It is common in private networks to provide a means of encryption by which users of the network can communicate with each other securely. For example, some networks feature a certificate management system such as a PKI (Public Key Infrastructure) which administers the distribution of published certificates which contain public keys for individuals within an organization. This allows a user to encrypt data using the public keys, send it to the user at the other end, after which the other user can use his private key to decrypt the data.
In such networks, it is common to have one or more servers administering the certificate management system, and in the process of doing this typically audit records are generated and are stored in an audit record repository. The particular nature of the audit records generated depends upon system implementation. However, an audit record might for example be generated when various types of error events occur. The audit records may also include audit records generated for the purpose of monitoring system use. For example, an audit record could be generated whenever an administrator logs into an administration too. Typically, system administrators access the audit record repository through an administrative interface of some sort, and download the audit records to their local platform to review them and identify any action necessary. Unfortunately, this is not a very efficient mechanism for getting any action to take place as a result of an audit record. Firstly, the system administrator must remember to download the audit records. They must also take the time to scroll through each of the audit records to identify whether they are responsible for any of them and follow this up with whatever the necessary action might be. Furthermore, certain audit records might occur due to events that a system administrator was responsible for, such as might be the case in which there was a rogue administrator in a system which was attempting to damage the system or circumvent the security somehow.
Thus, the problem exists that not only are audit records not currently effectively distributed, but there is the potential security problem which might arise in the event there is a rogue administrator attempting to undermine the security of the system.