US2009034735A1PendingUtilityA1
Auditing secret key cryptographic operations
Est. expiryMar 17, 2024(expired)· nominal 20-yr term from priority
Inventors:Robert Jerdonek
H04L 63/062H04L 63/10H04L 9/0822H04L 9/083H04L 63/0823
51
PatentIndex Score
0
Cited by
0
References
0
Claims
Abstract
In a cryptographic system, the unlocking of secret keys on a user system is audited and correlated with other events that typically occur after the secret key is used to perform a cryptographic operation. Audit evidence of secret key cryptographic operations is recorded for later review and/or analysis, for use as stored evidence of unauthorized activity and/or for use in refuting false claims of repudiation of authorized activity. Some systems might also provide users with user activity reports that can alert a user to suspicious or unauthorized activity using that user's access.
Claims
exact text as granted — not AI-modified1 . A key auditing system, comprising:
a key server, that provides access to a secret key by an authorized user; a resource server, that provides access to resources to authorized users, wherein authorization of a user is determined, at least in part, by the user's possession of a secret key; a key server audit database; a resource server audit database; and a usage analyzer that analyzes the key server audit database and the resource server audit database to compare events therein.
2 . The key auditing system of claim 1 , wherein the resource server is an application server.
3 . The key auditing system of claim 1 , wherein the resource server is a transaction server.
4 . (canceled)
5 . The key auditing system of claim 4 , wherein the secret key is such that it is only accepted within a pre-determined time period.
6 . The key auditing system of claim 1 , wherein events are compared according to a profile that specifies conditions under which keys can be used.
7 . The key auditing system of claim 6 , wherein the conditions include time delay limits between when a key is accessed and when the key is used.
8 . The key auditing system of claim 6 , wherein the conditions include limits on a number of times that key can be used on a resource server in a given session.
9 . The key auditing system of claim 6 , wherein the conditions include whether key usage would be allowed where key access is from a first network address or first location and key usage is from a second network address distinct from the first network address or from a second location distinct from the first location.
10 . The key auditing system of claim 1 , wherein the usage analyzer is configured to analyze and compare audit database records in real-time.
11 . The key auditing system of claim 10 , wherein the usage analyzer is configured to trigger a disablement of a key usage in real-time response to audit database record comparisons.
12 . The key auditing system of claim 1 , wherein the usage analyzer is configured as part of the key server.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.