Browse Prior Art Database

PKI trust for server-based storage system holding private user data

IP.com Disclosure Number: IPCOM000174128D
Original Publication Date: 2008-Aug-27
Included in the Prior Art Database: 2008-Aug-27
Document File: 2 page(s) / 26K

Publishing Venue

IBM

Abstract

This system introduces a PKI certificate used to embody the trust placed in a server-based storage system to contain sensitive user data. Client software will only upload sensitive user data to a server storage system that is trusted by the user, as proven by the existence of the trust certificate which is verified as having been created by the user’s certificate authority.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 49% of the total text.

Page 1 of 2

PKI trust for server-based storage system holding private user data

Disclosed is a system to create and manage a special trust certificate used to protect against a rogue administrator who seeks to steal data. Client software will only upload sensitive user data to a server-based storage system that is trusted, for example in the case where the user data is expected to be regularly uploaded by the client to a server storage system. Particularly in an environment in which servers seem interchangeable due to automated server load balancing, the end user may not even be aware of which server is in use at a given time. When proposed to upload data to a particular server storage system, the client first locates and verifies a new type of PKI trust certificate before uploading the data. The client cannot be tricked into storing data in an unauthorized storage system which may have been deployed by a rogue administrator.

Public Key Infrastructure (PKI) systems offer a trust model. For example, suppose the Acme organization has a certificate authority with name " /O=Acme" which creates certificates, e.g. for a user "CN=Jane Doe/O=Acme" and for a server "CN=Server1/O=Acme". PKI systems sometimes allow a client system for user Jane Doe to implicitly trust the certificates of all others in the organization; for example Jane Doe's client system could trust certificates for Server1 as valid, because Jane Doe and Server1 share the same organization of /O=Acme. Jane Doe's client system could be tricked into trusting the credentials of a rogue server that is deployed in the organization of /O=Acme. The disclosed system addresses this problem with the special trust certificate required by the end user's client system as prerequisite for trusting the local server storage system.

The trust certificate is a means to declare that a particular organization of users trusts a particular server storage system. Before allowing sensitive user information to be uploaded onto the server storage system, it is the job of the client software to locate and verify the trust certificate (usually stored in the directory). The disclosed system is automated, such that an end user is likely not aware of the PKI certificate infrastructure; there is no need to prompt the end user to make decisions regarding which server storage systems are trustworthy.

Creating the trust certificate can only be done by a powerful administrator on behalf of the user organization, i.e. the administrator must be a manager of the certificate authority associated with the organization of users. To create the trust certificate, the administrator must be authenticated and able to supply required certificate authority private keys used by the PKI. A rogue administrator does not have access to the required certificate authority private keys and therefore cannot effectively forge a trust certificate for a rogue server system. If a certificate would be forge...