SEAcurIT-e® Technical Briefing Note
SEAcurIT-e® fortifies security and augments security management and control capabilities for secure applications. Its scope is applications and services using cryptographic processes such as encryption, authentication and data integrity. It is ideally suited to software environments, and doesn't require dedicated hardware.
It is built around the secure storage of cryptographic keys and other security values, and the management and control of such stored security information, with complementary related security functions. It is applicable to applications ranging from Cloud-resident applications to embedded devices.
With SEAcurIT-e®, before gaining access to or seeing (for any purpose, genuine or malicious) the key storage related information on which access to a key depends, it is first necessary to prove knowledge of all the security values required to process such information and to do so without revealing any information about these security values. Only then can the keys be obtained. Both during this process and at all other times it is computationally infeasible to illicitly gain knowledge of either stored keys or the storage-related security values irrespective of the quality of user-supplied values such as passwords. Furthermore, the number of attempts to prove such knowledge is strictly controlled.
This allows keys to be protected using full strength encryption, while ensuring that there is no key storage information that can be used as a basis for attempting to derive information about a key. As such, it adds a substantial additional layer of security over standard storage methods.
The design assumption is that any system element can be compromised (so that information such as stored key-encrypting keys are also compromised), and SEAcurIT-e® ensures resilience in the sense that such breaches do not lead to the compromise of key or other related material, with the ability to refresh the system rendering previously compromised values redundant. It does not rely on single repositories of trust but maintains the benefits of centralised management capabilities.
The architecture lends itself to powerful and unique management and control functions, such as where, when and by whom security values can be accessed, thereby efficiently controlling across multiple devices the security functions and services that rely upon them.
SEAcurIT-e® can buttress and enhance PKI and other schemes for the management of cryptographic keys, adding distinct benefits and capabilities in security and control. Alternatively, it can serve as a robust and practical key management framework for constructing a wide range of secure applications.
For applications or devices relying on cryptographic secrets such as encryption or authentication keys, and particularly where dedicated security hardware may not be appropriate, security and control can be significantly enhanced by SEAcurIT-e®.
- Required cookies. These are used to ensure the efficient operation of the website.
- Analytical cookies. These provide analysis to assist in the improvement of the site.