Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)
      9  4.5  Key Management and Certificate Lifecycles
           9  4.5.7  Recovery

Previous Topic/Section
Who Can Perform Key Recovery?
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.8  Renewal
Next Topic/Section

4.5.7.1  M of N Control

M of N control is a policy of dividing up a task among multiple entities so that no one person acting alone can perform the entire task. As stated above, it is used to help minimize an organization’s exposure to the risk of one person misusing a privilege, and performing a sensitive action like key recovery without authorization.

One simple approach to M of N control might be to double-encrypt the database of keys, such that two staffers, each assigned one of the keys to the database, are required in order to obtain someone’s private key.

M of N control is also provided by some hardware-based key recovery systems, such as the smart-card based KEON KRM (Key Recovery Module) by RSA to control the private key used for key recovery. Each entity is issued some percentage of the entire private key used for recovery, in the form of a token. In order to perform a key recovery, some number of these entities (M) out of the (N) to whom a portion of the recovery key was distributed, must come together and combine their key fragments. This adds additional security to the key recovery process and minimizes opportunities for abuse of Key Recovery Operator privileges.408

M of N Control involves dividing a task among multiple entities so that no one person acting alone can perform the entire task. It is often used to minimize the risk of someone misusing a privilege, such as key recovery.

M of N Policy

The policy of M of N Control can be enforced only by written policy or by technological means if your PKI supports it.

For example, a PKI supporting M of N Control on the key recovery function might require some number of authorized individuals (M) out of the (N) to whom a portion of the recovery key was distributed, to combine their key fragments, before key recovery can occur.



 __________________

408. http://216.239.53.100/search?q=cache:aUqGdG9fQIcC:www.rsasecurity.com/products/keon/datasheets/dskeonkrm.html+%22m+of+n%22+certificate&hl=en&ie=UTF-8

Previous Topic/Section
Who Can Perform Key Recovery?
Previous Page
Pages in Current Topic/Section
1
Next Page
4.5.8  Renewal
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.