Browse Prior Art Database

System and method for using key-pair encryption to secure keystore contents

IP.com Disclosure Number: IPCOM000198662D
Publication Date: 2010-Aug-11
Document File: 3 page(s) / 30K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for using an asymmetric key system to protect the contents of the keystore, removing the dependency on passwords.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 53% of the total text.

Page 1 of 3

System and method for using key -pair encryption to secure keystore contents

The problem is securing a keystore without need for passwords, which are inherently

less secure than other cryptographic mechanisms such as asymmetric keys. Some

application servers already require that secure key stores do not use passwords.

Current keystore passwords are stored in configuration files, which are normally sent out

for support, and customers view this as a security problem.

Current known solutions for securing a keystore use passwords. Current Java*

Cryptography Extension Key Stores control secure access to the data within the key

store using passwords, or no secure access at all.

The problems with keystores relying on passwords are:
1. Passwords are inherently less secure than keys
2. Passwords can be harder to manage and secure within an enterprise
3. Passwords require an additional layer of security, to protect the passwords

themselves


The solution disclosed here uses an asymmetric key system to protect the contents of

the keystore, removing the dependency on passwords. Additionally, since passwords

are essentially symmetric keys, a single password grants access to both the storage and

retrieval of keystore contents. Conversely, with an asymmetric key system, a division of

privilege can exist for store-only access by using the public key, and retrieve actions to

holders of the private key.

The solution employs a key-pair encryption scheme to control access to the key store.

The control mechanism is both:
1. Public key:

contained within the keystore

controls access to storage-type functions

used to encrypt the contents of the keystore

2. Private key:

the systems authorized to access the keystore

controls the retrieval-type functions

exists as an artifact maintained within the operating system

controlled and protected by operating system mechanisms

secured, maintained and controlled as per the security policy of the

enterprise so that normal users do not have access to this key, and the key

is restricted to the processes which make use of it.

1

Page 2 of 3

The act of properly decrypting the data is the access control mechanism. This solution

provides be...