5

In the enterprise environment, each user was issue a key pair for using to encrypting/signing. Since they have the private key, that mean they can decrypt any file that encrypt for them, even after leaving organization and their certificate was revoked.

I want to as if is there any way to prevent they using their private to access files of organization (that was encrypted for all employees before they retired)?

  • How would they have access to the encrypted data after they've left the company for this to be of concern? – joeqwerty Jul 11 '11 at 16:24

3 Answers3

3

You can give employees usb tokens/smartcards.

You store the key on the card and it will never ever leave the token. When the someone leaves the organization you can get back the token as company property.

cstamas
  • 6,707
  • 25
  • 42
  • only works as long as they didn't decrypt the data before being fired (or withheld the token for as long as it was need to decrypt it: "oh sorry, forgot about it and wasn't in the neighborhood in the past 2 days") – Hubert Kario Jul 11 '11 at 13:39
  • if its a smartcard or hardware token, its time based. – Sirex Jul 11 '11 at 14:10
  • @sirex, yes and needs to be signed again to be usable for *signing*, usually every *year* or *two years*. No PKI needs connecting CA for decryption. – Hubert Kario Jul 11 '11 at 21:36
1

Once a person can read a document, he or she can copy it. It's impossible to solve this problem (as MPAA and RIAA showed by blowing huge amounts of cash at the problem).

To control the information and limit what people can do with it you need to have a closed system:

  • no Internet access (network separated by air-gap)
  • no ability to copy data to USB drives or CDs, DVDs and floppies (all stations should use PS/2 peripherals with USB disabled)
  • mail only internal
  • network level authentication of machines before a user is even asked for a password/token
  • no wireless access

and all this just makes copying the data as hard as if it was only stored on paper (you still can photograph the screen with a phone)

Hubert Kario
  • 6,361
  • 6
  • 36
  • 65
  • 2
    If you are going that far then cell phone shouldn't be allowed in the building. This is common in off-shore environments where agents have access to sensitive data. Possession of a phone or microdrive is usually grounds for immediate termination in that kind of workplace. – Jeffrey Hulten Jul 11 '11 at 15:38
  • 1
    and still confidential documents leak to general public... What I wanted to show is that even to start getting a secure network you need to perform steps that any and all users would consider highly limiting. Can you imagine a CEO leaving his cellphone at the entrance and getting a full body search at exit? – Hubert Kario Jul 11 '11 at 21:58
0

No. If that was wished, the person coming up with the concept you use should be fired. As in: it simply does not do that, you need DRM for that, like MS can integrate with office (where a company internal DRM server controls access to the documents).

Nifle
  • 374
  • 1
  • 8
  • 22
TomTom
  • 51,649
  • 7
  • 54
  • 136