One of the changes that have taken place in the United States, and most of the rest of the world to one degree or the other, has been the advent of electronic information in day-to-day life. Electronic information is constantly in use and it is difficult to imagine many aspects of modern day life, which are not dependent to one degree or another on such information. Today, electronic information is at work in our automobiles, workplaces and homes. It is used today by consumers, businesses and governments.
In many respects, computers and the electronic information, which they create, store and communicate, are replacing paper and pencil and are replacing previously established ways of doing day-to-day activities. Sending an e-mail is replacing sending a greeting card through the mail. On-line bill paying and electronic funds transfers are replacing trips to the utility companies offices to pay a bill or mailing payments. Electronic transactions with credit or debit cards are replacing the cash we carry in our wallets and the checks we used to write. Purchases through a company's web site are replacing trips to shopping malls. Most of the foregoing involves the creation, storage, use and communication of electronic information.
In response to these changes the workplace has evolved as well. The modern day workplace now often consists of computers arrayed into networks with one network communicating to another. All of the computers found in these networks are creating, storing, using and communicating electronic information.
Similar changes have occurred outside the workplace as well. More and more homes now have computers and many of them are connected to the Internet. Newspaper and television advertising now lists a company's web-page address alongside, or in place of, its physical address.
In many respects, electronic information is becoming the lifeblood of modern-day society. The unexpected loss of electronic information can carry with it tremendous consequences. The loss of electronic information can result in severe disruptions of business activities and, in a worst-case scenario, can result in the destruction of a business. In less severe circumstances, the loss of electronic information can also impose significant costs upon a business that is seeking to restore or recreate that information. It should be undisputed that electronic information can represent substantial value for modern-day businesses and can be of critical importance. Records and other stored or saved information are often necessary for the efficient functioning of today's business. In many instances, information governs business relationships with other persons such as customers, government authorities and investors.
With the ever-increasing emphasis being placed upon information, which is created and stored, electronically important questions have been presented concerning the ownership of that information. These questions arise in large part from the realization that the electronic information has value. Employers have enacted policies governing the ownership of information, which is stored on computers owned by the employers and used by their employees. Litigation has also further defined those ownership rights. Legislation has been enacted to mandate privacy policies for information obtained over the Internet along with legislation intended to address many of the questions that have been raised regarding ownership of information, generally, and ownership of information provided over the Internet specifically.
Electronic information may have value to the person who created it or to the person for whom it was created. It may represent a valuable idea which an inventor or author may want to keep secret and later reap the economic benefits associated with that information. In another setting, the information can represent a company's trade secrets, know-how, and the like. Electronic information can also represent information, which may not have any value in and of itself, but may be information, which could cause harm or embarrassment if disclosed.
The creation of information, along with the intellectual property rights associated with information, have become the foundation of many modern-day businesses. As such, they have become highly treasured and valued assets. They can represent a company's books and records and this, in turn, can be viewed as representing a substantial part of a company's goodwill and on-going concern value. In short, much of what used to be kept in a safe or a vault, a secured room or a locked filing cabinet can now be found saved on a desktop computer. With the realization that electronic information has value also comes the realization that the value associated with that information comes from its proper use. Conversely, it is also true that the value associated with that information can be lost, or can inure to the benefit of another, if the data is misappropriated.
As with physical assets from earlier times, today's businesses have enacted and implemented procedures for the safeguarding of their assets including electronic information. One technique used involves backing up or storing electronic information in a secure fashion. What in earlier times was represented by a locked filing cabinet is currently being replaced by user id's, passwords and cryptographic keys. While in earlier times sprinkler systems and fire extinguishers were used to prevent the loss or destruction of business assets, today some electronic data representing the valued information may be backed up at secure facilities at various points around the globe.
The proliferation of electronic information being used in today's business environment has moved more quickly and covered more ground than techniques used for safeguarding and backing up the electronic information. A variety of techniques are currently being used. One technique often involves backing up data from a hard drive to some other electronic medium. That medium can be something as common as a floppy disk or the transferring of data onto a CD-ROM. Other more sophisticated techniques include backing up data to other hard drives, tape drives or magneto optical drives. These back up techniques are often employed as a safeguard against equipment failure, fire, natural disaster, theft and other forms of information compromise, attack, or other loss. These backup techniques are intended to provide a safe and secure repository for the electronic information, which can be irreplaceable or very difficult or costly to replace.
Another change, which has revolutionized society, has been the world of the Internet. Today's businesses are embracing the communications capabilities represented by the Internet in greater and greater numbers. Many businesses are finding the Internet and electronic communications media are an integral part of their day-to-day business activities. Since the Internet in many respects represents a public forum, the exposing of sensitive or valuable business information over the Internet to potential interception by third parties constitutes a danger to many businesses. Toward the end of reducing this risk to businesses many have begun to employ cryptographic technology in the transmission of information over the Internet and other means of communication.
It is common today for businesses and consumers alike to conduct business activities over the Internet through the use of secure web sites. Secure sites usually involve using cryptographic technology to encrypt data, as it is moving between businesses or between consumers and businesses. Cryptographic technology can mask or disguise the data so that it is of no use to any party intercepting or otherwise obtaining the data while it is in its encrypted state.
Similar technology is often being used inside a business itself. Cryptographic technology is sometimes being used by people inside a business to protect the data that they are creating or using and which belongs to their employer. It is not uncommon for employees to encrypt the data, which is on their computers. In so doing, they are protecting that data from wrongful appropriation, disclosure or use.
The use of the cryptographic technology in the safeguarding of electronic information can involve the use of one or more cryptographic keys, such as encryption and decryption keys. One or more encryption keys can be used in conjunction with one or more cryptographic algorithms, the mathematical functions used for encryption and decryption, to provide the necessary information for taking unencrypted information, frequently referred to as plaintext, and turning the unencrypted information into encrypted information, frequently referred to as ciphertexts. In a symmetric algorithm, frequently referred to as a single-key encryption setting or a single-key algorithm, the same key is used to encrypt and decrypt the data, or otherwise stated, the encryption key and the decryption key are the same and the encryption key can be calculated from the decryption key and decryption key from the encryption key. In a public-key algorithm, sometimes referred to as a public key algorithm or a public key encryption setting, public and private keys may be used in order to encrypt or decrypt data, the public key(s) being different that the private key(s).
The possession or control of the keys, including one or both decryption and encryption keys, and depending in part upon the employed cryptosystem (the algorithms and all possible plaintexts, ciphertexts, and keys), may carry with it the ability to control the electronic information. While it is in an encrypted state, the electronic information may be of little or no value to anyone except the person to whom the information belongs or has been assigned. A decryption key, for example, can allow the electronic information to be taken from its encrypted state, as ciphertexts, to an unencrypted state, as plaintext. Therefore, the person in possession of the decryption key, in some cryptosystems, exercises a significant degree of control over the data. If one or more of the keys fall into the possession of a person from whom the information is to be safeguarded, the purpose behind encryption can often be frustrated. In other words, if the person from whom you are seeking to keep the electronic information obtains one or more of the keys, for example, he may be able to decrypt the information, calculate the values of other keys of the cryptosystem, or determine an algorithm for the decryption of the ciphertexts of the electronic information, among other possible attacks.
The control, transfer or possession of cryptographic keys can now present significant challenges. Absent adequate safeguards and control procedures for the creation and safeguarding of cryptographic keys, electronic information back up and cryptographic systems can be compromised. As described above, if one or more of the keys is copied or becomes available to others, many of the benefits associated with the encryption of electronic information can be lost. In addition, the misuse of cryptographic keys can result in additional costs and losses to businesses. One example can involve the disgruntled employee. In this example, a disgruntled employee may encrypt the data on his computer using an encryption key, which is different from the one that was either assigned to him or previously used by him. He then does not disclose the new key to his employer and the employer is effectively deprived of the data, which is stored on the employee's computer. Another example can involve the misuse of cryptographic keys by other employees of an employer. In this example, other employees of an employer who are responsible for maintaining and safeguarding cryptographic keys may abuse their responsibilities and use the decryption keys to search and view data which is stored on their co-workers computers. Not only can such abuses result in an invasion of employee's privacy, but it may also result in employees who do not have a right to view certain information coming into possession of that same information, such as trade secrets of the company. If that information has significant value, that information can be sold or conveyed to a competitor or other third party to the detriment of the employer. It may also be used to harass or embarrass other employees and may have the effect of disrupting the work place.
The need for security of information data cannot be overstated. Much has been written in the recent years about future conflicts being conflicts over information technology. Several government authorities have devoted considerable time and material to combating attacks upon their web pages. In addition, economic espionage is on the increase. The treasure, which is being sought in economic espionage, is often electronic information. Since the Internet in many respects is a public or semi-public place, the use of encryption technology can be indispensable for the movement of data through the Internet. Use of that encryption technology can also carry with it demands that the cryptographic keys be properly maintained and used.
Conventional systems do not provide optimal technology for proper maintenance and control over encryption keys and, in turn, the electronic information which is to be protected. Attempts have been made to address the security concerns surrounding electronic information, cryptographic systems, and the corresponding cryptographic keys. Several attempts are disclosed in the following patent documents, hereby listed in the provided List of References to be Incorporated. However, many of the conventional attempts may not have fully appreciated the risks involved not only relevant to the cryptographic keys, but with regard to the underlying electronic information. If use of the information, especially that of encryption, decryption, or information transfer, is allowed prior to securing the cryptographic key, the information could be intercepted and used to learn of and potentially access one or more of the cryptographic keys. Such unintended compromise of the information and cryptographic keys, as well as attacks to learn of the information and keys, have created the presently identified need for a system that can confirm cryptographic key securing prior to allowing a function affecting the electronic information or keys.
Some prior art systems may provide a conventional backup system as depicted in FIG. 1. In a conventional backup system the client computer, for example the computer whose electronic information is being saved, backed up, or otherwise safeguarded, may be connected through an electronic medium to another computer or network which may act as the backup computer for the information. The goal of the back of system can be to create a copy of the electronic information found on the client computer on the backup computer. The information that is being backed up can be backed up in an unencrypted or encrypted state. Information backed up in an unencrypted state may create greater risk of misappropriation or otherwise undesired viewing or use of the electronic information. In order to add an additional level of security, encryption may be used to encrypt the data from the client computer to the backup computer. However, such conventional systems do not address recognized security issues regarding the securement of keys of the cryptosystem(s), security with respect to the back-up computer itself, or the relation between the securement of electronic information and the keys used in the encryption and decryption of such information.
Other conventional systems have attempted to address the recognized needs of security with regarding to cryptographic keys. Key escrows, key directory services, and key management centers, key distribution centers, and key arbitration centers have been utilized for the back up of cryptographic keys. However, these systems may have merely provided another back-up system for the keys, not fully addressing the need for heightening security with regard to securing the cryptographic keys and the corresponding electronic information. Such back-up systems may themselves be the subject of an attack to learn of the cryptographic keys and may not address the additional concern for the storage and security of the electronic information itself. Such key back-up systems may be found in patent references WO 02/05480, WO 02/35329, and U.S. Pat. Nos. 5,265,164, 6,118,874, 5,778,072.
Particularly, a need may exist for electronic information and key management systems that may ensure the securement of the cryptographic keys such that securement of the electronic information may be provided. For example, numerous attacks may be made utilizing one or more portions of the cryptosystem (algorithm, plaintexts, ciphertexts, and keys) in order to cryptoanalyze the system. The “attacker” seeks to obtain, for example, through cryptanalysis, the value of the encryption key or the plaintext to the encrypted electronic information. One such method might include intercepting the cryptographic keys to compare with other information, such as intercepted ciphertexts or known plaintext. If the security of the keys is in question, so might the security of every other element of the cryptosystem. For example, if the keys have not been adequately secured from attack or compromise and some electronic information has been obtained, potentially available to an attacker through an unsecured communication line, the attacker might easily determine the value of an decryption key for later retrieval and decryption of electronic information provided as ciphertext. As another example, if a cryptographic key is intercepted prior to its securement and ciphertexts has been encrypted and transmitted over a communication medium to which an attacker has eavesdropped or otherwise compromised, the attacker may intercept the ciphertexts, decrypt the information, and send the ciphertext along to the intended recipient, potentially without detection. The interception of cryptographic keys may be a significant threat, further stressing a need for both secure information back-up systems and cryptographic key management systems, as well as the ability to determine if such securement of the cryptographic keys and information has been achieved.
Therefore, a heretofore long-felt but unaddressed need potentially exists with regard to confirming the securement of the cryptographic keys, and hence potentially the other elements of the cryptosystem, including the electronic information. The heretofore patent references do not appear to address such needs and may actually disclose techniques directed away from such identified concerns.
Other patent references, such as U.S. Pat. Nos. 5,901,227, 5,883,956, 5,933,503, 5,917,911, 5,276,737, 5,315,658, and 4,888,800, purport to provide cryptographic techniques. These references, however, do further appear to inadequately address the securement of cryptographic keys, including the securement of keys relative to the securement of the electronic information. Furthermore, it appears that no indication is made of ensuring or confirming the securement of cryptographic keys and electrical information, or confirming and enabling other cryptographic activity, such as in the transmission or cryptographic manipulation of the information.
U.S. Pat. No. 5,495,533 appears to be directed to a personal key archive for managing keys to encrypt and decrypt stored data on a computer system. However, and as previously identified in other art references, U.S. Pat. No. '533 does not appear to address the identified need of confirming the securement of the electronic information that might allow or enable a more secure set of electronic information functions. U.S. Pat. No. '533 appears to be directed to the sending of a key from the key server, apparently without a confirmation of the securement of the cryptographic keys to the system or other desirable features addressing security of the present art.
Again, it appears that no indication is made of ensuring or confirming the securement of cryptographic keys and electrical information, or confirming and enabling other cryptographic activity, such as in the transmission or cryptographic manipulation of the information. The lack of provision for the confirmation of secured cryptographic keys, and the resulting lack of ability to provide corresponding secure information, all as heretofore identified but unaddressed needs in the conventional systems, leave such conventional systems apparently lacking in desirable security for present day cryptographic needs.
Further, other security measures may be taken to protect the cryptographic keys and electronic information. One such measure could provide a key management separate from a system function or component backing-up the electronic information provided by conventional electronic information and cryptographic key systems. As previously mentioned, an attacker to a cryptographic system may try for an attack of, or look for a compromise in, the cryptographic key storage facility. Also of potential concern to the attacker, as previously mentioned, is acquisition of at least a portion of the ciphertexts or the underlying plaintext of the electronic information. Conventional systems may provide combined systems that do not adequately secure or separate the portions of electronic information, including the cryptographic keys, desired by the attacker in cryptoanalyzing the ciphertexts or the cryptosystem, generally. An additional need, therefore, exists for a system that may provide distinct systems of an electronic information system to protect the various components of a cryptosystem.