| 摘要 |
The invention combines cryptographic key management technology with various authentication options and the use of a companion PKI system in a web-centri c cryptographic key management security method and apparatus called (PXa3TM Precise eXtensible Authentication, Authorization and Administration). The (PXa3) model uses a security profile unique to a network user and the member domain(s) he/she belongs to. A PXa3 server holds all private keys and certificates, the user's security profile, including credentials and the optional authentication enrollment data. The server maintains a security profile for each user, and administrators simply transmitted credential updates and other periodic maintenance updates to users via their PXa3 serve r- based member accounts. Domain and workgroup administrators also perform administrative chores via a connection to the (PXa3) web site, rather than o n a local workstation. A member's security profile, containing algorithm acces s permissions, credentials, domain and maintenance values, a file header encrypting key, optional biometric templates, and domain-specific policies i s contained in one of two places: either on a removable cryptographic token (e.g., a smart card), or on a central server-based profile maintained for ea ch member and available as a downloadable "soft token" over any Internet connection.
|
