1. Field of the Invention
The present invention relates to an improved data processing system and, in particular, to a method and apparatus for multicomputer data transferring. Still more particularly, the present invention provides a method and apparatus for multicomputer communication using cryptography.
2. Description of Related Art
E-commerce web sites and web applications perform transactions over computer networks on behalf of users. A user must often pass through an authentication procedure in order to prove the user's identity to an appropriate level of certainty for security purposes.
Many computer systems have different types of authentication for different levels of security. For example, after a successful completion of a first level of authentication in which a correct username and password combination is provided by a user, a system may provide access to a particular set of resources on a web site. A second level of authentication might require a user to present a hardware token, e.g., a smartcard, after which the user is provided access to more tightly controlled resources on the web site. A third level of authentication might require the user to provide some form of biometric data, e.g., through a fingerprint scan or a retina scan, after which the system provides access to very sensitive or confidential resources on a web site.
The process of moving up from one authentication level to the next level is termed “step-up authentication”. In other words, the user steps from one level of authentication up to a higher level as required by a system in order to gain access to more sensitive resources.
In an e-commerce web-based environment, computer systems often implement authentication services as a form of front door or sentry gate for accessing a web site. These authentication services sit in front of applications, i.e. between the user and the applications, to ensure that the user is authenticated before obtaining access to any resources. These authentication services may be implemented as a web server plug-in, a reverse proxy, or other similar technology. A potential problem with these authentication services is that they often use username/password authentication and cannot step up to authentication methods that use client-based certificates. A certificate-based authentication procedure is generally considered to achieve a higher level of security than a username/password-based authentication procedure.
Certificate-based authentication involves the use of public/private asymmetric cryptographic key pairs; a digital certificate binds a certified user's identity with a public cryptographic key. During a certificate-based authentication procedure, the user provides his or her digital certificate to an authentication service, and the user is required to prove that the user has access to a private cryptographic key that corresponds to the public key. For example, the authentication service provides some form of challenge data to the user's client computer, which then signs the challenge data with the user's private cryptographic key, and the authentication service can verify the digital signature with the user's public key. If the authentication service determines that the challenge data was properly signed with the user's private key, then the authentication service has verified the identity of the user to a high degree because the private key should always be kept secret by the user whose identity is stored in the certificate.
The operation of stepping up to a certificate-based authentication procedure is often not possible. A problem typically arises because a mutually authenticated SSL session has already been established between the client and the server for a lower-level of non-certificate-based authentication, such as a username/password combination. If the authentication service that requires the certificate-based authentication procedure does not have control over the SSL stack, which is the case with most commercially available products, e.g., it may be embedded within the operating system in some manner, then the authentication service cannot force the establishment of a new SSL session. Hence, the authentication service cannot step up from a username/password-based authentication procedure that has already occurred over an active SSL session to a certificate-based authentication procedure while maintaining the active SSL session.
Therefore, it would be advantageous to have a method and a system that can step up from a non-certificate-based authentication procedure to a certificate-based authentication procedure without exiting or renegotiating a previously established SSL session in order to obtain a higher level of security that is required by an authentication service for some purpose.