Abstract: A system and method efficiently deletes a file from secure storage, i.e., a cryptainer, served by a storage system. The cryptainer is configured to store a plurality of files, each of which stores an associated file key within a special metadata portion of the file. Notably, special metadata is created by a security appliance coupled to the storage system and attached to each file to thereby create two portions of the file: the special metadata portion and the main, “file data” portion. The security appliance then stores the file key within the specially-created metadata portion of the file. A cryptainer key is associated with the cryptainer. Each file key is used to encrypt the file data portion within its associated file and the cryptainer key is used to encrypt the part of the special metadata portion of each file. To delete the file from the cryptainer, the file key of the file is deleted and the special metadata portions of all other files stored in the cryptainer are re-keyed using a new cryptainer key.

Abstract: A method for distributing a shared secret key among a plurality of nodes is described. Each node establishes a secret key, the number of nodes being more than two nodes. A node distributes by a ring protocol executing over computer network connections an encrypted version of the secret key of each node to other nodes of the plurality of nodes. Each node decrypts the secret keys of other nodes so that each node has the secret key of other nodes. Each node combines the secret keys of other nodes to form a shared secret key available to other nodes.

Abstract: A split knowledge protocol adapted to establish an initial key for use in authenticating a first computer to a second computer. The second computer initiates the split knowledge protocol by generating a bit sequence and splitting the sequence into a predetermined number of segments. The second computer then encrypts each segment with a predetermined key associated with each segment before transmitting each encrypted segment to the first computer. In response, the first computer decrypts each encrypted segment using the associated key. The first computer then recovers the bit sequence from the decrypted segments. Accordingly, the first and second computers have knowledge of (i.e., access to) the same bit sequence, which may thus be used as the initial key.

Abstract: An apparatus and method for managing the distribution and expansion of public keys held by a group or array of systems in white lists. The addition of a new system to the array entails a manual input to authorize the introduction of the new system to one trusted system in the array. After the introduction the new system is trusted by the one member and the white list of the one member is loaded into the white list of the new system. The new system then requests joining each of the other systems in the array. For each system in the array asked by the new system, the systems in the array ask if any other systems in the array already trust the new member. In response, a system of the array that trusts the new system responds by sending its white list (containing the public key of the new system) to the requesting system. Eventually the public key of the new system is in the white lists of all the systems in the array.

Abstract: A system and method for authorizing administrative operations in a computer is provided. The computer initiates the split knowledge protocol upon an attempt by an administrator to invoke the operations. The administrator identifies a predetermined number of entities designated to authorize the operation. The computer creates a bit sequence and splits the bit sequence into a number of segments equal to the predetermined number of entities. Each entity thereafter decrypts a respective element to essentially authorize invocation of the operations. In response, the computer processes the decrypted segments to re-create the bit sequence. As an added level of security, the computer coma) pares the re-created bit sequence with the originally created sequence and, if they match, performs the operations.

Abstract: A system and method provides for secure initialization and booting of a security appliance. The security appliance cooperates with a “smart” system card to provide cryptographic information needed to boot the security appliance in accordance with a secure boot procedure. The initialization procedure commences once the security appliance detects the presence of the smart card. The smart card and an encryption processor perform an authentication and key exchange procedure to establish a secure communication channel between them. The system card then loads a twice wrapped master key from a configuration database and decrypts the master key using a key associated with the system card. The wrapped master key is then forwarded via the secure communication channel to the encryption processor, which decrypts the wrapped key using a key associated therewith and enters an operating state using the decrypted master key.

Abstract: A system and method which generates a single use password based on a challenge/response protocol. A box manager module executing within a security appliance identifies a public key (P) and salt value (S) associated with an administrator's smart card and generates a random nonce (N). The box manager transmits a challenge comprising the following elements: <SHA1(N), BM_ID, P[N, BM_ID], S>. Upon receiving the challenge, the administration card decrypts P[N, BM_ID] using the private key contained within the card and computes SHA1(N). The administration card then compares its computed values with the received values from the box manager. If the values match, then to the administration card returns a response comprising the following elements: HMAC_N[user, SHA1 (password, S)], where HMAC_N represents the SHA1 keyed hash message authentication check of the response elements using the nonce N as the key.

Abstract: A system and method securely establishes a shared secret among nodes of a security appliance. The shared secret is established by distributing private keys among the nodes in accordance with a node ring protocol that uses a predetermined encryption algorithm to generate messages containing the keys. Briefly, each node is initially notified as to the number of nodes participating in the shared secret establishment. Each node generates a public-private key-pair, as well as a first message that includes the generated public key and an indication of the source of the generated public key (hereinafter “source generated public key”). The node then sends the first message to an adjacent node of the appliance. Upon receiving the first message, each node extracts the source generated public key from the message and stores the extracted information into a data structure of “partner” public keys.

Abstract: An apparatus and method for managing the distribution and expansion of public keys held by a group or array of systems in white lists. The addition of a new system to the array entails a manual input to authorize the introduction of the new system to one trusted system in the array. After the introduction the new system is trusted by the one member and the white list of the one member is loaded into the white list of the new system. The new system then requests joining each of the other systems in the array. For each system in the array asked by the new system, the systems in the array ask if any other systems in the array already trust the new member. In response, a system of the array that trusts the new system responds by sending its white list (containing the public key of the new system) to the requesting system. Eventually the public key of the new system is in the white lists of all the systems in the array.