1. Field of Invention
Embodiments of the invention relate, to security systems in general. More specifically, the embodiments of the invention relate to methods and systems for smart card based security in networks.
2. Description of the Background Art
A computer network that is continually accessed for information and services by its users may be referred to as a high availability network. However, with the high availability of information stored over the networks, it is important to prevent unauthorized access to the stored information. Smart cards can provide security for sensitive information by storing a master key inside them. The master key is used to encrypt sensitive data stored outside the smart card.
Many network devices use smart cards to provide secure storage of information associated with a given supervisor card (SUP). These network devices use an active SUP and a standby SUP to provide high availability through redundancy. To provide redundancy, all the credentials and the master key stored inside the active SUP are synchronized to the standby SUP. However, one of the constraints for the synchronization of the two SUPs is the manner in which the smart cards are designed. The smart cards are so designed that they do not allow the extraction of sensitive information and the master key(s) stored in them.
According to one of the conventional methods, manual intervention of an administrator is required to synchronize the two SUPs. In this case, the administrator re-configures all the information, in order to replace a SUP with its standby. The re-configured information is then stored in the active SUP as well as the standby SUP.
Another conventional method for the synchronization of the SUPs involves generating a new master key for the standby SUP. In this case, all the information is re-encrypted with the new master key. The re-encrypted information is stored along with the previously encrypted information.
According to another conventional approach for synchronization of SUP, when a new SUP is used, it is possible to re-generate the sensitive credentials on both the SUPs. Re-generation is possible due to a mechanism that makes credentials transparent to the administrator.
However, re-configuration of credentials in accordance with the new master key adds to the complexity in the management of the redundant high availability networks. Moreover, an additional involvement from the administrator is required for re-configuration. Further, re-encrypting the credentials requires an extra amount of memory. The entire process leads to additional expenses and complexity in the network. Moreover, re-generation of credentials is not possible in systems where seamless provision of credentials is not possible.