1. Field of the Invention
This invention relates to secure end-to-end communication systems and methods of operation. More particularly, the invention relates to secure end-to-end communications for conducting electronic business in a distributed information system, e.g., the Internet.
2. Background Discussion
Traditionally, organizations, such as retailers, banks, insurance companies in conducting electronic business register their customers or users and control their access to business software applications with a user identification (user ID) and password. The user ID and password establish a user""s identity for accessing secured information. The password is the xe2x80x9cvirtual keyxe2x80x9d that authenticates a user. However, a password does not provide the security needed for electronic business. Passwords have the following limitations:
(a) Can be compromised during log-on by on-lookers;
(b) Can be easily intercepted on the Internet if the transaction is not secured with a secure web protocol, such as secure sockets layer;
(c) authenticate a user to a host, but not a host to a user;
(d) Can be discovered using automated xe2x80x9ctrial and errorxe2x80x9d techniques;
(e) Do not protect transmitted information; and
(f) Do not ensure that access is limited to authorized entities and applications.
A new approach to conducting electronic business on the Internet is described in the cross-referenced application. In this approach, digital keys replaced user identification-password pairs. Public key cryptography uses mathematically related public-private key pairs. Only the private key can decrypt the information the public key has encrypted. The public key can be made available to any one. The private key is kept secret by the holder.
Just as digital keys are replacing user identification-password pairs in electronic business, digital signatures are replacing physical signatures. A digital signature is a coded message affixed to a document or data that helps guarantee the identity of the sender, thereby providing a greater level of security than a physical signature. A digital signature identifies the sender because only the sender""s private key can create the signature. The key also helps ensure that the content of the signed message cannot be altered without the recipient being able to discover that the message has been altered.
Digital certificates are also replacing their physical counterpartxe2x80x94hard copy credentialsxe2x80x94in electronic business. Digital certificates issued by a certification authority vouches for (or certifies) the key of an individual, software application, organization or business. The certificate performs a role similar to that of a driver""s license or medical diplomaxe2x80x94the certificate certifies that the bearer of the corresponding private key is authorized (by an organization) to conduct certain activities with that organization.
However, the life cycle of digital certificates is similar to that of the physical certificates. Digital certificates are issued after authorization in which a user is given the right to use a digital certificate for a classified amount of time. The certificate may be temporarily suspended when a user reports a lost certificate. The certificate may be resumed or revoked when the by the organization. Finally, digital certificates expire and for secure end-to-end communication in electronic business, the certificate must be validated to determine whether the certificate has expired, been revoked or suspended.
Digital certificates are issued through authorized registrars known as Registration Authorities (RAs). The authorities determine whether the applicant should be authorized to access secure applications or services and set in motion the processes to issue a certificate. A Certification Authority (CA) issues the digital certificate after approval by the Registration Authority. The certificate is a binding between a public key and an identity, e.g. a person, organization or computer device. The certitude includes a subject name; issuer name; public key; validity period; unique serial number; CA digital signature. The CA guarantees the authenticity of the certificate through its digital signature. The certificate may be revoked at any time. The serial numbers of revoked certificates are added to a Certification Revoked List (CRL) published in an X.500 Directory based on a standard defined by the International Telecommunications Union (ITU).
IBM xe2x80x9cVaultxe2x80x9d technology provides strong authentication of clients and servers using digital keys and digital certificates for conducting electronic business. xe2x80x9cVaultxe2x80x9d technology is described in the above cross-related application. Briefly stated, xe2x80x9cVaultxe2x80x9d technology provides a secure environment in a web server using a vault controller (hereinafter, web server-vault controller) for running a secure web-based registration process and enabling secure application. The controller provides security from other processes running on the same server and secure areas or personal storage vaults to which only the owner has a key. System operators, administrators, certificate authorities, registration authorities and others cannot get to stored information or secure processes in such personal vaults. Combined with a Secure Sockets Layer (SSL), the controller enables secure registration transactions that require multiple sessions using personal vaults. The personal vault is owned by a particular UNIX account that is linked to a user with a specific vault access certificate. The content of the vault is encrypted and contains an encryption key pair and signing key pair, both of which are password protected. Each vault has a unique distinguished name in an X.500 directory that provides storage for specific items essential to a Public Key Infrastructure (PKI) using digital certificates, certificate authorities, registration authorities, certificate management services, and distributed directory services used to verify the identity and authority of each party involved in any transaction over the internet. The common name portion of a distinguished name is based on a unique vault ID. In addition the controller provides a unique map between the vault ID (which identifies the UNIX user account and the user""s home directory) and the vault access certificate which enables a user to access a vault process.
To handle the exploding growth in electronic business, a registration system and method are needed to provide a set of services to manage the issuance, renewal and revocation of digital certificates for web browsers and servers. Such services should employ web-based facilities for requesting, reviewing certificate applications, and installing certificates. All important user interfaces and business policy requirements of the services should be tailorable with minor screen editing or programming changes on behalf of the business. Finally, certificate requests and responses should be implemented via agents using xe2x80x9cVaultxe2x80x9d technology.
An object of the invention is a secure end-to-end communication system for conducting electronic business using vault technology.
Another object is a registration system and method using public keys for user authentication and registration in a secure end-to-end communications system for conducting electronic business.
Another object is a registration system and method which provides unique mapping between a personal vault and a user from serial numbers and a user""s certificate for the vault.
Another object is a registration system using an automatically generated password for accessing the vaults obtained by signing a token based on a digital certificate""s serial number.
Another object is a registration system in which information about personal vaults is stored in an X.500 directory.
Another object is a vault process, a specialized program running on a vault controller on behalf of each end user under a unique UNIX user ID associated with the end user.
Another object is a vault agent, which allows interaction with a non-web based vault controller.
Another object is a registration system in which a vault agent process, which runs outside the controller, allows a business organization to develop custom applications for obtaining certificates or approving registration requests.
Another object is a registration system and method including a vault controller having a supervisor that runs as part of a Hypertext Transaction Protocol (HTTP) Daemon and acts as a pass through between an end user and an application being run by the user in a personal vault.
Another object is a registration system and method in which all messages between vaults are digitally signed and encrypted.
Another object is a vault controller that provides multiple browser sessions for users within the same controller process.
Another object is a registration system and method which provides vault processes which remain active for long periods of time after a browser disconnects from the controller.
Another object is a registration system and method in which vault processes running in a vault controller are user mapped to a running vault process when a browser re-connects a user to the process.
Another object is a registration system and method including a vault controller having a dispatcher that handles browser requests from other vault processes or from within the vault process threads.
Another object is a registration system and method including a vault controller having variable data pools allowing multiple applications running in a vault to share data.
Another object in a registration system and method using a vault controller which provides secure communications between vault processes by sending messages from a vault process to a specific vault rather than directly to another vault process.
Another object is a secure depositor within the vault process which encrypts and sends a message from a sending process and inserts in the queue of another vault, after which the depositor decrypts and verifies the message for the receiving vault process.
These and other objects, features, and advantages are achieved in a secure-end-to-end communication system for electronic business system and method of operation, e.g., the internet, in which users interact with web server-vault controllers in a secure manner using a standard Internet Engineering Task force (IETE) cryptographic protocol; digital keys and digital certificates. The web serverxe2x80x94vault controller provides personal storage in vaults in the controller for users, registration and certification authorities. Each personal vault runs programs on the controller under a unique UNIX user ID. Data storage is provided by the controller wherein the storage is owned by the same user ID assigned to the vault. A registration authority running as a software application in the controller processes requests to issue, renew and revoke digital certificates issued by a Certification authority. The certification authority running as software application in the controller includes a certificate management system that provides services such as issuing, revoking, suspending, resuming, and renewing a user""s right to digital certificates. The system also supports and maintains Certificate Revocation Lists (CRLs) in an X.500 directory, which provides storage for the public keys; public key certificates and certificate revocation lists. A Registration Authority interacts with the vault controller to decide whether an applicant qualifies to receive a digital certificate. A registration application running outside of the controller includes the ability to use a web interface to handle requests and administer the application, obtain service certificates, customize certificates, obtain certificates with or without vaults, and implement custom security policy controls for business organizations. The RA application provides support for multiple registration authorities in a manual or automated approval process mode.