The Internet is a worldwide network of computers and computer networks arranged to allow the easy and robust exchange of information between users of computers. Hundreds of millions of people around the world have access to computers connected to the Internet via Internet Service Providers (ISPs). Content providers place multimedia information, i.e. text, graphics, sounds, and other forms of data, at specific locations on the Internet referred to as websites. The combination of all the websites and their corresponding webpages on the Internet is generally known as the World Wide Web (WWW) or simply web.
Websites may be created using HyperText Markup Language (HTML) to generate a standard set of tags that define how the webpages for the website are to be displayed. Users of the Internet may access content providers' websites using software known as an Internet browser, such as MICROSOFT INTERNET EXPLORER or NETSCAPE NAVIGATOR. After the browser has located the desired webpage, it requests and receives information from the webpage, typically in the form of an HTML document, and then displays the webpage content for the user. The user may then view other webpages at the same website or move to an entirely different website using the browser.
Millions of Internet users obtain products and services online. Internet users want to be assured that their financial information is handled securely and is not available to “eavesdroppers.” Increasing use and transmittal of confidential information over the Internet demand improved security measures for communications over the Internet.
Common mechanism for providing increased security includes the use of encrypted transactions using digital certificates. One widely used security protocol is the Secure Socket Layer (SSL) protocol which uses a hybrid public-key system in which public-key cryptography is used to allow a client and a server to securely agree on a secret session key.
SSL is a networking protocol developed by Netscape Communications Corp. and RSA Data Security, Inc. to enable secure network communications in a non-secure environment. More particularly, SSL is designed to be used in the Internet environment, where it operates as a protocol layer above the TCP/IP (Transmission Control Protocol/Internet Protocol) layers. The application code then resides above SSL in the networking protocol stack. After an application (such as an Internet browser) creates data to be sent to a peer in the network, the data is passed to the SSL layer where various security procedures are performed on it, and the SSL layer then passes the transformed data on to the TCP layer. On the receiver's side of the connection, after the TCP layer receives incoming data it passes that data upward to the SSL layer where procedures are performed to restore the data to its original form, and that restored data is then passed to the receiving application. The SSL protocol is further described in U.S. Pat. No. 5,657,390 entitled “Secure Socket Layer Application Program Apparatus and Method.” Multiple improvements to the SSL protocol were made in the Transport Layer Security (TLS) protocol, which is intended to gradually replace the SSL.
The protocols underlying the Internet (TCP/IP, for example) were not designed to provide secure data transmission. The Internet was originally designed with the academic and scientific communities in mind, and it was assumed that users of the network would be working in non-adversarial, cooperative manners. As the Internet began to expand into a public network, usage outside these communities was relatively limited, with most of the new users located in large corporations. These corporations had the computing facilities to protect their users' data with various security procedures, such as firewalls, that did not require security to be built into the Internet itself. In the past several years, however, Internet usage has skyrocketed. Millions of people now use the Internet and the Web on a regular basis. These users perform a wide variety of tasks, from exchanging electronic mail messages to searching for information to performing business transactions. These users may access the Internet from home, from their cellular phone, or from a number of other environments where security procedures are not commonly available. To support the growth of the Internet as a viable place of doing business, often referred to as “electronic commerce” or simply “e-commerce”, easily-accessible and inexpensive security procedures had to be developed. SSL is one popular solution, and is commonly used with applications that send and receive data using the HyperText Transfer Protocol (HTTP). HTTP is the protocol most commonly used for accessing that portion of the Internet referred to as the Web. When HTTP is used with SSL to provide secure communications, the combination is referred to as HTTPS. Non-commercial Internet traffic can also benefit from the security SSL provides. SSL has been proposed for use with data transfer protocols other than HTTP, such as Simple Mail Transfer Protocol (SMTP) and Network News Transfer Protocol (NNTP).
SSL is designed to provide several different but complementary types of security. First is message privacy. Privacy refers to protecting message content from being readable by persons other than the sender and the intended receiver(s). Privacy is provided by using cryptography to encrypt and decrypt messages. SSL uses asymmetric cryptography, also known as public-key cryptography (at least for establishing the connection or the so called “handshake”). A message receiver can only decrypt an encrypted message if the message creator used the message receiver's public key to encrypt the message and the message receiver uses his private key to decrypt the message.
Second, SSL provides data integrity for messages being transmitted. Data integrity refers to the ability for a message recipient to detect whether the message content was altered after its creation (thus rendering the message untrustworthy). A message creator passes the message through an algorithm which creates what is called a “message digest”, or “message authentication code”. This digest is sent along with the message. When the message is received, the receiver also processes the message through an algorithm, creating another digest. If the digest computed by the receiver does not match the digest sent with the message, then it can be assumed that the message contents were altered in some way after the message was created.
The third security feature SSL provides is known as authentication. Communications over the Internet take place as a sequence of electronic signals, without the communicating parties being able to see each other and visually determine with whom they are communicating. Authentication is a technique that helps to ensure that the parties are who they represent themselves to be, whether the party is a human user or an application program. For example, if a human user is buying goods over the Internet using a credit card, it is important for her/him to know that the application waiting on the other end of the connection for his credit card information is really the vendor he believes he is doing business with, and not an impostor waiting to steal his credit card information.
One advantage of SSL is that it is application protocol independent. A higher level protocol can layer on top of the SSL Protocol transparently. Thus, the SSL protocol provides connection security where encryption is used after an initial handshake to define a secret key for use during a session and where the communication partner's identity can be authenticated using, for example, a well known public certificate issuing authority. Examples of such well known Certification Authorities (CA) include Starfield Technologies, Inc., RSA Data Security, Inc., VERISIGN, and EQUIFAX.
Authentication is important in establishing the secure connection as it provides a basis for the client to trust that the server, typically identified by its Universal Resource Locator (URL), is the entity associated with the server public key provided to the client and used to establish the secret session key. As noted above, this authentication may be provided through the use of certificates obtained by the server from one of the well known Certification Authorities. The certificate (such as a X.509 certificate) typically includes an identification of the server (such as its hostname), the server's public key, and a digital signature which is provided by the well known Certification Authority. The digital signature is used by a client receiving the certificate from a server to authenticate the identity of the server before initiating a secured session. In particular, the application on the client initiating the secured communication session, such as an Internet browser, is typically installed with a public key ring including public keys for various well known Certification Authorities that allow the client to verify server certificates issued by these Certification Authorities.
FIG. 1 illustrates a prior art method and FIG. 3 illustrates a prior art system for obtaining a digital certificate. The system includes a Subscriber 301 (sometimes called a Requestor), a Certification Authority (CA) 303, and a Communication Link connecting the Subscriber 301 and the Certification Authority 303 (shown on the diagram as a plurality of steps). The method includes the following steps. The Subscriber 301 generates a Certificate Signing Request (CSR) on its server (Step 101). The Subscriber 301 submits the CSR to the Certification Authority 303 (Step 103). The Subscriber 301 receives a certificate from the Certification Authority (Step 105) and installs the certificate on its server (Step 107).
The communications between the Subscriber 301 and the Certification Authority 303 over the Communication Link may include, inter alia, electronic communications via computer networks, telephone communications, and fax communications.
FIG. 2 illustrates an alternative prior art method and FIG. 4 illustrates an alternative prior art system for obtaining a digital certificate. The system includes a Subscriber 301, a Certification Authority 303, a Hosting Provider 401, a Communication Link connecting the Subscriber 301 and the Certification Authority 303, and a Second Communication Link connecting the Subscriber 301 and the Hosting Provider 401 (shown on the diagram as a plurality of steps between the Subscriber 301 and the Hosting Provider 401). The Hosting Provider 401 is an entity that provides hosting services for the Subscriber's website and/or other data. The method includes the following steps. The Subscriber 301 requests the Hosting Provider 401 to generate a CSR (Step 201). The Hosting Provider 401 generates the CSR (Step 203). The Subscriber 301 receives the generated CSR from the Hosting Provider 401 (Step 205). The Subscriber 301 submits the CSR to the Certification Authority 303 (Step 103). The Subscriber 301 receives a certificate from the Certification Authority (Step 105). The Subscriber 301 forwards the certificate to the Hosting Provider 401 (Step 207) and the Hosting Provider 401 installs the certificate on its server (Step 209).
One of the advantages of the SSL protocol is that a Client does not need to verify with a Certification Authority if it issued a certificate to a Subscriber. The certificate, located on a Subscriber's website, is signed by the Certification Authority using the Certification Authority's private key, thus the Client is assured that the certificate was issued by the signing Certification Authority. However, the presence of the certificate on the Subscriber's website does not guaranty that the certificate was not revoked later on.
Revoked certificates impose a major challenge for the SSL protocol. The certificates can be revoked for multiple reasons. A common reason for certificates to be revoked is that the private key of the Subscriber was lost or compromised. A third party may impersonate the Subscriber if it obtains the Subscriber's private key. Other reasons for the revocation of a certificate include situations where a Subscriber obtained a certificate fraudulently (e.g. by providing false information), a Subscriber needs to change some information in the certificate, or a Subscriber is no longer in business.
The available solutions for handling certificate revocations include the Certificate Revocation List (CRL) and the Online Certificate Status Protocol (OCSP). The CRL is a list of revoked certificates; the list is published and signed by the issuing Certification Authority. The OCSP is an online protocol that allows querying the Certification Authority to obtain the status of a certificate. Both of the solutions are hard to implement and use. The CRL is typically a large file and Clients are thus reluctant to upload it on a regular basis. The OCSP is not supported by all CAs yet and is not supported or enabled in the most popular Internet browsers, such as MICROSOFT INTERNET EXPLORER and NETSCAPE NAVIGATOR. MICROSOFT INTERNET EXPLORER will not support the OCSP until the release of Longhorn, currently expected in 2006. If and when the OCSP is going to be enabled on popular Internet browsers, the CAs are expected to get hit with an overwhelming number of requests for verification of certificate statuses. The fact that each response to the request for the certificate status must be digitally signed by the Certification Authority makes it even more difficult for the Certification Authority to handle a large number of requests.
None of those solutions provide an efficient way of dealing with the issue of certificate revocations.
Another concern, which is not addressed in the prior art, is the possible scenario where the signing private key of a Certification Authority is compromised. In this scenario all certificates issued by the Certification Authority and signed with a later compromised key must be revoked. Currently there is no mechanism available to replace all the certificates that the Certification Authority issued to its Subscribers.
Therefore, new methods and systems are needed to overcome the limitations of the current methods and systems. It is desired to create methods and systems that provide more efficient solutions for handling certificate revocations and improving security.