Businesses and individuals are increasingly dependent on computers and computer-based electronic communication. More and more businesses are moving toward “paperless” modes of operation, and the convenience of the Internet has resulted in individuals using electronic media for various activities, such as communicating via email, banking, paying bills, investing money and shopping, to name but a few. While businesses and individuals desire the convenience of electronic communication, these entities also want to maintain at least the same level of security that more traditional methods of communication offer. However, in some ways, more traditional methods of communication are inherently more secure than electronic communication because of the relative ease with which computers may be used to intercept the information being communicated between two or more other computers. Accordingly, techniques have been created to secure information being communicated electronically.
Many of these techniques make use of various aspects of cryptography. Cryptography is the study of sending messages in a secret form so that only those authorized to receive the message be are able to read it. Cryptography may be used for any form of communication, but for the purposes of this application, cryptography for electronic communication will be discussed. For electronic communication, a message is transformed into a secret form using a cryptographic key and then may be transformed back into its original or clear form with a cryptographic key. Examples of cryptographic techniques include symmetric encryption, asymmetric encryption and hashing.
A networked computer system using more than one cryptographic technique provides a greater level of security for the information being stored and communicated by the system. Security may be further improved by utilizing different keys with different applications. However, a system with multiple users and applications, using multiple cryptographic techniques to protect multiple messages and pieces of information, results in a large volume of application keys being generated and utilized to protect information. Managing these keys in a secure manner presents many challenges. One particular challenge is to store the keys in a secure yet accessible manner for backup and escrow purposes.
In one known approach to storing application keys for the above-referenced purposes, keys are stored in a multi-layer system. Although such a system may have varying numbers of levels, an example of a four layer system will be described for purposes of illustration. The lowest layer, or layer one, stores the application keys in scrambled form. The next layer, or layer two, generally holds an additional set of keys used to scramble and descramble the keys in layer one. These keys are also in scrambled form. Typically, in a system of this type, each key at layer two is used to scramble more than one of the application keys stored at layer one. In this manner, there are fewer keys at layer two than there are keys at layer one. The keys in layer two are scrambled and descrambled using a single master key, which is stored in layer three. The key in layer three is in clear form. Layer four is the outside layer of protection. Layer four comprises a password protection, meaning a user simply enters a password in order to access the key at layer three. In such a system, everything is thus ultimately being protected by a password.
Known approaches, such as the outlined above, also suffer from a number of additional drawbacks. For example, the approach outlined above provides multiple levels of protection but merely shifts the area of vulnerability from the lowest layer to the highest layer, which in this case is a single password. Because passwords are typically given relatively low levels of protection, this is relatively undesirable.
Further, as set forth above, each key at layer two is used to scramble more than one application key at layer one. Typically, application keys are scrambled according to the layer two key that is currently in use. If the layer two key is replaced, then subsequent application keys are scrambled using the new layer two key. Previously-generated application keys, however, are not descrambled; instead, they remain scrambled using the layer two key that was in effect when they were created. This has the effect of grouping the application keys on the basis of the time that each key was created. Unfortunately, this approach, while reducing the number of keys needed at level two, provides no flexibility for placing application keys into groups.
Still further, in the storage approach set forth above, the scrambling process includes hashing the keys first and then encrypting the keys. Unfortunately, this scrambling process requires that a key be decrypted in order to verify the integrity of the key. This is a drawback because it results in a key being in clear form and therefore being at risk in order to verify that it has not been comprised. In addition, decrypting an entire key merely to provide integrity verification consumes valuable processing time.
Thus, in order to solve the above-described problems and other issues inherent in prior art systems and approaches, it is desirable to provide a key storage system and method that offers greater and more diverse protection than known systems.