The present invention pertains to computer and communication systems and more particularly a security kernel interface for simplifying the integration of cryptographic services to computer or communication systems.
Typically, communication systems are controlled by a central processing unit (CPU). The CPU controls the flow of data within the system. Further, the CPU controls the flow of data into the system and the data flow out from the system. Such CPU controlled systems are very useful in establishing high speed communications with other CPU controlled systems. Since such systems now have the ability to directly communicate, data security problems have arisen.
As a result of the communication between systems, it is necessary to control the access of data between secure distributed systems. Secure data may include a company's proprietary information, banking or financial type data, and government classified data. To provide for data security, systems have included interfaces for establishing passwords to allow access to certain data and have encoded secure data when it is transmitted between systems. Also, these systems typically employ key management to control access of the system by users. Heretofore, these cryptographic services, key management and secure system management services were provided separately. Sometimes these functions were provided by hardware and other times by software. Each one of the above-mentioned services was typically an isolated event. That is, if one desired to have a cryptographic service performed, the cryptographic module was given control. If one desired key management, the key management module was given control, etc.
Accordingly, it is an object of the present invention to provide a uniform system interface for cryptographic services, key management services and secure system management services in a single security kernel.