Distributed software systems that operate over an open network, particularly a Wide Area Network such as the Internet, often have the need for secure communications over the network and authentication between system elements to prevent spoofing and other security breaches. Various protocols have been used to provide such security. Exemplary protocols include the Secure Sockets Layer or SSL, Transport Layer Security or TLS, Secure-HTTP, and IP Security or IPSEC.
Instrumental in these protocols are cryptographic mechanisms. Two primary cryptographic mechanisms are secret key and public key cryptography. Secret key is a type of symmetric encryption in which both parties know and use the same or shared secret key to encrypt and decrypt communications. Encryption algorithms, or ciphers, based on the secret key, mathematically transform or encrypt the plain text in the message into cipher text. The same key and algorithm are used by the other party to decrypt the cipher text. Public key cryptography is a type of asymmetric encryption that uses pairs of different keys, one for encryption and one for decryption. One of the keys or private key is kept secret by a party and the other key or public key is provided freely to other parties. When plain text is converted into ciphertext or encrypted using the private key, it may be converted back into plain text only using the public key and vice versa. The Rivest-Shamir-Adleman or RSA algorithm is one of the most widely used public key algorithms.
The SSL protocol uses the Public Key Infrastructure or PKI, a form of public key cryptography, to secure communications over otherwise unsecured networks. RSA, together with the X.509 standard for digital certificates, form the basis of PKI. A certificate 200 according to the X.509 standard is shown in FIG. 2. The standard portion 202 of X.509 includes the version 204 (which indicates the particular version of the X.509 standard), serial number 208 (which is assigned by the certificate authority and uniquely identifies the certificate), signature algorithm 212 (which identifies the algorithm used in the digital signature), issuer or signer 216 of the certificate (which identifies the certificate authority that issued the certificate), period of validity 220 for the certificate (which identifies both the earliest and latest times that the certificate is valid), the subject or owner 224 of the public key, and the public key 228 of the owner of the certificate. Extensions 232 provide a location for issuers to add their own private information to the certificate. It can include authority and subject key identifiers, key usage, private key usage period, and a list of permitted use and restrictions on usage for the certificate. The certificate 200 further includes the digital signature field 236 (encrypted using the private key of an issuing entity). The digital signature field includes the signature algorithm identifier 212, a secure hash of the other fields in the certificate, and a digital signature of that hash. When a certificate has been issued and signed by the same entity, that certificate is known as a self-signed certificate or a root certificate. In a certificate chain or chain of trust, a root certificate is always at the top of the chain and is used to validate each of the other lower certificates in the chain. As will be appreciated, a certificate chain of trust is a sequence of certificates, each one of which is signed by the next in order until the last one, or root certificate, is self-signed. A trusted third-party, such as Verisign™, that issues digital certificates used to create digital signatures and public/private key pairs is known as a certificate authority or CA. As can be seen from the foregoing, to implement PKI each system element in the distributed network requires a unique digital certificate and associated private key.
In a typical application, a computational component receives a digital certificate by interacting with a certificate authority. The computational component generates a public/private key set and makes a certificate request to the certificate authority. Secure distribution of the private key is not an issue because no distribution is needed (the private key is generated on the target system element). However, this approach is not practical in many cases, since it requires direct communication between the computational component and a certificate authority. This approach also presents security issues, since the certificate request sent from a given computational component can be difficult to validate. If the certificate is granted without sufficient validation, the security that the certificate provides is compromised. More thorough validation is time consuming and potentially expensive.
This problem is compounded in an enterprise network including multiple system elements. Providing each system element with a unique certificate and key pair can be a challenge. There are two key questions that must be addressed. First, how does one get the digital certificate to each system element in the first place? Second, if this is done remotely how does one know that the system element on the other end is the system element that it claims to be? The potential solutions include (a) adding unique credentials at the time of manufacture; (b) staging the equipment to add unique credentials; (c) shipping the credentials separately (e.g., on a crypto-token device such as a smart card or other hardware or media; (d) employing a hardware device (e.g., circuit board) whose personality is or can be made unique; (e) providing access to a secure web site from which credentials can be obtained after suitable login and authorization; and (f) hand carrying the credentials to the device on site.
Each of the solutions typically requires some pre-association of credentials with a specific system element. Such an association is not always possible and/or is expensive. For example, such an association is often not possible until an electronic address, such an IP address, is assigned to the system element, which is not commonly done until after connection to the network. Moreover, encoding unique credentials into a system element at the time of manufacture is costly, and the credentials can be viewed by a skilled computer technician and are therefore not tamper proof. The solutions further require involvement of trained technical personnel, which is not only expensive but also can delay significantly the provisioning process.
In options (c) and (f) above, providing the credentials to the device on site, such as using a crypto-token, can be problematical. Because this technique requires a prior association between a specific hardware or software product and a specific crypto-token, providing wrong credentials with a product or misplacement of the credentials can prevent the product from being provisioned and/or licensed until the proper credentials have been provided. This may be time consuming and expensive particularly if the proper credentials have been lost or misplaced and must be recreated.