Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Security kernel or utility
Reexamination Certificate
1998-03-12
2001-01-23
Swann, Tod R. (Department: 2767)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Security kernel or utility
C713S151000, C713S152000, C713S172000, C713S191000
Reexamination Certificate
active
06178504
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The invention relates to cryptography. More particularly, the invention relates to host system elements for an international cryptography framework.
2. Description of the Prior Art
Customers of large computer systems are typically multinational corporations that want to purchase enterprise wide computer based solutions. The distributed nature of such organizations requires them to use public international communications services to transport data throughout their organization. Naturally, they are concerned about the security of their communications and seek to use modern end-to-end cryptographic facilities to assure privacy and data integrity.
The use of cryptography in communications is governed by national policy and unfortunately, national policies differ with respect to such use. Each national policy is developed independently, generally with a more national emphasis rather than international considerations. There are standards groups that are seeking to develop a common cryptographic algorithm suitable for international cryptography. However, the issue of international cryptographic standards is not a technical problem, but rather it is a political issue that has national sovereignty at its heart. As such, it is not realistic to expect the different national cryptography policies to come into alignment by a technical standardization process.
The issue of national interests in cryptography is a particular concern of companies that manufacture open-standards-based information technology products for a worldwide market. The market expects these products to be secure. Yet, more and more consumers of these products are themselves multinational and look to the manufacturers to help them resolve the international cryptography issues inhibiting their worldwide information technology development. The persistence of unresolved differences and export restrictions in national cryptography policies has an adverse impact on international market growth for secure open computing products. Thus, it would be helpful to provide an international framework that provides global information technology products featuring common security elements, while respecting the independent development of national cryptography policies.
Nations have reasons for adopting policies that govern cryptography. Often these reasons have to do with law enforcement and national security issues. Within each country there can be debates between the government and the people as to the rightness and acceptability of these policies. Rather than engage in these debates or try to forecast their outcome, it is more practical to accept the sovereign right of each nation to establish an independent policy governing cryptography in communication.
Policies governing national cryptography not only express the will of the people and government, but also embrace certain technologies that facilitate cryptography. Technology choice is certainly one area where standardization can play a role. However, as indicated earlier this is not solely a technical problem, such that selection of common cryptographic technologies alone can not resolve the national policy differences. Consequently, it would be useful to provide a common, accepted cryptography framework, wherein independent technology and policy choices can be made in a way that still enables international cryptographic communications consistent with these policies.
A four-part technology framework that supports international cryptography, which includes a national flag card, a cryptographic unit, a host system, and a network security server is disclosed by K. Klemba, R. Merckling, International Cryptography Framework, in U.S. Pat. No. 5,651,068, issued Jul. 22, 1997. Three of these four service elements have a fundamentally hierarchical relationship. The National Flag Card (NFC) is installed into the Cryptographic Unit (CU) which, in turn, is installed into a Host System (HS). Cryptographic functions on the Host System cannot be executed without a Cryptographic Unit, which itself requires the presence of a valid National Flag Card before it's services are available. The fourth service element, a Network Security Server (NSS), can provide a range of different security services including verification of the other three service elements.
The framework supports the design, implementation, and operational elements of any and all national policies, while unifying the design, development, and operation of independent national security policies. The framework thus gives standard form to the service elements of national security policies, where such service elements include such things as hardware form factors, communication protocols, and on-line and off-line data definitions.
Critical to the implementation of the framework is the provision of a fundamental technology that allows the production of the various service elements. While various implementations of the service elements are within the skill of those versed in the relevant art, there exists a need for specific improvements to the state of the art if the full potential of the framework is to be realized.
In particular, it would be desirable for the host system elements of such framework to provide support services to applications, policies, and Operating Systems that run within such framework, e.g. support for applications would include an application programming interface (API) to allow access to the cryptographic services in the cryptographic unit. Further, it would be desirable for such host system elements to provide support for the cryptographic unit in building trust relationships between the host system elements and the cryptographic unit.
SUMMARY OF THE INVENTION
An international cryptography framework (ICF) is provided that allows manufacturers to comply with varying national laws governing the distribution of cryptographic capabilities. In particular, such a framework makes it possible to ship worldwide cryptographic capabilities in all types of information processing devices (e.g. printers, palm-tops). The ICF comprises a set of service elements which allow applications to exercise cryptographic functions under the control of a policy. The four core elements of the ICF architecture, i.e. the host system, cryptographic unit, policy card, and network security server, comprise an infrastructure that provides cryptographic services to applications. Applications that request cryptographic services from various service elements within the ICF are identified through a certificate to protect against misuse of a granted level of cryptography. The policy may take into consideration attributes contained in the Application Certificate.
The host system comprises a set of system programs and services which provide the application with an execution environment. The host system's role within the ICF is twofold. First, the host system provides services to the application in the form of programming interfaces to access the functions offered by the cryptographic unit. Second, the host system provides support for the cryptographic unit in building trust relationships to the host system elements, such as the cryptographic programming interfaces, operating systems drivers, and memory management subsystems.
REFERENCES:
patent: 5502766 (1996-03-01), Boebert et al.
patent: 5949975 (1999-09-01), Batty et al.
The Open Group, Common Security: CDSA and CSSM, 1997, The Open Group..
Intel Corporation, Apr. 1998, Common Data Security Architecture (Presentation), Developers' Insight: Intel's Web Site for Developers on CD-Rom, p. 20.
The Open Group, The Open Group Members List, As of Feb. 16, 2000, The Open Group.
Fieres Helmut
Klemba Keith
Merckling Roger
Cheyenne Property Trust c/o Data Securities International, Inc.
Sulpizio Ronald
Swann Tod R.
LandOfFree
Host system elements for an international cryptography... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Host system elements for an international cryptography..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Host system elements for an international cryptography... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2457806