographic keys and digital certificates, as required in order to perform requested cryptographic operations.
  • the central control module 24 is configured to identify the cryptographic material required to perform a requested operation, and obtain this from the key management and storage module 26. This may involve, for example, requesting an existing stored key or the generation and storage of a new key.
  • the central control module 24 determines whether a data file is required in order to complete the requested operation and the location of that file, and then obtains the file for processing. For example, if a user A requests the system to encrypt a document X, document X may be attached to the user's request. In this case the central control module may obtain the document X from the interface module. In another example, a user B may request access to document X, which is stored in a data centre. In this case, the central control module may obtain the data file from the data centre via a data centre interface module 29.
  • HSMs hardware security modules
  • SSMs software security modules
  • the group of hardware security modules 27 preferably comprises a plurality of industry standard HSMs. Although these HSMs may be provided by different vendors, the complexity associated with vendor specific interfaces is hidden from the users/user entities by means of the interface modules 20, 21, 22. The HSMs do not store application key material within them, as this is stored in the key management and storage module 26, which comprises a dedicated HSM (not shown) for this purpose alone.
  • the group of software security modules 28 comprises general purpose computer servers loaded with cryptographic algorithms. Such an arrangement would present an unacceptably high security risk if deployed in a user environment. However, with the present invention, it is possible to locate these computers within the cryptographic management system 10. This is a trusted environment where keys never leave the trusted physical and logical boundary of the system, which significantly mitigates the risks associated with the use of SSMs.
  • the SSMs provide rapid provisioning of cryptographic resources at much higher transactional rates than traditional HSMs. This is particularly desirable during the development phases of projects, as developing cryptographic requirements can be satisfied using SSMs, which avoids the need to procure additional HSMs . Moreover, due to the abstraction provided by the abstracted interface module 20, an SSM resource can be swapped for an HSM resource at the production phase of a project, without any application change.
  • the central control module 24 is configured to locate and select an appropriate security module from the available pool to perform the requested operation. Having selected an appropriate security module, the central control module constructs a set of commands for the security module 27, 28, in an appropriate language or interface.
  • the security module will return the results of the cryptographic operation to the central control module 24, for onward transmission to an appropriate destination.
  • the selected security module will encrypt document X and the central control module 24 will route the encrypted document to the data centre 14.
  • the selected security module will decrypt document X and route the decrypted document to user B.
  • the central control module 24 is further configured to obtain any access rights policy details contained in the user's request, and store these in the access rights policy database 25. For example, in the example where a user A requests the system to store an encrypted version of document X, user A may specify that they should have open-ended read/write access to document X, and that a user B should have open-ended read only access to the document. These details are stored in the access rights policy database 25. Thus, if a user B subsequently requests access to document X, the system will allow them to decrypt the document, but not to encrypt an amended version.
  • the system comprises an auditing module 201, connected to the central control module 24.
  • the auditing module is configured to monitor and record all operations carried out on behalf of an end user, and to provide a digitally signed audit log of all operations carried out by a particular end user or group of users, for inspection by clients or relevant authorities.
  • the audit trail may also be used for the purpose of metering and/or billing clients' use of the system.
  • the system may comprise a web-site "portal", or other interface, intended for access by selected users from within a client organisation. This interface provides a tailored view of the performance "dashboard", audit trail and client account information that is private to that client.
  • the interface also allows access to any controls that are delegated by the system to the client organisation. For instance, it may allow the selected user to register and de-register employees from within the client organisation as individual users within that client group, it may allow the selected user to commence registration of locally hosted devices to the system, and it may allow the selected user to report security incidents to the system.
  • the system may also give the selected user a limited ability to configure or influence certain security policy and access control elements applying to the client organisation.
  • the selected users referred to above are typically senior users from within or otherwise associated with the client organisations. The selected users may have additional technical and non-technical conditions applied to them by the system as compared with other users.
  • Access to the interface is preferably authenticated to at least the same extent as other system authentication mechanisms, and more preferably to a greater extent. This is consistent with an enhanced trust level applying to the selected user.
  • the system may reguire additional "multiple-factor” authentication or "two man” control for access to the "portal" selected user account.
  • the system may also implement a hierarchical system of group, user and device trust and also implement "fine grained access control" aligned to that system of trust.
  • a user entity signs up to use the services provided by the system.
  • the user's credentials are checked by the system and, assuming these credentials are satisfactory, an account is established and details of one or more users (for example, users A, B, C) from the user entity are registered.
  • a user A may create a document
  • X to be stored in a remote data centre, for future availability to himself and other users within the user entity.
  • the document needs to be stored in an encrypted form, for protection against unauthorised access and malicious tampering from outside the user entity.
  • user A wishes to restrict access within the organisation to himself and user B, and to restrict user B's access to read-only .
  • user A may send document X to the cryptographic management system 10 over the network, with a request to store an encrypted version of the document at a specified location in the data centre 14.
  • the request includes authentication information for user A.
  • the request also attaches document X, and includes an indication that user A is entitled to read/write access to the document and that user B is entitled to read only access to the document .
  • the abstracted interface module 20 receives the request and passes the authentication information to the authentication module 22. On successful authentication of user A, the authentication module passes an identity token for user A to the central control module 24. The central control module obtains details of the requested operation, and looks up the rights policy for user A. The central control module finds that user A is authorised to upload encrypted documents to the data centre.
  • the central control module 24 then updates the access rights policy information stored therein, to indicate that user A is entitled to read/write access to the document, and that user B is entitled to read only access. [00123] Accordingly, the central control module 24 forwards the request to the key management and storage module 26. The key management generates a key for encrypting the data, and stores the new key together with details which identify the document to be encrypted. The key is then transmitted to the central control module.
  • the central control module 24 selects a suitable security module 27, 28 to perform the operation, and prepares instructions to perform the operation in a language/interface appropriate to the selected security module.
  • the instructions are forwarded to the selected security module together with the key and the document to be encrypted .
  • the security module 27, 28 encrypts the document according to the instructions, and returns the encrypted document to the control centre for onward transmission to the specified location in the data centre 14, via the abstracted interface module.
  • the central control module 24 also triggers the abstracted interface module 20 to send confirmation of successful completion of the task to user A.
  • user B wishes to access the document.
  • User B sends a request to the system to obtain a decrypted version of the document from the data centre 14.
  • the request includes authentication information for user B.
  • the abstracted interface module 20 receives the request and passes the authentication information to the authentication module. On successful authentication of user B, the authentication module passes an identity token for user B to the central control module 24. The central control module looks up the rights policy for user B, and finds that they are authorised to access a decrypted version of the document.
  • the central control module 24 forwards the request to the key management and storage module 26, which retrieves the key used for encrypting the document, and transmits this key to the control module.
  • the central control module 24 causes the encrypted document to be retrieved from the data centre 14 via the abstracted interface module 20.
  • the central control module 24 selects a suitable security module 27, 28 to perform the decryption operation, and prepares instructions to perform the operation in a language/interface appropriate to the selected security module. The instructions are forwarded to the selected security module together with the key and the encrypted document . [00131]
  • the security module 27, 28 decrypts the document according to the instructions, and returns the decrypted document to the control centre for onward transmission to user B, via the abstracted interface module 20.
  • the central control module 24 also triggers the abstracted interface module to send confirmation of successful completion of the task to user B.
  • User B subsequently amends the document, and sends a request to overwrite the document stored in the data centre 14 with their amended version.
  • the central control module 24 looks up the access rights policy for user B, it finds that user B is not entitled to write access to the document, and an error message is returned to user B and the requested encryption and storage operations are not performed.
  • user C attempts to access the document
  • the central control module 24 looks up the access rights policy for user C, it finds no indication that C is entitled to decrypt the document. By default, if no positive permission is specified in relation to a specific operation and document, permission is denied. Thus, an error message is returned to user C and the decryption and document retrieval operations are not performed.
  • the authorisation module/identity token module require user credentials such as a password or digital certificate to authenticate the identity of a user, this will prevent an unauthorised user or individual gaining access by posing as an authorised user.
  • FIG. 3 illustrates a second embodiment of the invention, in which it is possible for cryptographic operations to be performed locally on an authorised client device 31A, 31B, 31C.
  • the system 30 of figure 3 comprises a public key infrastructure (PKI) module 32, which comprises a device registration module 31.
  • PKI public key infrastructure
  • Other aspects of this embodiment are as described in relation to the first embodiment.
  • the device registration module 31/PKI module 32 are provided for the purpose of issuing digital certificates 32A, 32B, 32C to the external client devices 31A, 31B, 31C, in order to enable transient secure export of system held keys and other cryptographic material to those devices.
  • a Certificate Signing Request (CSR) is submitted to the system by the client device (or a user thereof) .
  • the CSR is routed to the device registration module 31. Once registration checks have been successfully completed, a digital certificate is issued, and returned to the client device by the device registration module 31.
  • 31A, 31B, 31C uses the Transport Layer Security (TLS) protocol, or a similar protocol, to establish a secure mutual authentication channel between the device and the system 30.
  • TLS Transport Layer Security
  • the client device end certificate 32A, 32B, 32C is still valid, the system will act as if the device were a module within the system, subject to any other conditions of trust that apply.
  • 31A, 31B, 31C will forward user credentials required for end user authentication.
  • any attestation function available on the device may be activated.
  • the client device is then able to request cryptographic material from the system's key management storage module (keystore) 26, and may use these to locally conduct cryptographic operations, for example, encrypt, decrypt, sign and/or verify.
  • the session variables are established to allow multiple operations to be requested without re-authentication being required. However, partial or full re-authentication may be required according to a system defined periodic interval, or when triggered by per-transaction based events. This includes a timeout facility to terminate the session at both ends should communications be interrupted.
  • Sessions closure may be initiated programmatically from the device 31A, 31B, 31C and/or the system 30. Session closure also occurs at the expiry of any timeout in the device or the system. This may be referred to as a "time-to-live" timeout period.
  • any locally cached cryptographic material exported by the service is securely erased and put beyond further use.
  • a pre-requisite for registration of a user device with the system is that the user device can be trusted to securely erase cryptographic material received from the system, such that this is put beyond further use.
  • the erasure operation is preferably performed by the device 31A, 31B, 31C itself. If a device which registers with the system 30 does not have the capability to perform the erasure operation itself, the system 30 may provide "agent" software or firmware elements for installation thereon. Such elements may be downloaded and installed manually or automatically after completion of device registration. The "agent" can perform/complete the erasure operation in the absence of a native device capability to perform the same.
  • Other functions may also be provided to the client device by the system, either as part of the "agent” or as separate software/firmware elements, where these functions are not natively available on the device.
  • Such functions may include enhanced TLS verification, or similar, to prevent "man in the middle attacks”; firewall; malware checking and attestation.
  • the device registration module has full PKI capability.
  • Any client device end certificate 32A, 32B, 32C can be revoked at any time, following a client report, or the action of a system operator. For example, if a device were reported lost, or otherwise compromised, if an end user or client were in serious or repeated breach of registration, or service subscription conditions, or a device is detected by the service to have malfunctioned. Lists of revoked device certificates will be published by the system in a Certificate Revocation List (CRL) which is accessible using the Online Certificate Status Protocol (OCSP) . These will be automatically checked at the commencement of each session. The system may also incorporate a mechanism to terminate open sessions of revoked devices in near real-time.
  • CTL Certificate Revocation List
  • OCSP Online Certificate Status Protocol
  • the "agent” or native device capability may also apply advanced OCSP and certificate chain validation and detect revocation early and then immediately purge the local device keystore. If a known stolen device attempts to connect to the system then an operator alert will be raised.
  • the "agent” or native device capability may also log an alert message with the system. This message may include device network and geo-location information, if available.
  • the system may place client devices which are registered with the system into groups. For example, registered devices associated with the same user entity, or a group or category of users within a user entity may be placed in the same group. Devices within the group may be able to access the same cryptographic material.
  • the system will track which cryptographic material is matched to which device, which end user credential and other session conditions, such as when a new session is established under the same conditions the same cryptographic material is supplied to the end point. In this manner, all encrypt /decrypt and sign/verify operations are paired with the correct cryptographic material. This also applies in cases where a replacement device is registered in place of a revoked device: operations and cryptographic material handling proceeds on the basis as if the replacement was the original device.
  • the system will also allow multiple devices to be grouped such that they can simultaneously share certain cryptographic material to enabling working on the same datasets. This will support both high throughput applications requiring a cluster of devices supporting parallel processing and resilience, so that single device failure does not interrupt operations. This will also support device virtualisation and it will be possible to distribute cryptographic processing around devices distributed in a cloud computing environment. This would include a mechanism for system mediated trusted migration from one processing element to another.
  • the system comprises means of transient secure export of cryptographic material to suitably trusted devices outside of the physical service boundary for the purpose of providing localised high performance cryptographic operations with low latency.
  • a device might be customer provided equipment or the device may be leased by the system to a customer for installation at their business premises or place of computer operations .
  • Transient secure export means limiting export of cryptographic material using proven secure means to suitably trusted devices and only for such duration as the use of such cryptographic material is required. Such duration is sometimes referred to as a “time-to-live” (TTL) or timeout period .
  • TTL time-to-live
  • Suitably trusted devices includes those devices that are individually registered with the system as having suitable security characteristics and integrity features, and having successfully completed registration being issued with a system provided digital certificate, using the conventional means of a public key infrastructure (PKI) system component.
  • PKI public key infrastructure
  • suitably trusted devices might include a Hardware Security Module (HSM) , a Software Security Module (SSM) running on a trusted computing base (TCB) , a TCB itself, a cryptographic co-processor, Trusted Platform Module (TPM) , virtualised TPM running on a TCB, personal electronic device (PED) containing a Subscriber Identity Module (SIM) with enhanced trusted computing functions, or any multiples or permutations of the aforesaid.
  • HSM Hardware Security Module
  • SSM Software Security Module
  • TPM Trusted Platform Module
  • PED personal electronic device
  • SIM Subscriber Identity Module
  • Examples also include cryptographic devices yet to be engineered or invented.
  • One minimum characteristic of a suitably trusted device would that it would have the facility to generate a public/private cryptographic key pair, in which the private key is immutable and unavailable outside of its trusted environment but for which the public key can be made available as part of the registration by the system of that device.
  • Another common minimum characteristic is that the device can be trusted, upon command from the system on upon expiry of a system defined duration, to no longer utilise and expunge any cryptographic material passed to it by the system.
  • the system may also identify other minimum characteristics of any device to be registered or any other associated non-technical conditions.
  • a condition of registration might be that the computer operations location at which the device is installed is certified to a recognised standard such as ISO/IEC 27001.
  • the system may also identify further conditions for registration, other technical and non-technical requirements, standards and protocols for conformance and means of assurance of conformance, for example, by evidencing of test outcomes and management of security vulnerabilities.
  • the system might also provide several registration regimes of different levels of rigour and indicate within digital certificates issued as part of registration which regime has been verified as applying (this might be referred to as a system "trust level”) .
  • a device During a period of registration a device would be eligible to receive cryptographic material and system issued instructions which would allow the device to conduct operations locally as if it were part of the system.
  • the system could provide encryption and decryption of data using cryptographic material provided by the system for the duration of the session.
  • the system would track which cryptographic material had been used by a particular device at a particular time and be able to provision the same material at a later time to enable reliable cryptographic operations to proceed (that is, the correct cryptographic key would be supplied for any decryption operation matched to the operation that originally encrypted it) .
  • This differs from prior art in that the device does not permanently hold the cryptographic material, it holds it only for the duration of the operations. In this way, if the device and the data it protects is somehow compromised, for instance, the subject of theft, the cryptographic keys would be unavailable and the plaintext data secure. Whereas in prior art it is often the case with such compromises that both the keys and data are lost and it has to be assumed that the plaintext data is also compromised due to that fact.
  • a device might produce electronic signatures attached to data for the purpose of enabling third parties to authenticate that data.
  • This differs from prior art in that the device does not permanently hold the cryptographic material, it holds it only for the duration of the operations. In this way, if the device is somehow compromised, for instance, the subject of theft, the cryptographic keys would be unavailable, the receiver would be unable to masquerade as the original possessor and issue fraudulent signing operations. Whereas in prior art it is often the case that such compromises would allow a receiver to masquerade as the original possessor as they would have in their possession the signing keys .
  • the system may also take advantage of any functionality that are unique to the registered devices. This includes for the purpose of enhancing system integrity, device integrity or enhancement of the functions available to the system users.
  • This would be the use of a device "attestation" function that can be used to check the integrity of the device before commencement of cryptographic operations or utilised as part of the automation of the registration process.
  • a device incorporating a reliable clock source to undertake time-stamping operations.
  • the system would include other housekeeping functions as is conventional for a PKI for the correct management of digital certificates issued to devices. This includes system support for registration, re-registration, issuance of digital certificates, incident management, maintenance of a system root key issued by a recognised Certificate Authority (CA) , publication of a Certificate Practice Statement and related documentation, the publishing of Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) . CRLs and OSCP would allow the trust level of a device to be either downgraded or revoked entirely in the event that the device fails to maintain service requirements or is notified to the system as lost or compromised. The system may also incorporate additional means to expedite suspension or termination of operations in association with a particular device. [00163] In an embodiment, the method of the invention may comprise : - managing registration, re-registration and revocation of external devices;
  • the method of the invention may comprise : - causing transient export of cryptographic material to a registered external device for the purposes of encryption for the duration of a session;
  • data encrypted by a device is decrypted using transient export of said cryptographic material transferred to the same device, its replacement or a device with the same group membership before the requested cryptographic operation (s) are applied.
  • the transiently exported cryptographic material may comprise one or more cryptographic keys and/or one or more digital certificates.
  • the system of the invention may comprise means to register various suitable devices and device types external to the system (whether owned and operated by the system owner or otherwise) whereby they may have relevant cryptographic material exported from the system to the device in a transient manner for the purpose of allowing operations local to the device using the said cryptographic material for the duration of a system defined transient session only.
  • the system shall stipulate conditions for registration, re-registration and revocation of registration in manner of a PKI .
  • export shall be achieved by secure means of TLS, or similar mechanism, with mutual authentication of system issued digital certificates.
  • condition of registration is based upon device capability for secure generation and storage of private and public cryptographic key pairs (via any current or future schema of asymmetric key cryptography) , the latter being made available to the system for issuance of a device digital certificate.
  • a further condition of registration is that the device shall either natively support, or support with the assistance of a system provided "agent" component, secure erasure of all system supplied cryptographic material at the termination or expiry of the session. Where any other capability of the device may be exploited by the system for appropriate purposes.
  • the relevant cryptographic material supplied in the export is one or more cryptographic keys appropriate for each session.
  • revocation is achieved by system action, system operator action, publication of the revoked device digital certification within a CRL and accessible via the OCSP protocol.
  • Figure 4 contains a Universal Modelling Language
  • (UML) use diagram which illustrates the use of embodiments of the invention as illustrated in figures 1 to 3, for encrypting and digitally signing documents using digital certificates .

Abstract

A system (10) for managing cryptographic operations on behalf of a plurality of user entities (12,13) located remotely from the system (10). The system (10) comprises storage means (14) for storing cryptographic material for each of the user entities (12,13); interface means for receiving a request to perform one or more cryptographic operations from one of said plurality of user entities (12,13) and authentication information for identifying the user entity associated with the request; authentication means for identifying the user entity (12,13) based on said authentication information; and cryptography means for retrieving from said storage means cryptographic material for the user entity (12,13) as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity (12,13) using said cryptographic material.

Description

A CRYPTOGRAPHIC SYSTEM AND METHOD
[001] The present invention relates to a cryptographic system and method and, more particularly, to a system and method for managing cryptographic services on behalf of a plurality of user entities located remotely from the system.
[002] Cryptography is increasingly relied on as a means for protecting confidentiality and identifying the authenticity of digitally generated documents and other data.
[003] In general, data is encrypted and decrypted using cryptographic keys or other cryptographic material such as digital certificates. Accordingly, once a document is encrypted, cryptographic material suitable for decrypting the document must be available to those with authorised access to the content of the data file. At the same time, however, it is important that the cryptographic material is stored confidentially, to prevent unauthorised access to the contents of the data file.
[004] With present cryptographic solutions, this is achieved by managing cryptographic operations and storing the related cryptographic material in-house. Thus, confidential cryptographic material can be made available to users from within an organisation, and does not need to be communicated outside the boundaries of the organisation's computer system.
[005] However, in-house management and maintenance of cryptographic solutions entails significant complexity, and requires specialist expertise. For example, to account for technical differences between cryptography methods developed by different providers and obsolescence of old methods. At best, this imposes an undesirable cost overhead on the user entity. At worst, it can result in a poorly maintained system, which may lead to a false sense of security and potential breaches of confidentiality and/or loss of access to the content of encrypted data files. [006] This complexity is illustrated by the example illustrated by means of the Universal Modelling Language (UML) use case diagram in figure 5.
[007] In this example, an organisation requires a digital certificate for the purpose of encrypting, decrypting, digitally signing and verifying the authenticity of digital communications with a particular end point application or entity. For example, the organisation may wish to submit documents associated with a patent application to a patent office and receive authenticated confirmation of receipt, using an online filing application established and run by the patent office.
[008] The organisation first configures their hardware to generate a public-private key pair. The public key is then added to a certificate signing request, and transmitted to a Registration Authority together with adequate credentials to allow the Registration Authority to authenticate the identity of the organisation.
[009] Once the identity of the organisation is authenticated, the registration authority will pass the
Figure imgf000004_0001
signing request on to the Certificate Authority, which will issue a digital certificate comprising the Certificate Authority's root signing key wrapped around the public key generated by the organisation. The certificate is then sent to the organisation, and installed on their systems to enable cryptographic functions to be performed.
[0010] However, digital certificates are issued for finite periods of time, typically 1 year, and must therefore be periodically renewed or re-issued. Moreover, if a digital certificate is compromised in some way, for example through the loss or theft of a portable computing device on which the certificate is installed, it is necessary to replace the certificate to protect future communications. Furthermore, a digital certificate is only valid for the particular end point application/entity for which it was issued, and the process must be repeated for each end point application used by the organisation. For example, if they wish to exchange communications with a different patent office, a different digital certificate will be required. The steps required to obtain digital certificates and the procedures for performing cryptographic operations can differ significantly between different end point applications.
[0011] It will thus be appreciated that the process of obtaining and maintaining the necessary digital certificates for a plurality of end applications entails substantial cost and complexity for organisations.
[0012] That is not to say there are no other examples of prior art which use alternative means of cryptographic method and management of cryptographic variables which differ from the above example; the above example being commonly referred to as a Public Key Infrastructure (PKI) .
[0013] The subject of the present invention may share some minor common elements of both PKI and other designs but there is no example of prior art which provides the completeness and flexibility of the present invention.
[0014] For instance, in US 6853988 (DICKINSON) that prior art provided for an interface to provide centrally provided interoperability server to resolve differences between different cryptographic methods in use by client systems. Whereas the present invention is based on exactly the reverse premise. The present invention enables the replacement of different cryptographic client methods and interfaces embodied in a variety of hardware and software modules with an abstracted interface module with the intent that the client has no need for the knowledge of the complexities of the cryptographic methods utilised. This has the advantage that the client dependencies of cryptographic algorithms are removed and can be varied and upgraded by the system as the cryptographic art evolves. The present invention also allows another advantage in that strong cryptographic functions can be incorporated in client applications with ease and with limited specialist knowledge (the expertise within the present invention is contained within the system boundary in the form of a "managed service provision") .
[0015] For further instance, in US 2002/71567 (KURN) that prior art provided for a central key repository for protecting data confidentiality and integrity via security policy attached to administrators and owners under a split key paradigm. The applications in this prior art are authenticated by means of a cryptographic hash function of the application software binary code. This is different from the present invention in that it requires the applications to reside within the system boundary and uses a proprietary method of key protection and storage that differs entirely from the present invention. Whereas the present invention provides for an abstracted interface module that enables applications external to the system boundary to make use of the cryptographic functions within the system boundary. Also the present invention allows the abstracted interface module to interact with industry standard hardware and software cryptographic security modules based upon all commonly used methods of symmetric and asymmetric cryptographic methods. [0016] For further instance, in WO 00/33506 Al (HUSH) that prior art provided for a system for provision of a hosted secure electronic messaging facility whereby a client computer with a browser communicates with a local application and the electronic messages are encrypted in storage via hosted hub, and protected by encryption in transit between hubs. This example of prior art has a limitation in that it provides for secure electronic messaging only and provides limited interface to any other system. This example of prior art also only relates to handling of a client "passphrase" for authentication purposes. Whereas the present invention can provide support for a plurality of applications, outside of the system boundary, including not just electronic messaging, but also secure data storage and secure electronic transaction processing. The present invention can also support a plurality of methods of authentication, not just "passphrase" authentication as allowed for in this example of prior art.
[0017] For further instance, in WO 02/43316 A2 (HOTLOCKER) that prior art provided a method for secure electronic document exchange using a prior and specific method of cryptography that involves distribution of encryption/decryption software by means of Java "applets". Whereas the present invention can provide support for a plurality of applications, outside of the system boundary, including not just electronic document exchange, but also secure messaging, secure data storage and secure electronic transaction processing. Is also deliberately does not rely on software downloaded from the system to any end point. Rather the present invention allows for the use of industry standard hardware and software components. [0018] For further instance, in US 2008/0178010 (VATERLAUS) that prior art provided for a means of managed "Cryptographic Web Services" delivered over a public data network using the public "Web Services" protocol specification which can be accessed by a client computer using commonly available browser software. This includes linkage with hosted services including secure document storage. Whereas the present invention does not rely on public web services protocols but rather provides an abstracted interface module that can be deployed on both public and private data networks. Unlike this example of prior art the present invention does not include use of the public "Web Services" protocol specification and uses alternative means for remote communication . [0019] According to a first aspect of the present invention there is provided a system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, the system comprising: - storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and
cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
[0020] According to a second aspect of the present invention there is provided a system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, the system comprising: - storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and
cryptography means for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
[0021] Thus, the present invention relies on authentication techniques to ascertain the identity of a user entity, in order to permit or deny access to cryptographic operations. This contrasts with prior art techniques, in which the ability to perform a cryptographic operation is determined by physical possession of the necessary cryptographic material . [0022] By providing a system and associated method for performing cryptographic operations and storing cryptographic material on behalf of user entities, the present invention allows a third party to take on the complexity associated with managing and maintaining cryptographic material for a multitude of end applications.
[0023] Previously, out-sourcing the management and maintenance of cryptographic material to a third party provider has not been considered viable, due to the perceived security risk associated with transmitting cryptographic material between the provider and the user entity, physical possession of the cryptographic material by the user entity being necessary in order to perform cryptographic operations. [0024] However, with the present invention, the third party provider performs cryptographic operations on behalf of the user entity, as well as managing and maintaining the necessary cryptographic material. Accordingly, there is no need for a user entity to have in their possession the cryptographic material used to perform their requested cryptographic operations. Nor is there any requirement for the cryptographic material ever to be communicated outside the boundary of the provider system. [0025] This removes the complexity associated with managing and maintaining cryptographic material from the user. It also avoids the risk associated with storing cryptographic material on user devices which may be lost or stolen, thereby compromising data protected by those keys. Moreover, since keys are stored centrally, key management processing, such as re-keying of data, is straightforward to perform.
[0026] A user entity may be an individual user or an organisation such as a company. In the case where the user entity is an organisation, the request and associated authentication information may be received from a user within the organisation.
[0027] The reference to a user entity being located remotely from the system means a user entity having a user computing system which is located remotely from the system. The user computing system may comprise one or more user devices.
[0028] The cryptographic material associated with a user entity is preferably unique to said user entity. [0029] The system preferably further comprises access rights storage means (for example one or more access rights storage modules) for storing access rights data associated with each of said user entities, and determining means (one or more determining modules) for determining whether the cryptographic operation (s) requested by a user entity are permitted in accordance with the access rights stored for the user entity as identified by the authentication means, and permitting only those operation (s) which are permitted by said access rights to be performed.
[0030] Thus, with the present invention, the ability to access encrypted data files, and to perform other cryptographic operations is controlled by ascertaining the identity of a user entity, and then determining what operations may be performed by that user entity. This contrasts with prior art techniques, where access to the content of encrypted data files and the ability to perform other cryptographic operations is controlled by controlling availability of the cryptographic material required to decrypt the files.
[0031] In the case where the user entity is an organisation, the access rights storage means is preferably configured to store access rights data for users within the organisation.
[0032] The access rights storage means may also be configured to store access rights details associated with the organisation.
[0033] The access rights data stored in the access rights storage means may also be associated with a specified data file or group of data files. Thus, for example, if a user A within an organisation creates a data file X, they may wish to access and edit file X themselves, but to limit access by other users B and C within the organisation, such that B is entitled to read-only access to file X, whilst C is not entitled to access the content of the file. To achieve this, user A may specify these requirements when they submit the initial request for file X to be encrypted. The system will interpret these requirements and store appropriate details in the access rights storage means. [0034] The cryptographic material stored in the storage module may comprise cryptographic keys and/or digital certificates .
[0035] The cryptographic operations performed by the system preferably include encryption of specified data and decryption of specified data. They preferably include digital signing of specified data and verification of digital signatures and data. They preferably include re-keying of data .
[0036] Encryption of data comprises encrypting data using a key or other cryptographic material, preferably in accordance with a protocol previously specified by the user entity, and stored with the system in association with said user entity.
[0037] Decryption of data comprises decrypting data using a key or other cryptographic material, preferably in accordance with a protocol previously specified by the user entity, and stored with the system in association with said user entity.
[0038] Digital signing of data comprises generating and attaching to the data a digital signature which can be validated by other parties, for example to authenticate the identity of the sender, to verify that the contents has not been changed in transit, and/or to add a trusted time-stamp which records the date and time of signing. Digital signing may be based on ownership of a digital certificate. A "hash", also known as a message digest, or reliable cryptographic checksum, of digitally signed data can also be generated for use in subsequent verification of the signature .
[0039] Verification of digital signatures and data comprises verifying the veracity of a digital signature and/or the data that the signature protects. If either the signature or the hash is invalid, an error message may be returned.
[0040] Re-keying of data comprises replacing the cryptographic material with which data is encrypted with new cryptographic material. For example, replacing the key with which data is encrypted with a new key in accordance with the same or a revised protocol. Re-keying of data may be performed on demand by the user entity who owns the data, in order to refresh or change the key and/or protocol with which the data is protected. This may be done regularly, or in response to a possible compromise of the key or protocol which protects the data.
[0041] The request to perform one or more cryptographic operations may specify one or more data files to be subject to said operations. The specified data file(s) may be, for example, new data files generated by the user entity and which may require encryption, or existing data files which the user entity wishes to read or amend, and which may require decryption.
[0042] The system may further comprise data retrieval means for obtaining data specified in the request from the user. [0043] In the case of new data, this will typically be received by the system from the user entity. In the case of existing data, this may be received from the user entity, or from a data centre connected to the system via a network such as the internet.
[0044] Each user entity will typically access the system using a computing device such as a server computer, personal computer, laptop or mobile telephone, which may be connected to the system via a network such as the internet.
[0045] In order to protect data in transit between the system and the user entities, a secure connection such as a virtual private network (VPN) session may be established between each user entity's computing device and the system.
[0046] In a preferred embodiment, the system is also configured for managing cryptographic material for a plurality of user devices located remotely from the system. In this case the system further comprises :- interface means for receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
authentication means for identifying the device based on said device authentication information;
session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations; and
erasure means for causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session. [0047] Thus, in this embodiment of the invention, the system is also capable of temporarily providing cryptographic material to user devices located remotely from the system. [0048] The preferred and optional features of the fifth to ninth aspects of the invention also apply to this embodiment.
[0049] According to a third aspect of the present invention, there is provided a method of managing cryptographic operations on behalf of a plurality of user entities, the method comprising: - storing in a storage means cryptographic material for each of the user entities;
receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
identifying the user entity based on said authentication information;
retrieving from said storage means cryptographic material for the user entity as identified by the authentication means; and
performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
[0050] According to a fourth aspect of the present invention, there is provided a method of managing cryptographic operations on behalf of a plurality of user entities, the method comprising: - storing in a storage means cryptographic material for each of the user entities;
receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request; identifying the user entity based on said authentication information;
generating cryptographic material and storing said cryptographic material in a storage means, associated with the user entity as identified by the authentication means; and
performing the cryptographic operation (s) requested by the user entity using said cryptographic material. [0051] The method may be performed by a system located remotely from said user entities.
[0052] The method preferably further comprises :- storing access rights data associated with each of said user entities in an access rights storage means; and determining whether the cryptographic operation (s) requested by a user entity are permitted in accordance with the access rights stored for the user entity as identified at the authentication step; and
permitting only those operation (s) which are permitted by said access rights to be performed.
[0053] The method preferably further comprises the step of obtaining data file(s) which is/are to be subject to said cryptographic operations.
[0054] The method may further comprise the step of establishing a secure connection between a user entity's computing device and a system performing the management method of the invention.
[0055] In general, the preferred and optional features of the system of the first and second aspects of the present invention may also apply to the method of the third and fourth aspects of the invention. [0056] According to a fifth aspect of the present invention, there is provided a system for managing cryptographic material for a plurality of user devices located remotely from the system, the system comprising: - interface means for receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
authentication means for identifying the device based on said device authentication information;
session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations; and
erasure means for causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session.
[0057] This allows for "transient secure export" of cryptographic material to trusted devices outside the physical service boundary of the system, for the purpose of providing localised high performance cryptographic operations with low latency. That is to say, cryptographic material is only provided to devices which are registered with the system, via a secure connection, and for a limited duration. In effect, this allows each user device to perform cryptographic operations locally, as if it were part of the system.
[0058] The system may comprise generating means for generating cryptographic material for provision to each user device. The system may further comprise storage means for storing cryptographic material for each user device.
[0059] Thus, in one example, a user device is able to perform encryption and decryption of data using cryptographic material provided by the system. In another example, a user device is able to produce electronic signatures attached to data for the purpose of enabling third parties to authenticate that data, using cryptographic material provided by the system.
[0060] The system may comprise monitoring means for monitoring the cryptographic material used by a user device in a cryptographic session, to enable the same cryptographic material to be provided to said user device in a later cryptographic session.
[0061] Thus, for example, the system may provide a cryptograph key to a user device to enable the device to encrypt a document during a first cryptographic session. Then, if it is required to decrypt that document in a later session, the system is able to identify the relevant cryptographic material, and to provide this to the user device for the purpose of the decryption operation. [0062] In a preferred embodiment, the system may comprise interface means for receiving authentication information for identifying a user entity of the user device. This may be the same interface means which receives the authentication information for identifying the user device, or a separate module. In this embodiment, the system may comprise authentication means for identifying the user entity. This may be the same authentication means which identifies the user device, or a separate module. In this embodiment, the session management means is preferably configured to establish a cryptographic session, only in the event that the user device and the user entity are successfully authenticated .
[0063] Thus, if an unauthorised user gains access to one of said user devices, they will be unable to establish a cryptographic session. Moreover, since cryptographic material is only ever held on a user device temporarily, an unauthorised user of a device is prevented from obtaining access to cryptographic material and will thus be unable to decrypt any encrypted data which may be stored on the device. They will also be prevented from masguerading as the authorised user, and issuing fraudulent signing operations. Accordingly, the present invention provides enhanced security as compared with prior art systems.
[0064] In contrast, in prior art systems, cryptographic material is stored permanently on the user device, such that if the device falls into the hands of an unauthorised user, both the cryptographic material and any data encrypted therewith are potentially compromised.
[0065] Furthermore, with the present invention, if a user device is damaged, lost or stolen, the authorised user entity can obtain and register a replacement device in order to gain access to previously used cryptographic material. Accordingly, cryptographic material, and access to the data that it protects is not lost in the event that a user device is compromised in some way. [0066] In contrast, in prior art systems, cryptographic material is often only stored on a single user device. Thus, in the absence of an end user managed system of back-up, cryptographic material and access to any data encrypted may be lost in the event that the user device is lost, damaged or stolen. [0067] A further advantage of the present invention is that the system may utilise functionality located on or otherwise associated with the user devices. This may enhance system integrity, device integrity and/or the functions available to users of the system. For example, a device "attestation" function can be used to check the integrity of the device before commencement of cryptographic operations, or utilised as part automation of the registration process. In another example, a reliable clock source located on a user device can be used for time-stamping operations.
[0068] Each user device is preferably registered with the system. Preferably, a digital certificate is issued to a user device on registration with the system, to allow for authentication of said user device by the system.
[0069] The system may be configured to apply conditions of registration which must be met by each user device, for that user device to be registered with the system. For example, certain security and/or integrity characteristics may be required .
[0070] In particular, a user device may be required to be capable of generating a public/private cryptographic key pair. The private key of said pair is preferably immutable and unavailable outside its trusted environment. The public key of said pair is preferably made available as part of the registration by the system of the respective device.
[0071] In another example, a condition of registration may be that the device and/or the computer operations location at which the device is installed is certified to a recognised standard. For example, ISO/IEC 27001. [0072] The system may also specify other technical and/or non-technical requirements, standards and/or protocols for conformance, and/or means of assurance of conformance, as conditions for registration. For example, by evidencing of test outcomes and management of security vulnerabilities.
[0073] The system may also be configured to provide two or more registration regimes, each having a different level of rigor. In this case, the system may be configured to indicate within the digital certificate issued as part of registration which regime has been verified as applying. This may be referred to as the system "trust level".
[0074] Examples of user devices which may be registered with the system as trusted include: a Hardware Security Module (HSM) ; a software security module (SSM) running on a Trusted Computing Base (TCB) ; a TCB itself; a cryptographic co-processor; a Trusted Platform Module (TPM) ; a virtualised TPM running on a TCB; a personal electronic device (PED) which containing a Subscriber Identity Module (SIM) with enhanced trusted computing functions; or any multiples or permutations of the aforementioned examples.
[0075] In a preferred embodiment, the system is also configured for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system. In this case, the system may further comprise :- storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
[0076] Alternatively or in addition, the cryptography means may be for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material . [0077] Thus, in this embodiment of the invention, the system is also capable of performing cryptographic operations on behalf of a user entity even if their user device is not registered with the system. In such circumstances, cryptographic operations are performed by the cryptography means on the system, and cryptographic material is retained within the physical service boundary of the system.
[0078] The preferred and optional features of the first to fourth aspects of the invention also apply to this embodiment.
[0079] According to a sixth aspect of the present invention, there is provided a distributed system for managing cryptographic material, the distributed system comprising a system as described herein, and one or more user devices located remotely from the system.
[0080] According to a seventh aspect of the present invention, there is provided a user device for use with a system for managing cryptographic material, the user device comprising : - interface means for transmitting to the system a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request, and for requesting and receiving cryptographic material from the system once a session is established;
cryptography means for performing cryptographic operations using said cryptographic material during a cryptographic session; and
erasing means for deleting cryptographic material provided by the system on termination of a cryptographic session . [0081] According to an eighth aspect of the present invention, there is provided a computer program product which, when installed on a user device enables said user device to:- register with a system for managing cryptographic material;
transmit to the system a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
request and receive cryptographic material from the system once a session is established;
perform cryptographic operations using said cryptographic material during a cryptographic session; and delete cryptographic material provided by the system on termination of a cryptographic session.
[0082] According to a ninth aspect of the invention, there is provided a method of managing cryptographic material for a plurality of user devices located remotely from the system, the method comprising: - receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request ;
identifying the device based on said device authentication information;
establishing and terminating a cryptographic session with the authenticated device, and providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations; and
causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session. [0083] The preferred and optional features of the fifth aspect of the invention also apply to the sixth to ninth aspects of the invention.
[0084] Unless otherwise specified, preferred and optional features of each aspect of the invention apply equally to all other aspects of the invention.
[0085] Other preferred and optional features of the invention may be defined in the dependent claims.
[0086] The present invention will now be described with reference to the accompanying drawings in which: -
[0087] Figure 1 shows a cryptographic management system which embodies the present invention;
[0088] Figure 2 illustrates the cryptographic management system of figure 1 in more detail; [0089] Figure 3 illustrates an alternative embodiment of the present invention;
[0090] Figure 4 illustrates a UML use case diagram of an embodiment of the present invention; and
[0091] Figure 5 illustrates a UML use case diagram of a prior art system, for comparison with the diagram illustrated in figure 4. [0092] Common reference numerals are used where elements, module or components are common to more than one embodiment or more than one figure.
[0093] The cryptographic management system 10 is connected to a plurality of end user environments 12 by a network such as the internet. Each end user environment 12 represents the computer system (s) of a particular user organisation or user entity. Each end user environment 12 comprises a plurality of computing devices 13, which may include mobile telephones, laptop computers, personal computers and servers, operated by users from within the user entity.
[0094] The cryptographic management system 10 is also connected by a network such as the internet to one or more data centres 14 which provide a data storage service. The data centres 14 are further connected by a network such as the internet to the end user environments 12.
[0095] The cryptographic management system 10 provides a trusted and secure environment which carries out cryptography functions, such as encrypting and decrypting data files, on request from a registered user from within a user entity of the system. The data centres 14 provide external file storage and file management services for the user entities. [0096] Figure 2 illustrates the cryptographic management system 10 in more detail.
[0097] The cryptographic management system 10 comprises an abstracted interface module 20, through which users within a user entity interact with the system to perform cryptographic operations. The abstracted interface module 20 provides a graphical user interface which can be accessed by users of the system. Alternatively, or in addition, the abstracted interface module 20 may provide an automated mechanism which operates under software control without user intervention. The abstracted interface module is used to submit a request for cryptographic services to the system. The graphical user interface (if present) may prompt the user to provide authentication credentials, details of cryptographic operations to be performed, and to attach any relevant data/documents/files. The abstracted user interface module extracts the data input by the user, converts this to the required format, and passes this on to other modules within the system for subsequent processing.
[0098] The abstracted interface module 20 is a high level language interface. The programming interface is "key-less" in the sense that all keys and other cryptographic material used in the encryption, decryption and digital signing of documents are held and managed internally within the cryptography management system 10, as described in more detail below. Accordingly, the end user does not need to possess cryptographic material to access the content of encrypted files or perform other cryptographic operations. Rather, access to cryptographic operations provided by the system is granted or denied on the basis of authentication of the identity of the user and the access rights policy in place for that user, as described in more detail below. [0099] The system optionally further comprises a legacy interface module 21, by means of which the cryptographic management system 10 is able to manage cryptographic operations for any legacy applications used by the user entity, which require the physical possession of cryptographic material by the user. The legacy interface module 21 provides a graphical user interface, and/or an automated mechanism, which is substantially similar to that of the abstracted interface module 20. This allows the system to provide cryptographic services transparently, in the sense that the user/user entity is unaware of a difference in use between legacy applications using the legacy interface module 21 and new applications using the abstracted interface module 20. It is thus straightforward for user entities to manage cryptographic operations for a wide variety of applications, both new and old.
[00100] A user/external device authentication module 22 is connected to both interface modules 20, 21. The user authentication module is configured to receive users' authentication credentials from the relevant interface module, and then to verify the authentication of a user by means of, for example, a username and password, RADIUS authentication, two factor authentication, and/or service issued third party digital certificates. Such authentication means are referred to herein as "identity tokens".
[00101] To this end, the device authentication module 22 is connected to an identity token provisioning module 23, which performs the authentication operation and provides an identity token in the event of successful authentication. The identity token provisioning module 23 is configured to support diverse authentication methods, as listed in the preceding paragraph, to allow users or external devices to authenticate their identity. Unlike prior art systems, the need for external distributed certificate revocation lists is removed, as the issuing authority for all certificates is a module located within the system. [00102] A central control module 24 is connected to the interface modules 20, 21 and to the user authentication module 22. The central control module 24 is configured to start a cryptographic operation session on receipt of an identity token issued on successful authentication of a user by the authentication and identity token modules. If an identity token is not issued in association with a particular request, the central control module will trigger the relevant interface module to return an error message to the user without starting a session.
[00102] Once a session is open, the central control module 24 receives details of the requested operation (s) from the interface module 20. These details, together with user details contained in the identity token are looked up in an access rights policy database 25. The access rights policy database stores details of access rights for each registered user. These details indicate whether a requested cryptographic operation may be performed on behalf of that user. The access rights database may comprise general access rights details, and access rights details which relate to specific data files. For example, the database may specify that a user A is entitled to create and send encrypted, digitally signed documents in a specified application. It may also specify that user A is entitled to read and overwrite a specified data file X. By default, access rights are positively specified. Thus, if the access rights database for user A does not specify a data file Y, the system will not perform a requested cryptographic operation on data file Y when requested to do so by user A. [00103] If one or more requested operations are permitted, the central control module 24 will coordinate processing of requested cryptographic operations, as described in more detail below. If the user is not authenticated, or if one or more operations are not permitted, the central control module will trigger the interface module to return a suitable error message to the user . [00104] A key management and storage module 26 is connected to the central control module. The key management and storage module is configured to create, transport, refresh, archive and destroy cryptographic material including cryptographic keys and digital certificates, as required in order to perform requested cryptographic operations.
[00105] The central control module 24 is configured to identify the cryptographic material required to perform a requested operation, and obtain this from the key management and storage module 26. This may involve, for example, requesting an existing stored key or the generation and storage of a new key.
[00106] Having identified a permitted request for an authenticated user, and obtained the necessary cryptographic material from the key management and storage module 26, the central control module 24 determines whether a data file is required in order to complete the requested operation and the location of that file, and then obtains the file for processing. For example, if a user A requests the system to encrypt a document X, document X may be attached to the user's request. In this case the central control module may obtain the document X from the interface module. In another example, a user B may request access to document X, which is stored in a data centre. In this case, the central control module may obtain the data file from the data centre via a data centre interface module 29.
[00107] One or more hardware security modules (HSMs) 27 and software security modules (SSMs) 28 are also connected to the central control module 24. These security modules are configured to perform cryptographic operations according to instructions received from the central control module. By providing a plurality of security modules and partitioning the function therebetween, the system is scalable.
[00108] The group of hardware security modules 27 preferably comprises a plurality of industry standard HSMs. Although these HSMs may be provided by different vendors, the complexity associated with vendor specific interfaces is hidden from the users/user entities by means of the interface modules 20, 21, 22. The HSMs do not store application key material within them, as this is stored in the key management and storage module 26, which comprises a dedicated HSM (not shown) for this purpose alone.
[00109] The group of software security modules 28 comprises general purpose computer servers loaded with cryptographic algorithms. Such an arrangement would present an unacceptably high security risk if deployed in a user environment. However, with the present invention, it is possible to locate these computers within the cryptographic management system 10. This is a trusted environment where keys never leave the trusted physical and logical boundary of the system, which significantly mitigates the risks associated with the use of SSMs. The SSMs provide rapid provisioning of cryptographic resources at much higher transactional rates than traditional HSMs. This is particularly desirable during the development phases of projects, as developing cryptographic requirements can be satisfied using SSMs, which avoids the need to procure additional HSMs . Moreover, due to the abstraction provided by the abstracted interface module 20, an SSM resource can be swapped for an HSM resource at the production phase of a project, without any application change.
[00110] Having identified a permitted request for an authenticated user, and obtained the necessary cryptographic material and data files, the central control module 24 is configured to locate and select an appropriate security module from the available pool to perform the requested operation. Having selected an appropriate security module, the central control module constructs a set of commands for the security module 27, 28, in an appropriate language or interface.
[00111] Once the requested operation is complete the security module will return the results of the cryptographic operation to the central control module 24, for onward transmission to an appropriate destination.
[00112] For example, if a user A requests the system to store an encrypted version of document X at a specified location in a data centre, the selected security module will encrypt document X and the central control module 24 will route the encrypted document to the data centre 14. In another example, if a user B wishes to access document X, the selected security module will decrypt document X and route the decrypted document to user B.
[00113] The central control module 24 is further configured to obtain any access rights policy details contained in the user's request, and store these in the access rights policy database 25. For example, in the example where a user A requests the system to store an encrypted version of document X, user A may specify that they should have open-ended read/write access to document X, and that a user B should have open-ended read only access to the document. These details are stored in the access rights policy database 25. Thus, if a user B subsequently requests access to document X, the system will allow them to decrypt the document, but not to encrypt an amended version.
[00114] In addition to the modules described above, the system comprises an auditing module 201, connected to the central control module 24. The auditing module is configured to monitor and record all operations carried out on behalf of an end user, and to provide a digitally signed audit log of all operations carried out by a particular end user or group of users, for inspection by clients or relevant authorities. The audit trail may also be used for the purpose of metering and/or billing clients' use of the system. [00115] The system may comprise a web-site "portal", or other interface, intended for access by selected users from within a client organisation. This interface provides a tailored view of the performance "dashboard", audit trail and client account information that is private to that client. The interface also allows access to any controls that are delegated by the system to the client organisation. For instance, it may allow the selected user to register and de-register employees from within the client organisation as individual users within that client group, it may allow the selected user to commence registration of locally hosted devices to the system, and it may allow the selected user to report security incidents to the system. The system may also give the selected user a limited ability to configure or influence certain security policy and access control elements applying to the client organisation. [00116] The selected users referred to above are typically senior users from within or otherwise associated with the client organisations. The selected users may have additional technical and non-technical conditions applied to them by the system as compared with other users. Access to the interface is preferably authenticated to at least the same extent as other system authentication mechanisms, and more preferably to a greater extent. This is consistent with an enhanced trust level applying to the selected user. For example, the system may reguire additional "multiple-factor" authentication or "two man" control for access to the "portal" selected user account. The system may also implement a hierarchical system of group, user and device trust and also implement "fine grained access control" aligned to that system of trust.
[00117] The system illustrated in figures 1 and 2 may be used by a user entity to manage their cryptographic needs in a straightforward, secure and cost effective manner.
[00118] In use, a user entity signs up to use the services provided by the system. The user's credentials are checked by the system and, assuming these credentials are satisfactory, an account is established and details of one or more users (for example, users A, B, C) from the user entity are registered.
[00119] To set up the account, unseen by the user entity, an internal digital certificate unique to that entity is issued and stored within the system. Since the user entity does not need to store the certificate, they are spared the complexity associated with digital certificate renewal and management . [00119] In one example, a user A may create a document
X to be stored in a remote data centre, for future availability to himself and other users within the user entity. The document needs to be stored in an encrypted form, for protection against unauthorised access and malicious tampering from outside the user entity. At the same time, user A wishes to restrict access within the organisation to himself and user B, and to restrict user B's access to read-only .
[00120] With the present invention, user A may send document X to the cryptographic management system 10 over the network, with a request to store an encrypted version of the document at a specified location in the data centre 14. The request includes authentication information for user A. The request also attaches document X, and includes an indication that user A is entitled to read/write access to the document and that user B is entitled to read only access to the document .
[00121] The abstracted interface module 20 receives the request and passes the authentication information to the authentication module 22. On successful authentication of user A, the authentication module passes an identity token for user A to the central control module 24. The central control module obtains details of the requested operation, and looks up the rights policy for user A. The central control module finds that user A is authorised to upload encrypted documents to the data centre.
[00122] The central control module 24 then updates the access rights policy information stored therein, to indicate that user A is entitled to read/write access to the document, and that user B is entitled to read only access. [00123] Accordingly, the central control module 24 forwards the request to the key management and storage module 26. The key management generates a key for encrypting the data, and stores the new key together with details which identify the document to be encrypted. The key is then transmitted to the central control module.
[00124] The central control module 24 then selects a suitable security module 27, 28 to perform the operation, and prepares instructions to perform the operation in a language/interface appropriate to the selected security module. The instructions are forwarded to the selected security module together with the key and the document to be encrypted .
[00125] The security module 27, 28 encrypts the document according to the instructions, and returns the encrypted document to the control centre for onward transmission to the specified location in the data centre 14, via the abstracted interface module. The central control module 24 also triggers the abstracted interface module 20 to send confirmation of successful completion of the task to user A.
[00126] Subsequently, user B wishes to access the document. User B sends a request to the system to obtain a decrypted version of the document from the data centre 14. The request includes authentication information for user B.
[00127] The abstracted interface module 20 receives the request and passes the authentication information to the authentication module. On successful authentication of user B, the authentication module passes an identity token for user B to the central control module 24. The central control module looks up the rights policy for user B, and finds that they are authorised to access a decrypted version of the document.
[00128] Accordingly, the central control module 24 forwards the request to the key management and storage module 26, which retrieves the key used for encrypting the document, and transmits this key to the control module.
[00129] The central control module 24 causes the encrypted document to be retrieved from the data centre 14 via the abstracted interface module 20.
[00130] The central control module 24 then selects a suitable security module 27, 28 to perform the decryption operation, and prepares instructions to perform the operation in a language/interface appropriate to the selected security module. The instructions are forwarded to the selected security module together with the key and the encrypted document . [00131] The security module 27, 28 decrypts the document according to the instructions, and returns the decrypted document to the control centre for onward transmission to user B, via the abstracted interface module 20. The central control module 24 also triggers the abstracted interface module to send confirmation of successful completion of the task to user B.
[00132] User B subsequently amends the document, and sends a request to overwrite the document stored in the data centre 14 with their amended version. However, when the central control module 24 looks up the access rights policy for user B, it finds that user B is not entitled to write access to the document, and an error message is returned to user B and the requested encryption and storage operations are not performed. [00133] Similarly, if user C attempts to access the document, when the central control module 24 looks up the access rights policy for user C, it finds no indication that C is entitled to decrypt the document. By default, if no positive permission is specified in relation to a specific operation and document, permission is denied. Thus, an error message is returned to user C and the decryption and document retrieval operations are not performed.
[00134] If an individual D from outside the user entity's organisation attempts to access the document in the data centre directly, they will be unable to access meaningful content due to the encryption of the document.
[00135] If the individual D attempts to access the document via the system, they will either be refused access as a non-registered user of the system, or because they do not have positively specified rights associated with the relevant document.
[00136] Since the authorisation module/identity token module require user credentials such as a password or digital certificate to authenticate the identity of a user, this will prevent an unauthorised user or individual gaining access by posing as an authorised user.
[00137] Figure 3 illustrates a second embodiment of the invention, in which it is possible for cryptographic operations to be performed locally on an authorised client device 31A, 31B, 31C. The system 30 of figure 3 comprises a public key infrastructure (PKI) module 32, which comprises a device registration module 31. Other aspects of this embodiment are as described in relation to the first embodiment. [00138] The device registration module 31/PKI module 32 are provided for the purpose of issuing digital certificates 32A, 32B, 32C to the external client devices 31A, 31B, 31C, in order to enable transient secure export of system held keys and other cryptographic material to those devices.
[00139] To register a client device 31A, 31B, 31C, which has the capability to generate a private/public key pair, a Certificate Signing Request (CSR) is submitted to the system by the client device (or a user thereof) . The CSR is routed to the device registration module 31. Once registration checks have been successfully completed, a digital certificate is issued, and returned to the client device by the device registration module 31.
[00140] Each new session started from a registered device
31A, 31B, 31C uses the Transport Layer Security (TLS) protocol, or a similar protocol, to establish a secure mutual authentication channel between the device and the system 30. Provided the client device end certificate 32A, 32B, 32C is still valid, the system will act as if the device were a module within the system, subject to any other conditions of trust that apply.
[00141] When a new session is started, the client device
31A, 31B, 31C will forward user credentials required for end user authentication. At this point, any attestation function available on the device may be activated. Provided conditions set by the system 30 are met, the client device is then able to request cryptographic material from the system's key management storage module (keystore) 26, and may use these to locally conduct cryptographic operations, for example, encrypt, decrypt, sign and/or verify. [00142] The session variables are established to allow multiple operations to be requested without re-authentication being required. However, partial or full re-authentication may be required according to a system defined periodic interval, or when triggered by per-transaction based events. This includes a timeout facility to terminate the session at both ends should communications be interrupted.
[00143] Operations on the client device may continue until the session is terminated (session closure) . The device is free to cache system issued cryptographic material for that session to enable efficient local cryptographic operations. Session closure may be initiated programmatically from the device 31A, 31B, 31C and/or the system 30. Session closure also occurs at the expiry of any timeout in the device or the system. This may be referred to as a "time-to-live" timeout period.
[00144] On session closure, any locally cached cryptographic material exported by the service is securely erased and put beyond further use. Preferably, a pre-requisite for registration of a user device with the system, is that the user device can be trusted to securely erase cryptographic material received from the system, such that this is put beyond further use.
[00145] The erasure operation is preferably performed by the device 31A, 31B, 31C itself. If a device which registers with the system 30 does not have the capability to perform the erasure operation itself, the system 30 may provide "agent" software or firmware elements for installation thereon. Such elements may be downloaded and installed manually or automatically after completion of device registration. The "agent" can perform/complete the erasure operation in the absence of a native device capability to perform the same.
[00146] Other functions may also be provided to the client device by the system, either as part of the "agent" or as separate software/firmware elements, where these functions are not natively available on the device. Such functions may include enhanced TLS verification, or similar, to prevent "man in the middle attacks"; firewall; malware checking and attestation.
[00147] As with the first embodiment of the invention, the device registration module has full PKI capability.
[00148] Any client device end certificate 32A, 32B, 32C can be revoked at any time, following a client report, or the action of a system operator. For example, if a device were reported lost, or otherwise compromised, if an end user or client were in serious or repeated breach of registration, or service subscription conditions, or a device is detected by the service to have malfunctioned. Lists of revoked device certificates will be published by the system in a Certificate Revocation List (CRL) which is accessible using the Online Certificate Status Protocol (OCSP) . These will be automatically checked at the commencement of each session. The system may also incorporate a mechanism to terminate open sessions of revoked devices in near real-time. The "agent" or native device capability may also apply advanced OCSP and certificate chain validation and detect revocation early and then immediately purge the local device keystore. If a known stolen device attempts to connect to the system then an operator alert will be raised. The "agent" or native device capability may also log an alert message with the system. This message may include device network and geo-location information, if available. [00149] The system may place client devices which are registered with the system into groups. For example, registered devices associated with the same user entity, or a group or category of users within a user entity may be placed in the same group. Devices within the group may be able to access the same cryptographic material.
[00150] The system will track which cryptographic material is matched to which device, which end user credential and other session conditions, such as when a new session is established under the same conditions the same cryptographic material is supplied to the end point. In this manner, all encrypt /decrypt and sign/verify operations are paired with the correct cryptographic material. This also applies in cases where a replacement device is registered in place of a revoked device: operations and cryptographic material handling proceeds on the basis as if the replacement was the original device. The system will also allow multiple devices to be grouped such that they can simultaneously share certain cryptographic material to enabling working on the same datasets. This will support both high throughput applications requiring a cluster of devices supporting parallel processing and resilience, so that single device failure does not interrupt operations. This will also support device virtualisation and it will be possible to distribute cryptographic processing around devices distributed in a cloud computing environment. This would include a mechanism for system mediated trusted migration from one processing element to another.
[00151] In the second embodiment, the system comprises means of transient secure export of cryptographic material to suitably trusted devices outside of the physical service boundary for the purpose of providing localised high performance cryptographic operations with low latency. For example, such a device might be customer provided equipment or the device may be leased by the system to a customer for installation at their business premises or place of computer operations .
[00152] "Transient secure export" means limiting export of cryptographic material using proven secure means to suitably trusted devices and only for such duration as the use of such cryptographic material is required. Such duration is sometimes referred to as a "time-to-live" (TTL) or timeout period .
[00153] "Suitably trusted devices" includes those devices that are individually registered with the system as having suitable security characteristics and integrity features, and having successfully completed registration being issued with a system provided digital certificate, using the conventional means of a public key infrastructure (PKI) system component. [00154] Examples of suitably trusted devices might include a Hardware Security Module (HSM) , a Software Security Module (SSM) running on a trusted computing base (TCB) , a TCB itself, a cryptographic co-processor, Trusted Platform Module (TPM) , virtualised TPM running on a TCB, personal electronic device (PED) containing a Subscriber Identity Module (SIM) with enhanced trusted computing functions, or any multiples or permutations of the aforesaid. Examples also include cryptographic devices yet to be engineered or invented. [00155] One minimum characteristic of a suitably trusted device would that it would have the facility to generate a public/private cryptographic key pair, in which the private key is immutable and unavailable outside of its trusted environment but for which the public key can be made available as part of the registration by the system of that device. Another common minimum characteristic is that the device can be trusted, upon command from the system on upon expiry of a system defined duration, to no longer utilise and expunge any cryptographic material passed to it by the system.
[00156] The system may also identify other minimum characteristics of any device to be registered or any other associated non-technical conditions. For example, a condition of registration might be that the computer operations location at which the device is installed is certified to a recognised standard such as ISO/IEC 27001. The system may also identify further conditions for registration, other technical and non-technical requirements, standards and protocols for conformance and means of assurance of conformance, for example, by evidencing of test outcomes and management of security vulnerabilities. The system might also provide several registration regimes of different levels of rigour and indicate within digital certificates issued as part of registration which regime has been verified as applying (this might be referred to as a system "trust level") .
[00157] During a period of registration a device would be eligible to receive cryptographic material and system issued instructions which would allow the device to conduct operations locally as if it were part of the system.
[00158] In one example, it could provide encryption and decryption of data using cryptographic material provided by the system for the duration of the session. The system would track which cryptographic material had been used by a particular device at a particular time and be able to provision the same material at a later time to enable reliable cryptographic operations to proceed (that is, the correct cryptographic key would be supplied for any decryption operation matched to the operation that originally encrypted it) . This differs from prior art in that the device does not permanently hold the cryptographic material, it holds it only for the duration of the operations. In this way, if the device and the data it protects is somehow compromised, for instance, the subject of theft, the cryptographic keys would be unavailable and the plaintext data secure. Whereas in prior art it is often the case with such compromises that both the keys and data are lost and it has to be assumed that the plaintext data is also compromised due to that fact.
[00159] In another example, a device might produce electronic signatures attached to data for the purpose of enabling third parties to authenticate that data. This differs from prior art in that the device does not permanently hold the cryptographic material, it holds it only for the duration of the operations. In this way, if the device is somehow compromised, for instance, the subject of theft, the cryptographic keys would be unavailable, the receiver would be unable to masquerade as the original possessor and issue fraudulent signing operations. Whereas in prior art it is often the case that such compromises would allow a receiver to masquerade as the original possessor as they would have in their possession the signing keys .
[00160] Another example of how this system is superior to prior art is that even in the event of accidental loss of a device, the end users of the device can obtain and register a replacement device and the system would then provision the cryptographic material used on the original device. This would allow the end user access to data and cryptographic material with the minimum of disruption. Whereas a recognised severe limitation of many systems of prior art is that, in the absence of an end user managed system of back-up, device loss may effect permanent loss of access to data and cryptographic material.
[00161] The system may also take advantage of any functionality that are unique to the registered devices. This includes for the purpose of enhancing system integrity, device integrity or enhancement of the functions available to the system users. One example of this would be the use of a device "attestation" function that can be used to check the integrity of the device before commencement of cryptographic operations or utilised as part of the automation of the registration process. Another example would be the use of a device incorporating a reliable clock source to undertake time-stamping operations.
[00162] The system would include other housekeeping functions as is conventional for a PKI for the correct management of digital certificates issued to devices. This includes system support for registration, re-registration, issuance of digital certificates, incident management, maintenance of a system root key issued by a recognised Certificate Authority (CA) , publication of a Certificate Practice Statement and related documentation, the publishing of Certificate Revocation Lists (CRLs) and the Online Certificate Status Protocol (OCSP) . CRLs and OSCP would allow the trust level of a device to be either downgraded or revoked entirely in the event that the device fails to maintain service requirements or is notified to the system as lost or compromised. The system may also incorporate additional means to expedite suspension or termination of operations in association with a particular device. [00163] In an embodiment, the method of the invention may comprise : - managing registration, re-registration and revocation of external devices;
transiently exporting cryptographic material to those external devices for the purposes of local cryptographic operations for the duration of a session; and
requiring and/or causing the cryptographic material to be securely erased from the external devices upon session termination or device revocation.
[00164] In an embodiment, the method of the invention may comprise : - causing transient export of cryptographic material to a registered external device for the purposes of encryption for the duration of a session;
causing transient export of corresponding cryptographic material to a registered external device, its replacement or within the same group of pooled devices for the purposes of decryption for the duration of its session;
causing transient export of cryptographic material to a registered external device for the purposes of applying an electronic signature;
enabling a registered external device to verify an electronic signature;
causing all system provided cryptographic material to be securely erased from registered device local storage at the termination or expiry of each session with the system;
causing an operator alert and other appropriate system actions to be taken should the connection of a revoked device be detected by the system and disablement of any transfer whatsoever of cryptographic material to a revoked device and wherever possible to initiate immediate termination of active operations with a device flagged as revoked and to trigger the device to immediately purge any system provided cryptographic material; and causing transient export of corresponding cryptographic material to a registered external device, its replacement or within the same group of pooled devices for the purposes of exploiting further device capabilities beyond the basic functions provided by the system.
[00165] Preferably, data encrypted by a device is decrypted using transient export of said cryptographic material transferred to the same device, its replacement or a device with the same group membership before the requested cryptographic operation (s) are applied.
[00166] The transiently exported cryptographic material may comprise one or more cryptographic keys and/or one or more digital certificates.
[00167] In an embodiment, the system of the invention may comprise means to register various suitable devices and device types external to the system (whether owned and operated by the system owner or otherwise) whereby they may have relevant cryptographic material exported from the system to the device in a transient manner for the purpose of allowing operations local to the device using the said cryptographic material for the duration of a system defined transient session only. Where the system shall stipulate conditions for registration, re-registration and revocation of registration in manner of a PKI . Where export shall be achieved by secure means of TLS, or similar mechanism, with mutual authentication of system issued digital certificates. Where a condition of registration is based upon device capability for secure generation and storage of private and public cryptographic key pairs (via any current or future schema of asymmetric key cryptography) , the latter being made available to the system for issuance of a device digital certificate. Where a further condition of registration is that the device shall either natively support, or support with the assistance of a system provided "agent" component, secure erasure of all system supplied cryptographic material at the termination or expiry of the session. Where any other capability of the device may be exploited by the system for appropriate purposes.
[00168] Preferably, the relevant cryptographic material supplied in the export is one or more cryptographic keys appropriate for each session.
[00169] Preferably, revocation is achieved by system action, system operator action, publication of the revoked device digital certification within a CRL and accessible via the OCSP protocol.
[00170] The embodiments described above refer to data being stored on a data centre, which may be independent of the system and the user entity. It will be appreciated that it is equally possible for data to be stored in a data storage module within the boundaries of the user entity.
[00171] Figure 4 contains a Universal Modelling Language
(UML) use diagram, which illustrates the use of embodiments of the invention as illustrated in figures 1 to 3, for encrypting and digitally signing documents using digital certificates .
[00172] Rather than the user having to obtain and manage digital certificates for a multitude of end applications themselves, they simply have to register with the system once, as described above. Thereafter, the system can handle obtaining, renewing and managing digital certificates for all end applications used by the user entity. [00173] This results in significantly less complexity for the user, as can be appreciated by comparison of figure 4 with the prior art example illustrated in figure 5.

Claims

1. A system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, the system comprising: - storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and
cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
2. A system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, the system comprising: - storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and
cryptography means for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
3. A system as claimed in claim 1 or 2 wherein one or more of said user entities is an organisation, and wherein a request from a user entity which is an organisation is a request from a user within the organisation.
4. A system as claimed in any preceding claim wherein the cryptographic material associated with a user entity is unique to said user entity.
5. A system as claimed in any preceding claim wherein the request to perform one or more cryptographic operations specifies one or more data files to be subject to said cryptographic operations.
6. A system as claimed in claim 5 further comprising a data retrieval means for obtaining data specified in the request from the user.
7. A system as claimed in any preceding claim further comprising : - access rights storage means for storing details of access rights associated with each of said user entities; and determining means for determining whether the cryptographic operation (s) requested by a user entity are permitted in accordance with the access rights for that user entity, and permitting only those operation (s) which are permitted by said access rights to be performed.
8. A system as claimed in claim 7 wherein the access rights storage means is configured to store details of access rights for a user entity which is an organisation.
9. A system as claimed in claim 7 or 8 wherein the access rights storage means is configured to store details of access rights for users within a user entity which is an organisation .
5 10. A system as claimed in any of claims 7 to 9 wherein the access rights storage means is configured to store access rights details associated with a specified data file or group of data files.
10 11. A system as claimed in any preceding claim wherein the cryptographic material stored in the storage means comprises cryptographic keys and/or digital certificates.
12. A system as claimed in any preceding claim wherein 15 the cryptographic operations performed by the system include any or all of encryption of specified data, decryption of specified data, digital signing of specified data, verification of digital signatures and data, and re-keying of data.
20
13. A system as claimed in any preceding claim wherein the system is also configured for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, and further comprises :-
25 interface means for receiving, from one of said devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
authentication means for identifying the device based
30 on said device authentication information;
session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable
35 the device to perform one or more cryptographic operations; and
erasure means for causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session.
14. A method of managing cryptographic operations on behalf of a plurality of user entities, the method comprising : - storing in a storage means cryptographic material for each of the user entities;
receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
identifying the user entity based on said authentication information;
retrieving from said storage means cryptographic material for the user entity as identified by the authentication means; and
performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
15. A method of managing cryptographic operations on behalf of a plurality of user entities, the method comprising: - storing in a storage means cryptographic material for each of the user entities;
receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
identifying the user entity based on said authentication information;
generating cryptographic material and storing said cryptographic material in a storage means, associated with the user entity as identified by the authentication means; and
performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
5
16. A method as claimed in claim 14 or 15 wherein the method is performed by a system located remotely from said user entities.
10 17. A method as claimed in any of claims 14 to 16 further comprising : - storing access rights data associated with each of said user entities in an access rights storage means; and determining whether the cryptographic operation (s) 15 requested by a user entity are permitted in accordance with the access rights stored for the user entity as identified at the authentication step; and
permitting only those operation (s) which are permitted by said access rights to be performed.
20
18. A method as claimed in claim 17 wherein said access rights include details of access rights for a user entity which is an organisation.
25 19. A method as claimed in claim 17 or 18 wherein said access rights include details of access rights for users within a user entity which is an organisation.
20. A method as claimed in any of claims 17 to 19 wherein 30 the access rights details include details associated with a specified data file or group of data files.
21. A method as claimed in any of claims 14 to 20 further comprising obtaining data file(s) which is/are to be subject
35 to said cryptographic operations.
22. A method as claimed in any one of claims 14 to 21 further comprising establishing a secure connection between a user entity's computing device and a system performing the management method of the invention.
5
23. A method as claimed in any of claims 14 to 22 wherein one or more of said user entities is an organisation, and wherein a request from a user entity which is an organisation is a request from a user within the organisation.
10
24. A method as claimed in any of claims 14 to 23 wherein the cryptographic material associated with a user entity is unique to said user entity.
15 25. A method as claimed in of claims 14 to 24 wherein the request to perform one or more cryptographic operations specifies one or more data files to be subject to said cryptographic operations.
20 26. A method as claimed in of claims 14 to 24 wherein the cryptographic material stored in the storage means comprises cryptographic keys and/or digital certificates.
27. A method as claimed in of claims 14 to 26 wherein the 25 cryptographic operations performed by the system include any or all of encryption of specified data, decryption of specified data, digital signing of specified data, verification of digital signatures and data, and re-keying of data.
30
28. A system for managing cryptographic material for a plurality of user devices located remotely from the system, the system comprising: - interface means for receiving, from one of said 35 devices, a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
authentication means for identifying the device based on said device authentication information;
5 session management means for establishing and terminating a cryptographic session with the authenticated device, and for providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations; 10 and
erasure means for causing cryptographic material provided by the system to the device to be deleted from the device on termination of the cryptographic session.
15 29. A system as claimed in claim 28 further comprising generating means for generating cryptographic material for provision to each user device.
30. A system as claimed in claim 28 or 29 further 20 comprising storage means for storing cryptographic material for each user device.
31. A system as claimed in any of claims 28 to 30 further comprising monitoring means for monitoring the cryptographic
25 material used by a user device.
32. A system as claimed in any of claims 28 to 31 comprising interface means for receiving authentication information for identifying a user entity of the user device.
30
33. A system as claimed in any of claims 28 to 32 comprising authentication means for identifying the user entity .
35
34. A system as claimed in any of claims 28 to 33 wherein the session management means is configured to establish a cryptographic session, only in the event that the user device and the user entity are successfully authenticated.
5
35. A system as claimed in any of claims 28 to 34 further comprising registration means for registering said user devices with the system.
10 36. A system as claimed in claim 35 wherein the registration means is configured to apply conditions of registration which must be met by each user device, for that user device to be registered with the system.
15 37. A system as claimed in any of claims 28 to 36 wherein the system is also configured for managing cryptographic operations on behalf of a plurality of user entities located remotely from the system, and further comprises :- storage means for storing cryptographic material for
20 each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
25 authentication means for identifying the user entity based on said authentication information; and
cryptography means for retrieving from said storage means cryptographic material for the user entity as identified by the authentication means, and for performing
30 the cryptographic operation (s) requested by the user entity using said cryptographic material.
38. A system as claimed in any of claims 28 to 36 wherein the system is also configured for managing cryptographic 35 operations on behalf of a plurality of user entities located remotely from the system, and further comprises :- storage means for storing cryptographic material for each of the user entities;
interface means for receiving from one of said plurality of user entities a request to perform one or more cryptographic operations, and authentication information for identifying the user entity, associated with the request;
authentication means for identifying the user entity based on said authentication information; and
cryptography means for generating cryptographic material, and storing said cryptographic material in the storage means, associated with the user entity as identified by the authentication means, and for performing the cryptographic operation (s) requested by the user entity using said cryptographic material.
39. A distributed system for managing cryptographic material, the distributed system comprising a system as defined in any of claims 28 to 38, and one or more user devices located remotely from the system.
40. A user device for use with a system for managing cryptographic material, the user device comprising: - interface means for transmitting to the system a request to establish a cryptographic session, and device authentication information for identifying the device associated with the request, and for requesting and receiving cryptographic material from the system once a session is established;
cryptography means for performing cryptographic operations using said cryptographic material during a cryptographic session; and
erasing means for deleting cryptographic material provided by the system on termination of a cryptographic session.
41. A computer program product which, when installed on a user device enables said user device to:- register with a system for managing cryptographic material ;
5 transmit to the system a request to establish a cryptographic session, and device authentication information for identifying the device, associated with the request;
request and receive cryptographic material from the system once a session is established;
10 perform cryptographic operations using said cryptographic material during a cryptographic session; and delete cryptographic material provided by the system on termination of a cryptographic session.
15 42. A method of managing cryptographic material for a plurality of user devices located remotely from the system, the method comprising: - receiving, from one of said devices, a request to establish a cryptographic session, and device authentication 20 information for identifying the device, associated with the request ;
identifying the device based on said device authentication information;
establishing and terminating a cryptographic session 25 with the authenticated device, and providing cryptographic material to the device during the cryptographic session therewith, to enable the device to perform one or more cryptographic operations; and
causing cryptographic material provided by the system 30 to the device to be deleted from the device on termination of the cryptographic session.
43. A system for managing cryptographic operations on behalf of a plurality of user entities located remotely from the 35 system, substantially as hereinbefore described with reference to the accompanying drawings.
44. A method for managing cryptographic operations on behalf of a plurality of user entities located remotely from
5 the system, substantially as hereinbefore described with reference to the accompanying drawings.
45. A system for managing cryptographic material for a plurality of user devices located remotely from the system,
10 substantially as hereinbefore described with reference to the accompanying drawings.
46. A distributed system for managing cryptographic material, substantially as hereinbefore described with
15 reference to the accompanying drawings.
47. A user device for use with a system for managing cryptographic material, substantially as hereinbefore described with reference to the accompanying drawings.
20
48. A computer program product, substantially as hereinbefore described with reference to the accompanying drawings .
25 49. A method of managing cryptographic material for a plurality of user devices located remotely from the system, substantially as hereinbefore described with reference to the accompanying drawings.
PCT/GB2012/050535 2011-03-10 2012-03-09 A cryptographic system and method WO2012120313A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1315678.1A GB2502230B (en) 2011-03-10 2012-03-09 A cryptographic system and method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB201104094A GB201104094D0 (en) 2011-03-10 2011-03-10 A cryptographic system and method
GB1104094.6 2011-03-10

Publications (1)

Publication Number Publication Date
WO2012120313A1 true WO2012120313A1 (en) 2012-09-13

Family

ID=43980790

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2012/050535 WO2012120313A1 (en) 2011-03-10 2012-03-09 A cryptographic system and method

Country Status (2)

Country Link
GB (2) GB201104094D0 (en)
WO (1) WO2012120313A1 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201531A1 (en) * 2013-01-14 2014-07-17 Enterproid Hk Ltd Enhanced mobile security
US20140201532A1 (en) * 2013-01-14 2014-07-17 Enterproid Hk Ltd Enhanced mobile security
CN105429991A (en) * 2015-12-02 2016-03-23 成都汇合乾元科技有限公司 Efficient data transmission method for mobile terminal
WO2016126332A3 (en) * 2014-12-17 2016-10-27 Amazon Technologies, Inc. Data security operations with expectations
US20220128990A1 (en) * 2020-10-22 2022-04-28 Ge Aviation Systems Llc Trusted autonomy framework for unmanned aerial systems
EP4296873A1 (en) * 2022-06-22 2023-12-27 Palantir Technologies Inc. Secure high scale cryptographic computation through delegated key access

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000033506A1 (en) 1998-11-25 2000-06-08 Hush Communications Usa, Inc. Public key cryptosystem with roaming user capability
WO2002043316A2 (en) 2000-11-27 2002-05-30 Hotlocker.Com, Inc. Method and system for encrypting shared documents for transmission and storage using triple des key to encrypt/decrypt shared documents and ecc public/privat key pair to transmit triple des key
US20020071567A1 (en) 2000-12-12 2002-06-13 Kurn David Michael Scalable computer system using remote agents to manipulate cryptographic keys
US20020071564A1 (en) * 2000-12-11 2002-06-13 Kurn David Michael Scalable computer system using password-based private key encryption
US20030063752A1 (en) * 2001-09-26 2003-04-03 General Instrument Corporation Access control and key management system for streaming media
US6853988B1 (en) 1999-09-20 2005-02-08 Security First Corporation Cryptographic server with provisions for interoperability between cryptographic systems
US20080178010A1 (en) 2007-01-18 2008-07-24 Vaterlaus Robert K Cryptographic web service
US20100088233A1 (en) * 2001-06-18 2010-04-08 Oliver Tattan Electronic data vault providing biometrically protected electronic signatures

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2000033506A1 (en) 1998-11-25 2000-06-08 Hush Communications Usa, Inc. Public key cryptosystem with roaming user capability
US6853988B1 (en) 1999-09-20 2005-02-08 Security First Corporation Cryptographic server with provisions for interoperability between cryptographic systems
US20050102244A1 (en) * 1999-09-20 2005-05-12 Dickinson Alexander G. Cryptographic server with provisions for interoperability between cryptographic systems
WO2002043316A2 (en) 2000-11-27 2002-05-30 Hotlocker.Com, Inc. Method and system for encrypting shared documents for transmission and storage using triple des key to encrypt/decrypt shared documents and ecc public/privat key pair to transmit triple des key
US20020071564A1 (en) * 2000-12-11 2002-06-13 Kurn David Michael Scalable computer system using password-based private key encryption
US20020071567A1 (en) 2000-12-12 2002-06-13 Kurn David Michael Scalable computer system using remote agents to manipulate cryptographic keys
US20100088233A1 (en) * 2001-06-18 2010-04-08 Oliver Tattan Electronic data vault providing biometrically protected electronic signatures
US20030063752A1 (en) * 2001-09-26 2003-04-03 General Instrument Corporation Access control and key management system for streaming media
US20080178010A1 (en) 2007-01-18 2008-07-24 Vaterlaus Robert K Cryptographic web service

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201531A1 (en) * 2013-01-14 2014-07-17 Enterproid Hk Ltd Enhanced mobile security
US20140201532A1 (en) * 2013-01-14 2014-07-17 Enterproid Hk Ltd Enhanced mobile security
WO2014109794A1 (en) * 2013-01-14 2014-07-17 Enterproid, Inc. Enhanced mobile security
WO2014109795A1 (en) * 2013-01-14 2014-07-17 Enterproid, Inc. Enhanced mobile security
WO2016126332A3 (en) * 2014-12-17 2016-10-27 Amazon Technologies, Inc. Data security operations with expectations
US10560441B2 (en) 2014-12-17 2020-02-11 Amazon Technologies, Inc. Data security operations with expectations
EP3700166A1 (en) * 2014-12-17 2020-08-26 Amazon Technologies Inc. Data security operations with expectations
CN105429991A (en) * 2015-12-02 2016-03-23 成都汇合乾元科技有限公司 Efficient data transmission method for mobile terminal
US20220128990A1 (en) * 2020-10-22 2022-04-28 Ge Aviation Systems Llc Trusted autonomy framework for unmanned aerial systems
US11693404B2 (en) * 2020-10-22 2023-07-04 Ge Aviation Systems Llc Trusted autonomy framework for unmanned aerial systems
EP4296873A1 (en) * 2022-06-22 2023-12-27 Palantir Technologies Inc. Secure high scale cryptographic computation through delegated key access

Also Published As

Publication number Publication date
GB201315678D0 (en) 2013-10-16
GB2502230A (en) 2013-11-20
GB201104094D0 (en) 2011-04-27
GB2502230B (en) 2015-08-26

Similar Documents

Publication Publication Date Title
US11475137B2 (en) Distributed data storage by means of authorisation token
CN113824562B (en) Tokenized hardware security module
US10404476B1 (en) Systems and methods for providing authentication to a plurality of devices
EP2956852B1 (en) Data security service
US9332002B1 (en) Authenticating and authorizing a user by way of a digital certificate
KR102318637B1 (en) Methods of data transmission, methods of controlling the use of data, and cryptographic devices
CN108701094B (en) Securely storing and distributing sensitive data in cloud-based applications
KR20200097744A (en) Systems and methods for protecting data transmission between non-IP endpoint devices and connected services connected to gateway devices
US8918641B2 (en) Dynamic platform reconfiguration by multi-tenant service providers
US9954834B2 (en) Method of operating a computing device, computing device and computer program
US11626998B2 (en) Validated payload execution
CN116490868A (en) System and method for secure and fast machine learning reasoning in trusted execution environments
WO2012120313A1 (en) A cryptographic system and method
EP4158838A1 (en) Method, apparatus, and computer-readable medium for secured data transfer over a decentrlaized computer network
CN113614720A (en) Device and method for dynamically configuring access control of trusted application program
US20190305940A1 (en) Group shareable credentials
US9219715B2 (en) Mediator utilizing electronic content to enforce policies to a resource
WO2022144024A1 (en) Attribute-based encryption keys as key material for key-hash message authentication code user authentication and authorization
US11728973B2 (en) System and method for secure access management
US20230216662A1 (en) Optimized key management for data signing systems
WO2023069464A1 (en) Secure asset management infrastructure for enforcing access control policies
KR20190097555A (en) Method and apparatus for e-mail service
Dočár Bezpečnostní řešení pro cloudové technologie
KS et al. Security and Privacy in Cloud Computing To Guarantee Simultaneous Localization of Data Errors

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 12714348

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 1315678

Country of ref document: GB

Kind code of ref document: A

Free format text: PCT FILING DATE = 20120309

WWE Wipo information: entry into national phase

Ref document number: 1315678.1

Country of ref document: GB

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 12714348

Country of ref document: EP

Kind code of ref document: A1