Encryption is commonly used to protect communication information by rendering it unreadable to a recipient lacking the resources necessary to decrypt it. Modern digital encryption methods include symmetric key algorithms (“private-key” algorithms) and asymmetric key algorithms (“public-key” algorithms).
In a private-key algorithm, a sender of communication information and a recipient of that information must each use a common, shared key that has been agreed upon in advance and kept secret from all other parties. The sender uses this key for encryption of the information, and the receiver uses the same key for decryption of the received information.
In contrast, in a public-key encryption system two separate keys, commonly called a “key pair,” are utilized for communicating information: a public key and a private key. The public key is published and freely distributed to other entities, and enables any sender to encrypt information to the public key's owner. A corresponding private key is maintained in secret by the receiver, and enables only the receiver to decrypt and read information that has been encrypted with the public key. Therefore the public-key method allows the sender and receiver to communicate securely without having prior access to a common, shared secret key.
A key is a piece of information that controls the operation of a cryptographic algorithm by specifying the particular transformation of unencrypted information into encrypted information, and vice-versa during decryption. The public and private keys are mathematically related, for instance each may be created through the use of a key pair generation function utilizing a random number as an input. In a robust and effective cryptographic system, derivation of the private key from the public key should be computationally infeasible.
Public-key cryptography may be used for several purposes, such as keeping a confidential message secret from any entity that does not possess a specific private key, as a message encrypted using the receiver's public key can only be decrypted by the receiver's corresponding private key. Public-key cryptography may also allow for a key agreement between two entities without an initially shared secret key to agree on one. Furthermore, a public key digital signature may be used to allow any entity to verify that a message was created with a specific private key.
Public-key digital signature algorithms may also be used for sender authentication and non-repudiation. For instance, a first entity may encrypt a message with its private key and send it. If a second entity can successfully decrypt it using the corresponding public key, this provides assurance that the first entity, in fact, sent it.
One crucial element of public-key cryptography is the accurate and dependable association of entity identities with the public keys distributed to other entities. However, securely exchanging keys directly amongst a large number of entities who do not know each other is cumbersome and impractical. Therefore, large-scale public-key systems utilize certificates as a way to efficiently associate public keys and entities.
Digital signatures may be used in public key infrastructure (“PKI”) systems in which a public key is associated with an entity by a digital identity certificate issued by a certificate authority (“CA”). Such a system enables multiple communicating parties to establish confidentiality, message integrity, and user authentication without having to exchange any secret information prior to the communication.
A conventional certificate may include public key information, entity identification information, information describing a period of validity of the certificate, and the digital signature of the certificate. The entity identification information may include, for example, name information, address information, location information, phone number information, and the like. The identification information may be associated with a natural person, or with a computer, organization, or other entity. In addition, the certificate may include information identifying a location of a revocation center, for instance in the form of a uniform resource locator (“URL”).
As an example of the use of certificates, in a public-key system, an entity (“entity A”) need only publish a public key (“public key A”) to allow any other party possessing public key A (“entity B”) to send information to entity A securely, as described above. However, a malicious entity (“entity M”) is also able to publish a public key and falsely identify it as belonging to entity A. Such an action would allow entity M to at least receive and read some information sent to entity A under the erroneous belief that public key M actually belongs to entity A.
Therefore, to defend against such a malicious scheme, entity A may embed public key A into a certificate, and have that certificate digitally signed by a trusted third party. Any entity that trusts the trusted third party can therefore check the certificate to see whether the trusted third party asserts that the embedded public key belongs to entity A. In a conventional PKI system, the trusted third party may correspond to a CA that is tasked with verifying relationships between entities and their public keys, and that is trusted by all entities within the system. Multiple CAs may be utilized, and the multiple CAs may be organized into a hierarchy whereby different CAs possess differing quantities of authority.
For instance, conventional enterprise-scale PKI systems may rely on certificate chains to establish a party's identity, as a certificate may have been issued by a CA whose legitimacy is established for such purposes by a certificate issued by a higher-level CA. Therefore the certificate hierarchy may include several CAs and/or several organizations, and may require cooperation and communication between several different interoperating software applications.
The CA may also be responsible for revoking certificates when the private key corresponding to the certificate's public key is compromised, or when the relationship between an entity and the entity's public key embedded in the certificate is discovered to be incorrect or changes. Validity of certificates may be checked by an entity by comparing it against a certificate revocation list (“CRL”) that contains identification information of revoked and/or cancelled certificates.
PKI systems therefore enable users to be authenticated to one another, and to use the public keys embedded in identity certificates to encrypt and decrypt messages traveling between them. A conventional PKI system may include client software, server software such as a certificate authority, hardware, and operational procedures. PKI systems may be operable for several functions, including providing and managing public keys and bindings to entity identities used for encryption and/or sender authentication of electronic mail messages or other documents, authentication of users to applications, bootstrapping secure communication protocols, and the like.
The accurate association of public keys is crucial to the correct and secure operation of such a system. As described above, however, such association of identities may require a significant expenditure of resources and may involve a significant amount of subjective judgment on the part of the trusted third party. Accordingly, such association in a conventional PKI system is performed in accordance with highly sophisticated protocols and policies used to establish and verify the associations.
Updating and maintaining accuracy of the CRL is another crucial function in a conventional PKI system, and typically requires significant expenditure of resources and finances. To be effective, it must be readily available to an entity that requires it, and must be updated frequently. Additionally, since validity of keys is central to the proper function of the system, revocation authority over keys carries significant responsibility. Accordingly, the mechanism to maintain security of the revocation functions and for revocation of keys and maintenance of the revocation list requires significant labor, capital, and time resources.
In addition to maintenance of the hierarchical CA structure and of the revocation mechanism described above, validation of identity in a conventional PKI system may be time-consuming, expensive, and costly. For instance, identity verification may include performance of in-person interviews, analysis of subscriber enrollment forms, checking validity of notarization, signatures, and attestations, and archiving of evidence of the exercise of due diligence in validating certificate information. Procedures followed by CAs may be outlined in a document such as a Certification Practices Statement (“CPS”). A link to the CPS of a CA may be included in certificates signed by the CA.
As will be understood by one skilled in the art, performance of these activities and maintenance of adequate records and evidence trails may prove to be extremely resource-intensive and costly.
There are many applications for PKI systems where a very high level of trust in identity is not required. With respect to these applications, the high costs associated with identity verification and maintenance described above may outweigh the benefits available through the PKI system itself.
Accordingly, a need exists for systems and methods for efficiently and cost-effectively verifying identities to allow creation of certificates and the exchange of public keys in a PKI system, while avoiding the above-identified disadvantages.