In cryptology, SecureLog is an algorithm used to convert digital data into trusted data that can be verified if the authenticity is questioned. SecureLog is used in IT solutions that generates data to support compliance regulations like SOX.
History
editAn algorithm used to make datalogs secure from manipulation. The first infrastructure supporting the algorithm was available on the Internet in 2006.
Operation
editSecureLog involves an active key provider, a managed data store and a verification provider.
- Active Key Provider
- An active key provider distributes active keys to subscribers. An active key contains encrypted data representing time and a private secret. An active key has a validity period that is set by the active key provider.
- Managed data store
- The managed data store is a subscriber to the active keys delivered by the active key provider. The managed data store uses the active keys to do asymmetric encryption, timestamping and archive the data into a locked database.
- Verification provider
- The verification provider may read segments from the locked database and verify content, timestamps and that the integrity of the data has not been broken or manipulated since it was saved.
Uses
editThe algorithm is used in several different use cases:
- Compliance issues
- SecureLog is used to secure different types of data logs like access logs, email archives or transaction logs and is primarily in use where compliance might be an issue.
- The administrator weak link problem
- One drawback with archiving solutions is that there is always an administrator that in the end has access to the information. This makes it difficult to trust the integrity of the data. SecureLog is used to solve the traditional administrator problem.
Proposed uses
edit- Government use
- In the public sector several laws handles the archiving of data. It has been proposed that SecureLog can be used by a free institution to lock government logs and stop them from potential manipulation. Several potential use cases has been identified by EDRI [1]
- The traffic logging problem
- The method can be used by the public to monitor what data the government is collecting from the public. It has been proposed to be used as a method to solve the privacy issues in the EU Directive on Mandatory Retention of Communications Traffic Data
References
edit- Directive 2006/24/EC of the European Parliament
- Weatech
- USPTO patent 20060053294