The present invention relates to distribution of security credentials via a public communication network to a user.
It is desirable that a remote user of an organization's computer applications be able to connect to these applications using a public communication network, such as the Internet. It is also desirable that an organization's computers not be exposed to unauthorized access from the public communication network, such as by hackers. It is further desirable that security measures, such as authorizing access to potential users, occur in a separate device from the host computer to strongly isolate the host computer and the authorization module from malicious users.
One way to allow remote connectivity is for the organization to establish a virtual private network (VPN) using the public communication network. However, a VPN is complex to manage, and so is burdensome for an enterprise. Also, a VPN may make the internal enterprise network vulnerable to computer viruses and other malware.
Another way to allow remote connectivity is for the organization to set up a web-page allowing the remote user to log-in. If non-encrypted, the information exchanged between the web server and the remote user is unsecured. Whether or not encrypted, the web server is vulnerable to attacks, such as distributed denial of service attacks. If encrypted, and a strong authentication of the client is desired, both the web server and the remote user need to have cryptographic certificates, introducing a certificate management burden.
A further way to allow remote connectivity is described in U.S. Pat. No. 7,814,216, which is commonly owned with the instant application, the disclosure of which is hereby incorporated by reference in its entirety. The '216 patent discloses that a remote device, a controller, and a host computer are all connected to a public communication network. The remote device uses a special software program, adapted to use public key infrastructure (PKI) security certificates, to access the controller, and tells the controller which host it wishes to connect to. The controller verifies the remote, and then tells the host computer to send a connection request to the remote device. After the remote device accepts the connection request, the controller is no longer involved, unless the connection is undesirably broken.
U.S. Pat. No. 7,739,726, which is commonly owned with the instant application, the disclosure of which is hereby incorporated by reference in its entirety, discloses a “memory stick” device that contains the special software program, and is inserted into a USB port, or similar connector, of a computer to enable the computer to function as the remote device in the configuration of the '216 patent.
Yet another way to allow remote connectivity is described in U.S. Patent Application Publication No. 2005/0120204 (Kiwimagi). FIG. 2 of Kiwimagi is reproduced as FIG. 1A of the instant application, and shows a public communication network having connected thereto security host 210, remote client 220, and system host 230.
During registration, shown in FIGS. 3(a) and 4 of Kiwimagi, corresponding to FIG. 1B of the instant application, remote client 220 contacts security host 210 and requests the network address of system host 230. After verification of remote client 220, security host 210 provides the network address of system host 230 to remote client 220.
During operation, shown in FIGS. 3(b) and 4 of Kiwimagi, corresponding to FIG. 1C of the instant application, remote client 220 sends a connection request to system host 230. In turn, system host 230 asks security host 210 to verify remote client 220. After security host 210 verifies remote client 220, system host 230 grants access to remote client 220, and remote client 220 then uses system host 230.
Problems with Kiwimagi's technique are discussed below.
Application programs that require user to computationally verify their identity generally assume that a user has cryptographic data that has been provided only to that user, and then expect the user to perform a computation using that cryptographic data to provide a result, which will verify the identity of the user, as only the user with the particular cryptographic data will be able to properly compute the result. However, managing the distribution and revocation of such cryptographic information is burdensome for an enterprise, particularly if the enterprise uses different applications that each require different cryptographic data for each user.
Accordingly, there is room for an improved way to manage the distribution of cryptographic data.