1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for data storage protection using cryptography.
2. Description of Related Art
Most data processing systems contain sensitive data that needs to be protected. For example, the data integrity of configuration information needs to be protected from illegitimate modification, while other information, such as a password file, needs to be protected from illegitimate disclosure. An operator of a given data processing system may employ many different types of security mechanisms to protect the data processing system. For example, the operating system on the data processing system may provide various software mechanisms to protect sensitive data, such as various authentication and authorization schemes, while certain hardware devices and software applications may rely upon hardware mechanisms to protect sensitive data, such as hardware security tokens and biometric sensor devices. Even though multiple software and hardware mechanisms may be employed within a given data processing system to protect sensitive data, the sensitive data may also be encrypted so that if someone gains illegitimate access to the encrypted sensitive data, any copy of the encrypted sensitive data would be useless without the ability to decrypt the encrypted sensitive data.
The ability to ultimately protect all information that is contained within the data processing system has limitations, though. For example, in an effort to further protect a password file, the password file may be encrypted using yet another secret, such as a password or a cryptographic key, often referred to as a master secret. However, this new secret also needs to be protected in some manner. Thus, a system administrator may enter a type of dilemma in which any attempt to implement another layer of security results in additional sensitive information that also needs to be protected. Turning now to the present invention, the remaining figures depict exemplary embodiments of the present invention which resolves this dilemma.
Therefore, it would be advantageous to have a mechanism for securely storing and managing secret information, such as cryptographic keys. It would be particularly advantageous to securely store and manage master secrets that are used to protect other secret information.