1. Field
The disclosure relates generally to data processing systems and, more specifically, to a method and apparatus for managing cryptographic information. Still more specifically, the present disclosure relates to a method and apparatus for determining when to provide a key for use in encrypting data in response to a request for a key.
2. Description of the Related Art
Many organizations store large amounts of data. For example, banks, hospitals, brokerage companies, consulting companies, and other organizations store data for providing goods and services. Often times, the data includes confidential information. For example, an on-line store may store information about customers including telephone numbers, addresses, a list of transactions performed, credit card information, and/or other confidential information. As another example, a software company may have different versions of software being produced on its network. The software is often considered a trade secret during development.
Access to this type of information is often restricted. For example, a user wishing to access the information is required to present credentials. These credentials may be, for example, a user identifier and a password. In other cases, other types of credentials, such as biometrics, also may be used to control access to the data.
Another mechanism used to protect this data is encryption. Processes perform encryption to make the data unusable by anyone who does not have a key or other encryption information needed to decrypt the data. This type of mechanism may be used in addition to the presentation of credentials to provide additional security for data. Many organizations encrypt their data for security.
For example, a financial institution, such as a bank, performs many transactions every day. These transactions involve information, such as customer names, addresses, deposits, withdrawals, and other information. Banks may protect this information by encrypting the information. A key is used with an encryption process to encrypt the data for the financial transactions. As a result, this data cannot be viewed without the key, increasing the security and confidentiality of the information. As another example, email servers may exchange certificates containing keys. These certificates are used to encrypt messages that may be sent between two email servers. Anyone obtaining or intercepting the messages cannot view the information without the proper certificate.