David M Kurn

US Patent:

20020071560, Jun 13, 2002

Filed:

Dec 12, 2000

Appl. No.:

09/736650

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US
Robert Panero - San Carlos CA, US

International Classification:

H04L009/00

US Classification:

380/277000

Abstract:

In scalable multi-process and possibly multi-node application environments, the management of sensitive data, such as cryptographic keys, is complicated by the number of processes, the frequency at which they are created and destroyed, and by the desire to avoid storing any keys in the clear in these processes or in data files. The present invention defines a central autonomous process, called the Key Repository process, which is tasked with many functions, including controlling and limiting the distribution of the relevant sensitive information, authenticating operators and policy owners, and performing key renewal operations. The Key Repository process is initiated by multiple acts of human intervention, in combination, thus allowing for the shared responsibility of ownership. Once the Key Repository process is initiated and configured, it enforces the policy decisions of the enterprise. At no point is the sensitive data written to the disk in the clear.

US Patent:

20020071561, Jun 13, 2002

Filed:

Dec 12, 2000

Appl. No.:

09/736718

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US
Robert Panero - San Carlos CA, US

International Classification:

H04L009/00

US Classification:

380/277000, 713/155000

Abstract:

In enterprise computer environments involving sensitive data, it is important that security policy decisions be made and be approved by the appropriate individuals owning the particular policy decision, rather than relegating this function to computer operators. These policy decisions often include the approval of specific programs to act on behalf of the enterprise, exposure of cryptographic secrets, and others affecting risk. The present invention enforces the separation of the functions of computer operator and policy decision owners.

US Patent:

20020071563, Jun 13, 2002

Filed:

Dec 12, 2000

Appl. No.:

09/736717

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US
Robert Panero - San Carlos CA, US

International Classification:

H04L009/00

US Classification:

380/280000

Abstract:

In scalable multi-node multi-process application environments, identical copies of applications are often executing in parallel thus allowing the distribution of load and tolerance of system failure. A problem arises when these applications are security-oriented and involve keying information that changes periodically, such as in the case of public key certificate renewal. When these certificates need renewal, each instance of such applications could attempt to contact the certification authority, potentially causing a conflict since each instance is unaware of the renewal efforts by others. The present invention implements a central process called the Key Repository process, assigning it the function of performing these renewals and other certificate management functions, and inhibiting the application programs from performing these actions. When new certificates are issued, the Key Repository Process makes them available to affected applications when they next request them. Alternately, a signal is sent to each application instance to alert it to the presence of new certificates, allowing these applications to request them as appropriate.

US Patent:

20020071564, Jun 13, 2002

Filed:

Dec 11, 2000

Appl. No.:

09/734962

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US

International Classification:

H04L009/00

US Classification:

380/281000

Abstract:

A server computer performing sensitive applications in an enterprise under the control of a single person provides an opportunity for fraud. A method and system are described for distributing responsibility to multiple individuals and enforcing this distribution with a computer program called a Key Repository process; a process designed to manage the trust relationships of an enterprise. It secures and manages the secrets of the enterprise, enforcing these trust relationships. Secrets are given only to pre-authorized applications. Public Key Infrastructure certificate management is handled centrally. All sensitive data is stored in encrypted form. Exposure of this data, as well as any change in a security-related parameter, is possible only with the approval of a pre-determined number of owners. The system is designed to accommodate a large number of application processes performing the work of the enterprise.

US Patent:

20020071565, Jun 13, 2002

Filed:

Dec 11, 2000

Appl. No.:

09/735088

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US

International Classification:

H04L009/00

US Classification:

380/281000

Abstract:

In server environments where sensitive information is used, it is important to protect that information. Policy decisions concerning the distribution of such information must be enforced. Sensitive information is often protected by passwords known to one or more individuals. In these environments, it is impractical to have an operator or other individual authorize every use of sensitive information. This invention describes the pre-authorization of application programs to receive sensitive information of an enterprise, allowing the server to operate without human intervention while preserving and enforcing the security policy of the enterprise.

US Patent:

20020071566, Jun 13, 2002

Filed:

Dec 11, 2000

Appl. No.:

09/735215

Inventors:

David Kurn - Mountain View CA, US

International Classification:

H04L009/00

US Classification:

380/281000

Abstract:

In computer environments where passwords are used to compute retained secrets by methods such as password-based encryption, a need often arises to update these secrets. Retaining the password value, or the keys computed from the password, would be unwise; and requiring each password owner to type in their password would be cumbersome. The present invention describes a method that allows a fully operational system to modify the retained secrets without retaining passwords or requiring human intervention.

US Patent:

20020071567, Jun 13, 2002

Filed:

Dec 12, 2000

Appl. No.:

09/736688

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US
Robert Panero - San Carlos CA, US

International Classification:

H04L009/08
H04L009/00

US Classification:

380/286000, 380/277000, 713/155000

Abstract:

In large computer application environments supporting secure enterprise applications, it is often necessary to distribute the environment among multiple systems in diverse locations, and yet share and maintain a set of keys and other sensitive information securely. This invention describes a method to accomplish this, by positioning in each remote site a trusted local agent, and establishing a secure and authenticated communications link between this remote agent and the master system. This remote agent limits the distribution of sensitive information to authorized applications, thus enforcing the security policy of the enterprise.

US Patent:

20020073309, Jun 13, 2002

Filed:

Dec 12, 2000

Appl. No.:

09/736715

Inventors:

David Kurn - Mountain View CA, US
Kent Salmond - Los Gatos CA, US
Robert Panero - San Carlos CA, US

International Classification:

H04L009/00

US Classification:

713/155000

Abstract:

In scalable multi-node systems, applications that interact with remote users often use sessions that involve multiple messages. Unless the application instance that initiates the conversation processes all subsequent parts of that session, the context of the conversation must be passed between application instances. This context often involves sensitive data, such as session keys. This invention uses a central service, known as a Key Repository process, to create and manage a set of symmetric encryption keys unique to this application. All authorized instances of the application then obtain these keys from the Key Repository process, enabling these application instances to encrypt and save the context on disk, and allowing a possibly different instance of the application to retrieve and decrypt the context. As a result, these application programs can be designed to operate in a context-free manner.