System and method to transparently integrate private key operations from a smart card with host-based encryption services

摘要

A system and method provide transparent integration of a smart card private key operations with an existing set of encryption services and system applications. A key store manager manages user key data, and handles requests for key operations from the system applications. A user information file stores user data, including user private keys for users that do not have smart cards, and an indication of those users that have smart cards. A set of system applications interfaces with the key store manager through encryption protocol specific application programming interfaces. Users connect to the system through terminals or remote computers that may be equipped with smart card readers. For users having smart cards, the key store manager forwards to the smart cards requests for private key operations, such as encryption or decryption with the user's private key, from the system applications. In this manner the user's private key cannot be compromised by exposure to the computer system. For users without smart cards the key store manager forwards the request for private key operation to an encryption service for handling. The key store manager may handle only requests for private key operations, with the system applications identifying and handling directly public key operations, or the key store manager may handle both private key and public key operations.