1. Technical Field
This invention relates generally to public key cryptography, public key management infrastructure, and digital certificates issued by a certification authority (CA), which together form part of a public key infrastructure (PKI). More specifically, the invention relates to computer-implemented techniques based on digital certificates for managing the risks associated with a public key management infrastructure shared by multiple users.
2. Background Art
Public key cryptography is an approach to enabling secure communications using key pairs. Each key pair includes a public key and a private key. The public key and private key are related so that a message encrypted by one key may be decrypted only by the other, but it is computationally infeasible to deduce the private key given the public key. The private key is typically created and securely held by an entity; while the corresponding public key is typically made widely available. Secure communications between parties may then be enabled by using the parties' public and private keys.
The use of public key cryptography addresses many of the inherent security problems in an open network such as the Internet. However, two significant problems remain. First, parties must be able to access the public keys of other entities in an efficient manner. Second, since in many protocols entities are associated with and in some sense identified by their public keys, there must be a secure method for parties to verify that a certain public key is bound to a certain entity.
A public key management infrastructure addresses these two problems. In one common approach, the public key management infrastructure is based on digital certificates, which are used to associate a certain public key to a certain entity with some degree of integrity. The public key management infrastructure typically would include a database of digital certificates, and various operations are provided in order to access and maintain this database. For example, requests for new digital certificates are processed, digital certificates are revoked, and the status of existing digital certificates is designated and checked.
The public key management infrastructure, then, provides one important link in implementing secure protocols based on public key cryptography. As a result, the integrity of the public key management infrastructure must be secured or, put in another way, risk factors which could degrade the integrity of the public key management infrastructure must be managed. For example, in the case of a digital certificate database (or "repository"), there is usually some risk that someone may make unauthorized changes to the records in the database or that someone may gain access to records for which he should not have access. Alternately, there may be some risk that one of the database or PKI administrators makes a clerical error while maintaining the database. In order to improve the reliability of the public key management infrastructure, it is important to manage these risks to the repository.
The repository risk management policy may be implemented in part by using passwords, personal identification numbers, and the like, to control authentication and authorization. For example, before a database or PKI administrator can access a digital certificate database to make changes, he may be required to input his password. This password may then determine the extent of the administrator's authority, including, for example, the database records which the administrator is permitted to manipulate (i.e., his authorized domain) and/or the operations which he is permitted to perform on these records (i.e., his authorized privileges). The shortcomings of these approaches are well-known. For example, if the password is too simple, a third party may be able to deduce the password by guessing or by using a brute force attack. Alternately, the third party may acquire a password simply by eavesdropping when the administrator inputs the password or when the password is transmitted across an unsecured communications link. Once the third party has acquired the password, he gains access to the database by exploiting the grant of authority associated with the password.
These shortcomings are aggravated when the public key management infrastructure is subjected to use by groups of users. For example, a company may have a number of database and PKI administrators, each of whom is granted the same authority to manipulate the public key management infrastructure. If access to the public key management infrastructure is controlled through the use of passwords, each group of administrators may have a single password which is then distributed to all of its members, but the widespread distribution of the password inherently compromises the discretionary access properties of the particular password. Alternately, individual passwords may be assigned to each administrator in the group, but this results in an administrative burden since a large number of passwords must be maintained and each of these passwords must also be linked to the corresponding domain and/or privileges.
In another approach, the risk management policy may be implemented in part by physically separating different domains. For example, a company may have a number of divisions, each of which issues their own digital certificates and has their own PKI administrators for servicing their digital certificates. If all of the company's digital certificates are stored in a single database on a single computer, there is some risk that an administrator from one division may accidentally manipulate digital certificates from another division, even if the system is designed to prevent this. This risk may be reduced by storing the digital certificates for each division in a separate database, may be reduced even further by running each database on a separate computer, and reduced even further by severing any network links between the computers. This approach, however, has the disadvantage of requiring multiple systems. For example, in the examples given above, multiple separate databases, multiple separate computers and/or multiple separate networks are required. This shortcoming is aggravated since the public key management infrastructure must be secured and, if it is divided into separate systems, each system must also be secured.
In yet another approach, the risk management policy may be implemented by allowing a central authority to access the public key management infrastructure and limiting the access of others. For example, a number of companies may contract for a third party operator to implement the public key management infrastructure on their behalf. In other words, the operator would maintain a database which contained the digital certificates and other authentication information from all of the companies. In this situation, there is a risk that one company's administrator might manipulate the digital certificate records of another company, or even simply that one employee might be able to browse through the digital certificate records of another company. To reduce this risk, the operator might require all repository requests to be funneled through its own personnel. Hence, if an employee from one company wished to perform a search, he would have to submit the search request to the appropriate operator personnel, who would then perform the search. One disadvantage of this approach is that an intermediate layer of operator personnel is required to ensure reliable use of the public key management infrastructure.
Thus, there is a need for efficient techniques which allow multiple users to share a public key management infrastructure, while simultaneously managing the risk associated with such sharing. There is also a need to allow multiple groups to share a public key management infrastructure and a further need to permit this while simultaneously allowing users, including PKI administrators, to directly access the public key management infrastructure.