Authentication of digital encoded products (such as software programs) is commonplace in modern data processing infrastructures. The authentication process is used to certify the identity of an entity from which any product is received. The need of authenticated products is particularly acute in environments (typically based on the Internet) that are open and then allow aft uncontrolled access thereto. For example, a software distribution application requires the authentication of any applet used to perform the operations needed for installing the desired software products on target computers; in this way, the origin of the applet can be verified (by a user of the target computer) before authorizing the execution of potentially dangerous operations.
Generally, the authentication process involves the generation of a digital signature using a private key; a trusted certification authority guarantees the identity of the owner of the private key by means of a corresponding digital certificate. In order to increase security of the authentication process, the private key is commonly encrypted and protected by a password that must be typed during a signing procedure. The owner of the private key must take all the precautions required to prevent any loss or disclosure of the password, which can result in an unauthorized and malicious use of the private key (for example, with the distribution of harmful code by a hacker pretending to be the owner of the private key).
However, in many practical situations access to the private key must be granted to several persons; for example, a typical scenario is the authentication of the software products that are routinely delivered by different teams of a software development laboratory in a large corporation. In the above-mentioned situations, it is unavoidable to share the password for accessing the private key among a high number of persons. However, this uncontrolled dissemination of sensitive information can jeopardize the security of the authentication process. Particularly, the risk of misuse of the private key is strongly increased; moreover, the actual use of the private key by the different persons cannot be tracked in any way.
At the same time, the control of the accesses to the private key is very critical. In fact, the revocation of an authorization granted to a specific person involves the generation of a new access password and its distribution to all the (still authorized) persons. For example, this process must be performed whenever a person has been transferred to a different department or has left the company. However, the operations described above are very complex, time consuming and prone to security breach.
Vice-versa, limiting the access to the private key involves the need of having multiple digital certificates with corresponding private keys (for example, one for every team). However, this approach is detrimental to the corporate image on the marketplace; moreover, it increases the costs of buying and renewing the different digital certificates. The security problems are also exacerbated by the proliferation of the sensitive information to be protected.
An additional drawback is due to the fact that the signing procedure requires the typing of the access password for each product to be authenticated. As a consequence, the authentication process cannot be unattended.
Alternative approaches supported by the signing tools known in the art are not tenable. For example, some signing tools support a command line interface that allows passing the access password as a parameter; in this case, the access password can be inserted in an instruction of a script calling the signing tool. Different signing tools make it possible to import the private key from a configuration registry. However, those solutions are unacceptable, because they would involve the dissemination of the private key without any control.