For the purpose of the present description, an “untrusted environment” shall be understood to mean any communications or networking environment in which it is possible for attackers to modify messages, delete messages or even add or replay messages. The public Internet is a common example of an untrusted environment, since it is not possible to prohibit attackers from modifying, deleting, adding or replaying messages. Cable and Satellite television distribution networks can also be untrusted, to the extent that, once set-top receiver/decoder units are distributed to end-users, they can be “hacked” to enable unauthorized access to programming content.
In order to enable secure communications in an untrusted environment it is usual to apply cryptographic algorithms and mechanisms to detect that a message is invalid for one or more of the previous reasons. Such cryptographic techniques require the participants to be in possession of the appropriate cryptographic keys. It is common for service providers or operators to implement a security domain in which a set of cryptographic keys are distributed to authorized parties. These keys can then be used to facilitate secure communications between those parties. For example, in Cable and Satellite television distribution networks, it is common practice for operators to encrypt their programming content using a private cryptographic key. The complementary public key is distributed to authorized subscribers as a security token, which enables users to decrypt and view the programming content. Private/public keys are also commonly used to implement a security domains (for example in the form of virtual private networks (VPNs)) in the public Internet.
It is well known that in a cryptographic security system of the type described above, it is necessary to update the keys (and frequently also the algorithms) in a timely fashion to ensure that the security of the system is preserved from advances made by the hacker fraternity. In general the operators of a security system may choose to change the keys and perhaps even increase their size at regular intervals. In some security systems it may even be desirable to change the algorithm. This is a common problem for example with Satellite TV conditional access systems which are a prime target for hackers.
The problem for the operator is that the overheads and risks of regularly changing the cryptographic components may be unacceptable and they may be persuaded to allow a longer period between key changes than is desirable. The complexity of such key management systems is well known.
In some systems (such as VPNs and Satellite television distribution networks) the task of updating keys is simplified, somewhat, by the fact that a user must connect to a secure (trusted) resource at some time. For example, in a VPN, a remote user must log onto a secure server in order to access the services of the VPN. In Cable and Satellite television distribution networks, the user's set-top receiver/decoder unit must be connected to a secure content server in order to receive programming content. In either case, the connection to the secure resource provides a means by which the age of the security token(s) stored on the user's remote device can be determined, and updated tokens distributed as required.
However, in some systems, a user might log into a secure resource only infrequently, or never. This type of situation could occur in some electronic commerce systems, for example where a user may interact with other users, but only rarely (if ever) log into a central server of the system. In such cases, date and time information associated with keys stored in a user's device cannot be trusted, and so cannot be used to determine the age of those keys, and the need for updating them. Furthermore, a reliable mechanism for updating a user's keys is lacking.