Abstract: In scalable multi-process and possibly multi-node application environments, the management of sensitive data, such as cryptographic keys, is complicated by the number of processes, the frequency at which they are created and destroyed, and by the desire to avoid storing any keys in the clear in these processes or in data files. The present invention defines a central autonomous process, called the Key Repository process, which is tasked with many functions, including controlling and limiting the distribution of the relevant sensitive information, authenticating operators and policy owners, and performing key renewal operations. The Key Repository process is initiated by multiple acts of human intervention, in combination, thus allowing for the shared responsibility of ownership. Once the Key Repository process is initiated and configured, it enforces the policy decisions of the enterprise. At no point is the sensitive data written to the disk in the clear.

Abstract: In scalable multi-node systems, applications that interact with remote users often use sessions that involve multiple messages. Unless the application instance that initiates the conversation processes all subsequent parts of that session, the context of the conversation must be passed between application instances. This context often involves sensitive data, such as session keys. This invention uses a central service, known as a Key Repository process, to create and manage a set of symmetric encryption keys unique to this application. All authorized instances of the application then obtain these keys from the Key Repository process, enabling these application instances to encrypt and save the context on disk, and allowing a possibly different instance of the application to retrieve and decrypt the context. As a result, these application programs can be designed to operate in a context-free manner.

Abstract: In scalable multi-node systems, applications that interact with remote users often use sessions that involve multiple messages. Unless the application instance that initiates the conversation processes all subsequent parts of that session, the context of the conversation must be passed between application instances. This context often involves sensitive data, such as session keys. This invention uses a central service, known as a Key Repository process, to create and manage a set of symmetric encryption keys unique to this application. All authorized instances of the application then obtain these keys from the Key Repository process, enabling these application instances to encrypt and save the context on disk, and allowing a possibly different instance of the application to retrieve and decrypt the context. As a result, these application programs can be designed to operate in a context-free manner.

Abstract: In enterprise computer environments involving sensitive data, it is important that security policy decisions be made and be approved by the appropriate individuals owning the particular policy decision, rather than relegating this function to computer operators. These policy decisions often include the approval of specific programs to act on behalf of the enterprise, exposure of cryptographic secrets, and others affecting risk. The present invention enforces the separation of the functions of computer operator and policy decision owners.

Abstract: In large computer application environments supporting secure enterprise applications, it is often necessary to distribute the environment among multiple systems in diverse locations, and yet share and maintain a set of keys and other sensitive information securely. This invention describes a method to accomplish this, by positioning in each remote site a trusted local agent, and establishing a secure and authenticated communications link between this remote agent and the master system. This remote agent limits the distribution of sensitive information to authorized applications, thus enforcing the security policy of the enterprise.

Abstract: In scalable multi-process and possibly multi-node application environments, the management of sensitive data, such as cryptographic keys, is complicated by the number of processes, the frequency at which they are created and destroyed, and by the desire to avoid storing any keys in the clear in these processes or in data files. The present invention defines a central autonomous process, called the Key Repository process, which is tasked with many functions, including controlling and limiting the distribution of the relevant sensitive information, authenticating operators and policy owners, and performing key renewal operations. The Key Repository process is initiated by multiple acts of human intervention, in combination, thus allowing for the shared responsibility of ownership. Once the Key Repository process is initiated and configured, it enforces the policy decisions of the enterprise. At no point is the sensitive data written to the disk in the clear.

Abstract: In scalable multi-node multi-process application environments, identical copies of applications are often executing in parallel thus allowing the distribution of load and tolerance of system failure. A problem arises when these applications are security-oriented and involve keying information that changes periodically, such as in the case of public key certificate renewal. When these certificates need renewal, each instance of such applications could attempt to contact the certification authority, potentially causing a conflict since each instance is unaware of the renewal efforts by others. The present invention implements a central process called the Key Repository process, assigning it the function of performing these renewals and other certificate management functions, and inhibiting the application programs from performing these actions. When new certificates are issued, the Key Repository Process makes them available to affected applications when they next request them.