US2009034735A1PendingUtilityA1

Auditing secret key cryptographic operations

51
Assignee: ARCOT SYSTEMS INCPriority: Mar 17, 2004Filed: Aug 25, 2008Published: Feb 5, 2009
Est. expiryMar 17, 2024(expired)· nominal 20-yr term from priority
Inventors:Robert Jerdonek
H04L 63/062H04L 63/10H04L 9/0822H04L 9/083H04L 63/0823
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.

Claims

exact text as granted — not AI-modified
1 . A key auditing system, comprising:
 a key server, that provides access to a secret key by an authorized user;   a resource server, that provides access to resources to authorized users, wherein authorization of a user is determined, at least in part, by the user's possession of a secret key;   a key server audit database;   a resource server audit database; and   a usage analyzer that analyzes the key server audit database and the resource server audit database to compare events therein.   
   
   
       2 . The key auditing system of  claim 1 , wherein the resource server is an application server. 
   
   
       3 . The key auditing system of  claim 1 , wherein the resource server is a transaction server. 
   
   
       4 . (canceled) 
   
   
       5 . The key auditing system of  claim 4 , wherein the secret key is such that it is only accepted within a pre-determined time period. 
   
   
       6 . The key auditing system of  claim 1 , wherein events are compared according to a profile that specifies conditions under which keys can be used. 
   
   
       7 . The key auditing system of  claim 6 , wherein the conditions include time delay limits between when a key is accessed and when the key is used. 
   
   
       8 . The key auditing system of  claim 6 , wherein the conditions include limits on a number of times that key can be used on a resource server in a given session. 
   
   
       9 . The key auditing system of  claim 6 , wherein the conditions include whether key usage would be allowed where key access is from a first network address or first location and key usage is from a second network address distinct from the first network address or from a second location distinct from the first location. 
   
   
       10 . The key auditing system of  claim 1 , wherein the usage analyzer is configured to analyze and compare audit database records in real-time. 
   
   
       11 . The key auditing system of  claim 10 , wherein the usage analyzer is configured to trigger a disablement of a key usage in real-time response to audit database record comparisons. 
   
   
       12 . The key auditing system of  claim 1 , wherein the usage analyzer is configured as part of the key server.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.