Browse Prior Art Database

Leverage TPM to protect passwords and keys of daemon processes

IP.com Disclosure Number: IPCOM000168328D
Original Publication Date: 2008-Mar-06
Included in the Prior Art Database: 2008-Mar-06
Document File: 2 page(s) / 25K

Publishing Venue

IBM

Abstract

Disclosed is a method for a method to enhancing operating system security to ensure that the master key can only be accessed by the specific daemon process, not by the user identity it assumes nor by any other users and entities.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 1 of 2

Leverage TPM to protect passwords and keys of daemon processes

Daemon processes need passwords or encryption keys to authenticate to other processes and entities in order to obtain access to required services. Daemon processes need access to sensitive data, such as certificates, to validate the identity of processes requesting a service or services. Daemon processes need encryption and signing keys to protect sensitive data. The sensitive data, passwords, keys, and certificates must not be accessible to any other user or entity. Sensitive data can be protected via encryption but in the end there is one encryption/decryption key, the so called master key, left to be protected. Saving the master key in the file system and apply operating system and file system access control is insufficient. A daemon process runs under a given operating system user identity and hence the file that contains the master encryption key can be accessed at least by that user. The root user (or Administrator in the case of Windows) has access to the master key as well. Storing the master encryption key in a Trusted Platform Module (TPM) device provides the possibility for stronger protection since the master encryption key never leaves the TPM. There is a need to enhance the access control to the TPM to ensure that only the "owner" of a master key is allowed to access or use the key.

This invention describes a method to enhance operating system security to ensure that the master key can only be accessed by the specific daemon process, not by the user identity it assumes nor by any other users and entities.

Algorithms:

(1) Key retrieval

(i) When a server process starts up, it makes a request to OS TPMKeyRetrieval() routine to retrieve its master encryption key.
(ii) The OS TPMKeyRetrieval() routine identifies the server process and its binary image where the call is made
(iii) The OS TPMKeyRetrieval() routine verifies the binary image is signed by a special OS private key in the TPM
(iv) The OS TPMKeyRetr...