There is a need to deny unauthorized access to vulnerable electronic information. Computing and communications systems appear in every sector of the economy, and increasingly in homes and other locations. As the availability and use of computer based systems grow, so do their interconnections. The result is a shared infrastructure of information, computing, and communications. The nature of shared infrastructures creates vulnerabilities for users. In general, easier access for users implies easier access by unauthorized users. Cryptography plays an important role in addressing certain types of information vulnerability.
Conventional cryptography protects data by using a cryptographic process and a secret key. Encryption transforms plaintext into ciphertext using the key. Different keys results in a creation of different ciphertext. Decryption transforms the ciphertext back to the plaintext. When the encryption and decryption operations use the same key, the method is known as symmetric key cryptography. In asymmetric key cryptography, the encryption and decryption keys are different. Usually, one of these keys is made publicly available while the other key is privately maintained by an authorized party. A password assigned to a user of a system may be considered as a private key that enables this user to access certain capabilities of the system. Methods for generating keys and passwords and distributing the keys and passwords are included under the broad designation of “key management.”
It is often necessary to implement access control schemes in which the decision to grant or deny access to data depends on the position of a user in a hierarchy of classes. For example, users are partitioned into three classes: A, B and C. Class A has the highest privileges and class C has the lowest privileges. Accordingly, the highest security device only allows access to users of class A. The medium security device allows access to users in classes A and B, while the low security device allows access to all users. This architecture can be extended to more than three classes, which are arranged in one of many possible hierarchies, so that the privileges of the class depend on its position in the hierarchy. There can be multiple users within a certain privilege class.
Such hierarchies arise in numerous practical access control applications. For example, in an industrial plant, certain areas may be off-limits to machine shop workers and accessible only to qualified supervisors. In another example, customer service personnel of a bank may have access to public information of a customer, while their managers can access more classified details. A hierarchical password scheme is defined as a method that generates keys or passwords for each user depending upon the position of the user in the hierarchy, i.e., depending upon the privilege class of the user.
Key or password management is important in a security system. Key management includes generation, distribution, and termination of keys. Furthermore, many applications require a hierarchical access structure in which subsets of users have different access privileges.
A number of different structures for generating hierarchy of passwords are known. However, there are several important issues that remain unaddressed. The first issue is that the security system can be networked, i.e., all access control devices are connected to a central administrative device so the operations of adding a new user or revoking a user can be conveniently performed over network connection. If networking is not available or not possible, then it is cumbersome to manually modify the user information that is stored in the database of an access control device. The second issue is that in most conventional password schemes, each access control device stores different authentication information, e.g., cryptographic hashes or keys for all users that are allowed to legally access that device. This may not be efficient in terms of memory requirements.
It is desirable to provide a method that can generate passwords while reducing or completely eliminating the necessity to update access control devices in a security system.