Data communication networks are often used to transfer data between computing devices, for particular users or the devices themselves, either of which may be commonly referred to as correspondents or entities or both, and have become ubiquitous with modern commercial activities. Cryptographic systems may be deployed to achieve security goals such as confidentiality, data integrity, data origin authentication, entity authentication, and non repudiation.
Symmetric key cryptographic systems achieve these goals by sharing a common secret key between two correspondents.
Public key cryptography utilises a public/private key pair for each correspondent. The public key and private key are mathematically related such that computing the public key from the private key is relatively simple but recovery of the private key from the public key is considered computationally infeasible. The private key is maintained secret at all times but the public key is distributed or made available to other correspondents.
Public key cryptography enables a message from a sender to be encrypted using the public key of the intended recipient and further enables the message to be recovered by the recipient using the corresponding private key, which is known only to the recipient.
Messages may also be signed by the sender using the sender's private key and the signature may then be verified by a recipient using the sender's public key.
Many protocols have been developed to perform encryption, signing and key agreement using public key cryptography. It is however inherent in these protocols that the public key being used is in fact associated with the appropriate correspondent or entity and is not that of an interloper purporting to be that correspondent, referred to as entity authentication. In order to provide entity authentication, a hierarchy of trust may be established.
For example, a pair of correspondents who wish to correspond can rely upon a third party that they both trust. The third party, referred to as a certificate authority (CA) may be, for example, a bank, a service provider, or a manufacturer to name a few. The CA has a public/private key pair and the CA's public key is available to and trusted by each of the entities. The CA public key may be, for example, embedded in the correspondent's computing device at manufacture or sale and is used to verify the signatures on messages sent from the CA to one or both of the correspondents.
When one correspondent wishes to distribute her public key to other entities, she may ask the CA to sign a message containing her public key, which confirms that the public key belongs to her. The message and the signature may then be sent to the other entity who uses the CA's public key to verify the signature and thereafter use the sender's public key with confidence.
The formatting of the message and signature is referred to collectively as a certificate that is issued by the CA. It will be appreciated that the hierarchy may extend through multiple tiers so that the CAs may themselves have a common trusted third party, and so on, back to a root. In this way, the trust may propagate through different layers of the PKI and facilitate the transfer of information throughout the network.
To provide interoperability over a wide network, it is desirable for the certificates to share a common format. The certificates typically comprise data strings and in order to be able to extract information from the string, the correspondent needs to know the format of the string. The format of the certificates may therefore be standardized or otherwise define a specific format, to allow each correspondent to utilize the certificates issued by the CA.
One standard for certificate formatting is ITU-T X.509 (hereinafter ‘X.509 ’ for brevity). These certificates are issued from a CA after processing a certificate request, such as a PKCS#10 certificate request file.
Alternative certificate formats may have particular characteristics, such as an ability to be used at a reduced bandwidth, making them particularly suitable for constrained environments such as wireless communications. For example, the Elliptic Curve Qu-Vanstone (ECQV) protocol offers a method for creating implicit certificates and therefore can offer significant bandwidth savings.