220.127.116.11 M of N Control
M of N control is a policy of dividing up a task among multiple entities so that no one person acting alone can perform the entire task. As stated above, it is used to help minimize an organizations exposure to the risk of one person misusing a privilege, and performing a sensitive action like key recovery without authorization.
One simple approach to M of N control might be to double-encrypt the database of keys, such that two staffers, each assigned one of the keys to the database, are required in order to obtain someones private key.
M of N control is also provided by some hardware-based key recovery systems, such as the smart-card based KEON KRM (Key Recovery Module) by RSA to control the private key used for key recovery. Each entity is issued some percentage of the entire private key used for recovery, in the form of a token. In order to perform a key recovery, some number of these entities (M) out of the (N) to whom a portion of the recovery key was distributed, must come together and combine their key fragments. This adds additional security to the key recovery process and minimizes opportunities for abuse of Key Recovery Operator privileges.408
M of N Control involves dividing a task among multiple entities so that no one person acting alone can perform the entire task. It is often used to minimize the risk of someone misusing a privilege, such as key recovery.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.