Electronic security is a very high priority within governments and enterprises. In fact, the United States (U.S.) federal government has promulgated stringent standards that seek to address electronic security for U.S. systems, devices, services, administrative agencies, organizations, etc. The Federal Information Processing Standard (FIPS) 140-2 addresses cryptographic standards for U.S. federal organizations. Security has always been a challenge but after the advent of Sep. 11, 2001, the U.S. government has placed even greater emphasis and resources on security issues.
One aspect of FIPS is that some automated process may not be started without security credentials. This entails having a role-based or identity-based individual being physically present and authenticated at the site of the system, having the automated process, to supply the credential information before the automated process may be started. It is clear that such a requirement has caused a lot of operational and logistical issues within the U.S. federal government and within enterprises (vendors) that do business with the U.S. government or supply security systems on behalf of the U.S. government.
To comply with FIPS, a small set of individual security positions have been created with proper clearance to supply security credentials. These individuals are referred to as Crypto Officers. Crypto Officers must be hands on for certain configuration and startup events of security systems. Unfortunately, this puts a severe strain and a lot of unnecessary demand on the limited Crypto Officers. In fact, the U.S. government is so concerned about the availability and presence of the Crypto Officers that no two officers having overlapping duties may be physically present in the same building. So, and quite literally, when one officer enters a building, another officer present exits the building.
Because of this stringent policy, a common practice among government vendors is to have two modes of operation for their systems: a FIPS mode and a non-FIPS mode. If a FIPS mode of operation is used, then a Crypto Officer must be physically present at the site or device of the system for startup of a particular operation or service. In a non-FIPS mode of operation, the operation or service may be started without the presence of the Crypto Officer that supplies the credentials.
So in practice, the FIPS mode of operation permits a vendor to receive the necessary certifications and grades from a reviewing federal agency to get their services and products in the door. However, the FIPS mode may never actually be started or configured with the product or service of the vendor for the federal government because of the perceived operational issues that may quite literally require a Crypto Officer to be employed and be physically present on site of the vendor or the deployed location of the product or service 24 hours a day and 7 days a week (24×7).
To complicate matters further, a Crypto Officer has to be certified and cleared for each system that is to be under the control of the Crypto Officer. Thus, not just any Crypto Officer has to be available when a system is down; rather, a specifically certified Crypto Officer for the system that is down has to be available when that system is down.
Thus, what is needed is a mechanism, which allows a certified and qualified Crypto Officer(s) to remotely provide security credentials, where those security credentials are necessary for permitting secured systems to acquire remote authorizations in order for the secured systems to be operated in accordance with security policy.