Method to establish and enforce a network cryptographic security policy in a public key cryptosystem

Assignee

• International Business Machines Corporation · US

Inventors

• Stephen M. Matyas · Manassas, US
• Donald B. Johnson · Manassas, US
• An V. Le · Manassas, US
• Rostislaw Prymak · Dumfries, US
• William C. Martin · Redwood City, US
• William S. Rohland · Charlotte, US
• John D. Wilkins · Somerville, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L2209/12
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

Device A in a public key cryptographic network will be constrained to continue to faithfully practice a security policy dictated by a network certification center, long after device A's public key PUMa has been certified. If device A alters its operations from the limits encoded in its configuration vector, for example by loading a new configuration vector, device A will be denied participation in the network. To accomplish this enforcement of the network security policy dictated by the certification center, it is necessary for the certification center to verify at the time device A requests certification of its public key PUMa, that device A is configured with the currently authorized configuration vector. Device A is required to transmit to the certification center a copy of device A's current configuration vector, in an audit record. the certification center then compares device A's copy of the configuration vector with the authorized configuration vector for device A stored at the certification center. If the comparison is satisfactory, then the certification center will issue the requested certificate and will produce a digital signiture dSigPRC on a representation of device A…