SecureLog
In cryptology, SecureLog is an algorithm used to convert digital data into trusted data that can be verified if the authenticity is questioned. SecureLog is used in IT solutions that generates data to support compliance regulations like SOX.
History
An algorithm used to make datalogs secure from manipulation. The first infrastructure supporting the algorithm was available on the Internet in 2006.
Operation
SecureLog involves an active key provider, a managed data store and a verification provider.
- Active Key Provider
- An active key provider distributes active keys to subscribers. An active key contains encrypted data representing time and a private secret. An active key has a validity period that is set by the active key provider.
- Managed data store
- The managed data store is a subscriber to the active keys delivered by the active key provider. The managed data store uses the active keys to do asymmetric encryption, timestamping and archive the data into a locked database.
- Verification provider
- The verification provider may read segments from the locked database and verify content, timestamps and that the integrity of the data has not been broken or manipulated since it was saved.
Uses
The algorithm is used in several different use cases:
- Compliance issues
- SecureLog is used to secure different types of data logs like access logs, email archives or transaction logs and is primarily in use where compliance might be an issue.
- The administrator weak link problem
- One drawback with archiving solutions is that there is always an administrator that in the end has access to the information. This makes it difficult to trust the integrity of the data. SecureLog is used to solve the traditional administrator problem.
Proposed uses
- Government use
- In the public sector several laws handles the archiving of data. It has been proposed that SecureLog can be used by a free institution to lock government logs and stop them from potential manipulation. Several potential use cases has been identified by EDRI [1]
- The traffic logging problem
- The method can be used by the public to monitor what data the government is collecting from the public. It has been proposed to be used as a method to solve the privacy issues in the EU Directive on Mandatory Retention of Communications Traffic Data
References
- Directive 2006/24/EC of the European Parliament
- Weatech
- USPTO patent 20060053294
Content Disclaimer
Informasi ini disarikan dari Wikipedia dan disajikan kembali untuk tujuan edukasi. Konten tersedia di bawah lisensi CC BY-SA 3.0. Kami tidak bertanggung jawab atas ketidakakuratan data yang bersumber dari kontribusi publik tersebut.
- The information displayed on this website is sourced in part or in whole from Wikipedia and has been adapted for the purpose of restating it. We strive to provide accurate and relevant information, however:
- There is no guarantee of absolute accuracy. Wikipedia is an open, collaborative project that can be edited by anyone, so information is subject to change.
- It is not intended to constitute professional advice. The content displayed is for informational and educational purposes only. For important decisions (e.g., medical, legal, or financial), please consult a professional.
- Content copyright. Wikipedia is licensed under the Creative Commons Attribution-ShareAlike License (CC BY-SA). This means that content may be reused with appropriate attribution and shared under a similar license.
- Responsible use. Any risk arising from the use of information from this website is entirely the responsibility of the user.