Generally, computer security refers to measures taken to protect against some unwanted occurrence, such as the invasion of privacy, theft, and the corruption of information stored on the computer. Security techniques such as encryption, passwords, and firewalls are designed to prevent unauthorized access to information, to protect the integrity of computing resources, and to limit the potential damage that can be caused by attackers and intruders.
Encryption refers to a process by which information is transformed into an unreadable form, which cannot readily be deciphered without a secret key. Encryption is widely used to protect information in many different situations. For example, most Internet browsers for surfing the Internet include encryption algorithms for processing commercial transactions, where the browser encodes data into a form that is unreadable without the appropriate key before transmitting the encoded data over the Internet.
One type of encryption that may be used to secure transmitted data is referred to as public key encryption (also referred to as asymmetric encryption). Public key encryption (PKE) is a form of encryption that equips each user with two keys: a private key and a public key. Both the private and public keys can be provided by a trusted third-party known as a certificate authority (CA). One example of a trusted third-party that serves as a certificate authority is Verisign, Inc. of Mountain View, Calif., which issues digital certificates that can be used to create public-private key pairs.
The public key for each intended recipient is known by everyone with access to the key registry maintained by the certificate authority and is used to encrypt messages sent to an intended recipient. The private key, which is known only to the intended recipient, can be used to decrypt the message. The public key and private key are linked in a manner such that only the public key can be used to encrypt messages to a particular recipient, and only the private key held by that recipient can be used to decrypt the messages. As long as the private key holder maintains the secrecy of the private key, security of data transmitted between the sender and the intended recipient can be maintained, meaning that the risk of eavesdropping (compromising the privacy of information in transit), tampering (changing or replacing information in transit), impersonating (posing as the intended recipient), and spoofing (impersonating the sender) can be minimized.
A public key infrastructure (PKI) is a means by which public keys can be managed on a secure basis for use by widely distributed users or systems. Public key infrastructures typically include defined data formats, infrastructure components (such as security administrators, certificate authorities, users, and the like), and procedures for the distribution of public keys via digital certificates signed by a certificate authority. In a public key infrastructure (PKI), entities such as users or devices are issued digitally signed certificates, which can attest to the binding between the name of the user and a public key for which the user holds the corresponding private key. The certificates are typically in a standardized form, such as that dictated by standard x.509.
Once a certificate is issued to a user, the user (or device) can use the certificate as a form of proof by which the user can establish a trust relationship with a relying party (e.g. a web server, a network server, a storage device, another computing device, and the like). For example, a trust relationship can enable one device to access secured resources on the other device.
Generally, a relying party is a computer, a device, or other system that includes secured resources, which the user is attempting to access. The term “relying party” refers to the system that must render a trust decision with respect to the certificate or other convincing information. The relying party challenges the user's access request, and in response to the challenge, the user provides the certificate it received from the certificate authority (CA). The relying party inspects the certificate, verifies that the CA's signature on the certificate is correct, and tests an applicant's identity by requesting a proof of some sort that the applicant knows the private key corresponding to the public key identified in the certificate.
An identity certificate generally indicates the name of the user or device, the public key, and acceptable uses for the public key. Typically, the public key may be used for non-repudiation, authentication, and/or encryption. Additionally, the public key may be used for digital signatures. An authority certificate indicates what sorts of operations the user is authorized to perform. As used herein, the holder of a certificate (identity or authority) may be referred to as the “certificate holder,” the “applicant”, the “user” or the “entity.”
Conventionally, a relying party forms a full access or no access decision based on the certificate. Either the applicant is the named entity and holds the appropriate authorization, or not. Unfortunately, this presents a difficulty when the applicant may be operating or may have been operated under adverse circumstances. For example, the applicant could be represented by software whose integrity may have been compromised, for example by a computer virus. Or, for example, the applicant's private key may in fact have been obtained in an unauthorized fashion, such as by eavesdropping. Conventionally, it is difficult to contain the potential damage when such tampering or compromising has occurred.
One suggested approach is to destroy the certificate when the certificate holder enters into a state where tampering might occur. This method has the drawback that certificates are intended to be potentially public, and may well have been disclosed in numerous prior interactions as a basis for establishing trust relationships. Prior usage of the certificate increases the risk that the certificate may be available to an adversary. Normally, such exposure is not a major concern, per se, because the certificate itself is considered “public” and cannot be altered. However, a drawback lies in assuming that the certificate is no longer available when the entity destroys the certificate. An adversary, such as a computer hacker, may restore or make use of the certificate at a point in which a computer system coupled to the storage device enters into a higher risk setting. Alternatively, an adversary, for example, may obtain the private key for the certificate, thereby obviating the entity's precautions.
A further drawback of this and related destructive methods is that the destruction may be irreversible. When an entity returns to a safe zone (such as, for example, the device manufacturer's service center) or an acceptably safe state (such as, for example, when a storage device is reformatted and the operating system software is reinstalled from CDs or other means), it may be desirable to restore the entity's ability to convince a relying party of its trustworthiness. In other words, it may be desirable for the entity to be allowed to prove that it is not tampered or otherwise compromised. Extensive destructive methods can make certificate restoration virtually impossible.
Unfortunately, conventional security measures are typically external to the storage device of the computer, and often exist as applications that operate within an operating system environment of the computer or of another computer connected over a network. Such security measures can be vulnerable to viruses and to attacks on the operating system. Moreover, such applications may be incapable of detecting when the integrity of a storage device has been compromised. In particular, if a virus infects the operating system in which the security application is operating, the security application may be incapable of detecting the virus. Moreover, if the storage device is removed from the computer, the security application can be circumvented. If the security application manages certificates and keys, the protected information may be exposed.
Therefore, there is a need for systems and methods for detecting when an entity may be exposed to a potentially compromising situation. Embodiments of the present invention provide solutions to these and other problems, and offer other advantages over the prior art.