The present invention relates to a system and method for providing access control through data sealing and unsealing using Trusted Platform Module.

BACKGROUND ART

Multilevel security (MLS) relates to processing of information with different sensitivities (i.e., at different security levels), permit simultaneous access by users with different security clearances and prevent users from obtaining access to information for which authorization is lack. Multilevel security allows access to less-sensitive information by high security users and allows high security users to share documents with lower security users by delegation, declassification, downgrading or empowerment. The main drawback to multilevel security system is downgrading.

The Bell-La Padula model is a system which implements restrictions of multilevel security that allows sharing when security restrictions are not obviously violated. Users with lower security levels can easily share information/documents with users of higher security level but not vice versa. It does not provide for an efficient and reliable mechanism by which "Top Secret" user can edit "Top Secret" file, remove "Top Secret" information and deliver it to users with "Secret" or lower security levels. In practice, multilevel security systems overcome the said drawback via privileged functions that allows trustworthy user to bypass multilevel security mechanism and changes security of information. However, the said procedure is not reliable.

The system and method of the present invention provides for access control through data sealing using trusted platform module (TPM). The approach of the present invention seals data using trusted platform module and binds data to binding token and security level of owner. In addition, the present invention provides for each user to protect data and allows owner of data to transfer ownership of data to others while publicizing selected data to others and maintains selected data as private. Transfer of ownership of data is conducted by delegating authorization token associated with sealed data to the other authorized user whom owner of data wishes to share the said data.

The subject matter claimed herein is not limited to embodiments that solve any disadvantages or that operate only in environments such as those described above. Rather, this background is only provided to illustrate one exemplary technology area where some embodiments described herein may be practice.

SUMMARY OF INVENTION

The present invention provides a system (100) for providing access control through data sealing and unsealing using Trusted Platform Module. The system comprising at least one Trusted Platform Module (18) and at least one Access Control Manager (10). The said Access Control Manager (10) comprises at least one user information table (12), at least one sealing table (14) and at least one sealing service (16). The said Access Control Manager (10) enforces access control policy through multi-level sealing and unsealing using trusted platform module (18) while the said user information table (12) contains credential information of users. The said sealing table (14) contains sealed data information which includes owner of data, binding token, authorization token and delegation information. The said sealing service (16) performs binary sealing and unsealing for access control of data. The said Trusted Platform Module (18) measures integrity of the said Access Control Manager (10) continuously and during boot time; stores integrity value of said Access Control Manager (10), sealing table and sealing service; stores cryptographic keys used for sealing and unsealing; and performs sealing and unsealing.

Preferably, the said Access Control Manager (10) further comprising measuring integrity of said sealing table (14) and said sealing service (16) before sealing and unsealing data, measuring integrity of said sealing table (14) upon sealing and storing values of integrity measurement in trusted platform module (18), providing data for sealing and unsealing and binding token of requester to trusted platform module (18) and receiving sealed and/or unsealed data from trusted platform module (18).

Another aspect of the present invention provides a method (200) for providing access control through data sealing using Trusted Platform Module. The method comprising steps of receiving sealing command to seal data (202), validating requesters information using information table (204), determining validity of requester information (206),verifying integrity of sealing table by consulting trusted platform module when requester information is valid (208), determining integrity of sealing table (210), verifying integrity of sealing service by consulting trusted platform module when sealing table is integral (212), determining integrity of sealing service (214), providing data to be sealed and binding token of requester to be used for sealing to trusted platform module when sealing service is integral (216), performing data sealing (218), receiving sealed data from trusted platform module (220), returning sealed data to requester (222) and updating sealing table, measuring integrity of sealing table and storing integrity measurement in trusted platform module (224).

A further aspect of the present invention is a method (300) for unsealing data for access control using Trusted Platform Module. The method comprising steps of receiving unsealing command to unseal data (302), validating requesters information using information table (304), determining validity of requester information (306), verifying integrity of sealing table by consulting trusted platform module when requester information is valid (308), determining integrity of sealing table (310), determining clearance of requester by looking up in sealing table for authorization token provided with unsealing command when integrity of sealing table is valid (312), determining if requester is allowed to unseal data (314), verifying integrity of sealing service by consulting trusted platform module if requester is allowed to unseal data (316), determining integrity of sealing service (318), providing sealed data and binding token to trusted platform module for unsealing data when sealing service is integral (320), performing data unsealing (322), receiving unsealed data from trusted platform module (324) and returning unsealed data to requester (326).

Preferably, sealed data is revealed to other authorized user by delegating authorization token associated with sealed data to the other authorized user.

The present invention consists of features and a combination of parts hereinafter fully described and illustrated in the accompanying drawings, it being understood that various changes in the details may be made without departing from the scope of the invention or sacrificing any of the advantages of the present invention. BRIEF DESCRIPTION OF ACCOMPANYING DRAWINGS

To further clarify various aspects of some embodiments of the present invention, a more particular description of the invention will be rendered by references to specific embodiments thereof, which are illustrated in the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the accompanying drawings in which: FIG. 1 illustrates a system for multilevel sealing.

FIG. 2 is a flowchart illustrating sealing process.

FIG. 3 is a flowchart illustrating unsealing process.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The invention relates to a system and method for providing access control through data sealing and unsealing using Trusted Platform Module. Hereinafter, this specification will describe the present invention according to the preferred embodiments. It is to be understood that limiting the description to the preferred embodiments of the invention is merely to facilitate discussion of the present invention and it is envisioned without departing from the scope of the appended claims.

Reference is first being made to FIG. 1. FIG. 1 illustrates a system for multilevel sealing. The system comprises of host and trusted computing base (TCB). The system comprises at least one Trusted Platform Module (TPM) (18) and at least one Access Control Manager (ACM) (10) which resides in trusted computing based (TCB). The said Access Control Manager (ACM) (10) further comprises at least one user information table (12), at least one sealing table (14) and at least one sealing service (16). The said Access Control Manager (ACM) (1 ) enforces access control policy through multi-level sealing and unsealing using trusted platform module (TPM) (18). Further, the said Access Control Manager (ACM) (14) measures integrity of sealing table (14) and sealing service (SS) (16) before sealing and unsealing data, measures integrity of sealing table (ST) (14) upon sealing and storing values of integrity measurement in trusted platform module (TPM) (18), provides data for sealing and unsealing and binding token of requester to trusted platform module (18) and receives sealed and/or unsealed data from trusted platform module (18). Access Control Manager (ACM) (10) controls operation of all components which resides in trusted computing based (TCB).

The said user information table (UT) (12) contains credential information of users which includes names, passwords, security levels and other credential information. The said sealing table (ST) (14) maintains record for each sealing operation by storing necessary information about each owner wherein the said sealing table (ST) (14) contains information which includes owner of data, binding token, authorization token and delegation information. This information is required and is necessary for performing unsealing operation as well as to delegate ownership of data to others. The said sealing service (SS) (16) performs binary sealing and unsealing for access control of data wherein sealing service (SS) (16) receives from Access Control Manager (ACM) (10) data to be sealed D and binding token BT in which data D is bounded during sealing process . Binary sealing results in sealed data D _s and result of unsealing operation is unsealed data. Binding token BT is places in Platform Configuration Registers (PCRs) in trusted platform module (TPM) (18). The said user information table (UT) (12), sealing table (ST) (14) and sealing service (SS) (16) are protected by Access Control Manager (ACM) (10). User information table (UT) (12) and service table (14) can be stored in trusted platform module (TPM) (18).

Access Control Manager (ACM) (10) provides an interface with users or requesters to receive commands and returns sealed or unsealed data. The said Access Control Manager (ACM) (10) interfaces with users or requesters through login service which authenticates requesters by accessing user information table (UT) (12) and communicates with trusted platform module (TPM) (18) through sealing service (SS) (16). In addition, Access Control Manager (ACM) (10) provides for access to data storage.

As part of chain of trust, trusted platform module (TPM) (18) measures integrity of Access Control Manager (ACM) (10). Further, Access Control Manager (ACM) (10) measures integrity of sealing table (ST) (14) and sealing service (SS) (16) before initiating sealing and unsealing operation.

Reference is now being made to FIG. 2. FIG. 2 is a flowchart illustrating sealing process. To perform sealing operation, user of requester issues sealing command to Access Control Manager (ACM) (10) to seal data D (202). Thereafter, Access Control Manager (ACM) (10) validates information of requester using user information table (UT) (12) (204). Validity of information of requester is determined (206) wherein Access Control Manager (ACM) (10) verifies integrity of sealing table (ST) (14) by consulting trusted platform module (TPM) (18) if requester information is valid (208). Otherwise, sealing command is terminated if requester information is not valid. Thereafter, integrity of sealing table (ST) (14) is determined (210) and if integrity of sealing table is found to be compromised and not valid, sealing operation is terminated. Otherwise, Access Control Manager (ACM) (10) verifies integrity of sealing service (SS) (16) by consulting trusted platform module (TPM) (18) (212). Subsequently, integrity of sealing service (SS) is determined (214) wherein sealing command is terminated if sealing service (SS) (16) is not integral. Otherwise, Access Control Manager (ACM) (10) provides sealing service (SS) (16) with data D to be sealed and binding token BT of requester to trusted platform module (TPM) (18) (216). Trusted platform module (TPM) (18) seals data (218) and returns sealed data D _s to Access Control Manager (ACM) (10) (220). Thereafter, Access Control Manager (ACM) (10) returns sealed data to requester (222). Requester may supply Access Control Manager (ACM) (10) with binding token BT or requests Access Control Manager (ACM) (10) to construct it. Once sealing process succeeded, Access Control Manager (ACM) (10) updates sealing table (ST) (14) and stores integrity measurement in trusted platform module (TPM) (18) (224).

Reference is now being made to FIG. 3. FIG. 3 is a flowchart illustrating unsealing process. The methodology of unsealing is analogous to methodology of sealing. To perform unsealing operation or to retrieve sealed data, owner of data or authorized user/ requester issues unsealing command to Access Control Manager (ACM) to unsealed sealed data D _s (302). Thereafter, Access Control Manager (ACM) (10) validates information of requester using user information table (UT) (12) (304). Validity of information of requester is determined (306) wherein Access Control Manager (ACM) (10) verifies integrity of sealing table (ST) (14) by consulting trusted platform module (TPM) (18) if requester information is valid (308). Otherwise, sealing command is terminated if requester information is not valid. Thereafter, integrity of sealing table (ST) (14) is determined (310) and if integrity of sealing table is found to be compromised and not valid, sealing operation is terminated.

Otherwise, Access Control Manager (ACM) (10) determines clearance of requester by looking up in sealing table (ST) (14) for authorization token provided with unsealing command when integrity of sealing table is valid (312). Subsequently, it is determined if requester is allowed to unseal data (314) wherein unsealing command is terminated when authorization token is not found. Otherwise, Access Control Manager (ACM) verifies integrity of sealing service (SS) (16) by consulting trusted platform module (TPM) (18) if requester is allowed to unseal data (316). Further, integrity of sealing service (SS) (16) is determined (318) wherein unsealing command is terminated if integrity of sealing service is not valid. Otherwise, Access Control Manager (ACM) (10) provides sealed data D _s and binding token BT to trusted platform module (TPM) (18) for unsealing data when sealing service is integral (320). Finally, trusted platform module (TPM) (18) unseals data D _s (322) and Access Control Manager (ACM) (10) receives unsealed data D from trusted platform module (TPM) (18). Finally, Access Control Manager (ACM) (10) returns unsealed data D to requester.

The system and method of the present invention provides for access control through data sealing and unsealing using trusted platform module (TPM). The approach of the present invention seals data using trusted platform module and binds data to binding token and security level of owner.

The present invention may be embodied in other specific forms without departing from its essential characteristics. The described embodiments are to be considered in all respects only as illustrative and not restrictive. The scope of the invention is, therefore indicated by the appended claims rather than by the foregoing description. All changes, which come within the meaning and range of equivalency of the claims, are to be embraced within their scope.