There is a growing need to protect against the growing vulnerability of electronic information to unauthorized access. Computing and communications systems appear in virtually every sector of the economy and increasingly in homes and other locations. As the availability and use of computer based systems grow, so, too, does their interconnections. The result is a shared infrastructure of information, computing, and communications. The nature of shared infrastructures creates vulnerabilities for users. In general, easier access for users implies easier access for unauthorized users. Cryptography is a technology that may play an important role in addressing certain types of information vulnerability. Classically, cryptography protects data by using a cryptographic process and a shared secret called a key. In a process called encryption, plaintext may be transformed into cyphertext by an algorithm transform using a particular key; the use of a different key may result in a different cyphertext. In another process called decryption, an algorithm may transform cyphertext into plaintext using a particular key. Such a scheme, in which parties may need a common key, is called symmetric cryptography or secret-key cryptography and has the property of requiring a safe method of distributing keys to relevant parties. Methods of distributing keys to relevant parties are often called key distribution or key management. The present invention addresses the problem of key management for cryptographic systems.
Hierarchical key management systems generally depend on keys that encrypt other keys, as well as the use of the keys at the bottom of the hierarchy for confidentiality or authentication. Hierarchical key management systems typically have the problem that controlling applications may cause keys within the hierarchical key management systems to be compromised. That is, the applications may need to be trusted with respect to key compromise.
Current security architectures generally don't separate the correctness of the key management functions from the correctness of the application. This separation could simplify the design of cryptographic systems, as well as enabling the rigorous evaluation of the systems. Often systems are not implemented separately, in secure hardware.
There are several other problems that many hierarchical key management systems may have. A first problem is that there is a root entity that may compromise the entire system. A second problem is that key management systems may not be designed to support a variety of applications including: protecting the keys used to decrypt protected content, as well as the logging and charging for use of those keys; and delivering keys cryptographically embedded in tickets to users and resources.
What is needed is a hierarchical key management system that protects keys, in the sense that the controlling application may not cause keys within the hierarchical key management system to be compromised. That is, the application need not be trusted with respect to key compromise. The hierarchical key management system preferably separates the correctness of the key management functions from the correctness of the application, simplify the design of cryptographic systems and enabling the rigorous evaluation of the hierarchical key management system. Also needed is a hierarchical key management system that may be implemented separately in secure hardware, that preferably protects the root entity so that the entire system won't be compromised, and that may support a variety of applications.