This disclosure relates to cryptographic communications systems, and more particularly, to a public key infrastructure that provides a master public key to enable authorized access to encrypted files.
Electronic commerce enables organizations to communicate, advertise, market and sell their products and services over computer networks such as the Internet. The opportunities that this new technology offers are immense, permitting business to become truly global in its outlook and activity. Electronic commerce will allow anyone with access to the Internet to request information on a particular product or service, place an order for that product or service, and pay for it. All this will be done from a business or home computer, irrespective of whether the customer and the company are separated by ten or ten thousand miles. This has major implications for the way in which business will be conducted in the 21st century.
The need for secure electronic transmission of digital information is widely recognized across a wide range of industries engaged in electronic commerce. Transmission of information over unsecured or unprotected communication channels risks exposing the transmitted information to electronic eavesdropping or alteration. A number of cryptographic communication systems are currently available to preserve the privacy of electronically transmitted digital information and to prevent monitoring by unauthorized parties of messages transmitted over an insecure channel. Cryptographic communication systems also improve the integrity of the transmissions by preventing unauthorized parties from altering information in messages transmitted over an insecure channel. The cryptographic systems can further improve the integrity and authenticity of the transmission by providing for recognizable, unforgeable and document-dependent digitized signatures that can prevent a user from denying that they sent or received a message, thereby establishing confidence in electronic transactions.
Cryptographic systems involve the encoding or encrypting of digital data transmissions, including digitized voice or video transmissions, to render them incomprehensible by all but the intended recipient. A plain text message consisting of digitized sounds, letters, and/or numbers is encoded numerically and then encrypted using one of several complex mathematical algorithms that transforms the encoded message based on a given set of numbers or digits, also known as a cipher key. The cipher key is a sequence of data bits that may either be randomly chosen or have special mathematical properties, depending on the algorithm or crypto-system used. Sophisticated cryptographic algorithms implemented on computers can transform and manipulate numbers that are hundreds or thousands of bits in length and can resist known methods of unauthorized decryption.
There are two basic classes of cryptographic algorithms: symmetric key algorithms and asymmetric key algorithms. Symmetric key algorithms use an identical cipher key for both encrypting by the sender of the communication and decrypting by the receiver of the communication. Symmetric key crypto-systems are built on the mutual trust of the two parties sharing the cipher key to use the crypto-system to protect against distrusted third parties. The sender and recipient must exchange the cipher key over a secure channel in advance of the desired communications between the sender and recipient. This process is often slow and cumbersome, and cannot be used in situations requiring spontaneous or unsolicited communications, or in situations requiring communications between parties unfamiliar with each other. Moreover, interception of the cipher key by an unauthorized third party enables that party to eavesdrop on both ends of the encrypted conversation.
The second class of cryptographic algorithms, i.e. asymmetric key algorithms, uses different cipher keys for encrypting and decrypting. The user makes the encryption key public and keeps the decryption key private, and it is not feasible to derive the private decryption key from the public encryption key. Thus, anyone who knows the public key of a particular user could encipher a message to that user, whereas only the user who is the owner of the private key corresponding to that public key could decipher the message.
Public Key Infrastructure (PKI) is a set of security services that utilizes one or more asymmetric key algorithms in which messages encrypted with one key can only be decrypted with a second key, and vice-versa in a distributed computing system. PKI allows organizations to establish security domains in which they issue keys and certificates authenticating the keys. PKI also allows an organization to update and recover keys and to place keys in escrow to facilitate issuing authenticating keys. Key escrow is the retention of encryption keys by a neutral agency so as to allow access to authorized parties if third-party decryption of encrypted text is necessary. A strong public-key system is one in which possession of both the algorithm and one key gives no useful information about the other key and thus no clues as to how to decrypt the message. A user of a public key system publishes one key, but keeps the other one secret. The world can use the public key to send messages that only the private key owner can read, and the private key can be used to send messages that could only have been sent by the private key owner.
PKI allows users to append a digital signature to an unencrypted message. A digital signature encrypted with a private key uniquely identifies the sender and connects the sender to the exact message. When combined with a digital time stamp, the message can also be proved to have been sent at a certain time. To create a signature, the sender must put their message through a one-way “hash function” to create a fixed-length string of data that represents the content of the message. This hash value is encrypted using an encryption key, thereby creating the sender's digital signature. The signature is then attached to the message. When the recipient gets the message they use a key to decrypt the digital signature, producing a hash value. They then put the message through the same hash function the sender used to create a hash value and compare the hash value they have re-created with the hash value they decrypted from the digital signature. If the hash value the recipient re-creates matches the hash value sent with the message, they know that no-one has tampered with the message. If anyone has changed even one bit in the message, the hash value the recipient re-creates will be different. By using the key that belongs to the sender to decrypt the signature, the recipient knows that the message could only have been “signed” by the key holder. If it was signed by someone else the signature would not decrypt properly. This is how a digital signature provides integrity and authentication.
In a symmetric key system the sender and the recipient both have the same encryption key, but this method only provides two security services often referred to as authentication and integrity. It does not provide non-repudiation because either party could have created the message. To provide non-repudiation, an asymmetric encryption routine is used. Asymmetric encryption algorithms use a public key and a private key. A signature created with the private key can only be decrypted with the corresponding public key from that pair. To guarantee the security of the key pair, the owner of the private key must keep it a secret, while their public key is made available publicly. Thus, only the owner of the private key can sign messages using that key, but anyone who has their corresponding public key can decrypt their signature. Because the sender used a private key known only to them to encrypt the hash value, they can't deny having signed the message because no-one else can create that signature. This provides non-repudiation.
With the aid of PKI it is thus possible to establish a secure line of communication with anyone who is using a compatible decryption system. Sender and receiver no longer need a secure way to agree on a shared key. If one user wishes to communicate with another, they exchange the plain text of their public keys using compatible public-key cryptographic software. Each user then encrypts their outgoing messages with the other's public key and decrypts received messages with their own secret, private key. The security of PKI thus relies upon the security of the private key. Because a third party may send their own key claiming to be another sender, the usefulness of digital signature as an authenticating tool is limited by the ability of the recipient to ensure the authenticity of the key used to verify the signature. In order to rely on the authenticity of the public key, a user needs to get it from some source other than the user sending the message.
Digital certificates are used to bind keys to a particular user. Digital certificates are electronic equivalents of a passport or identity card and are used to verify which keys belong to which user. Certification authorities are the organizations that issue digital certificates. Their function is to verify the identity of a particular user and issue a certificate to that user. Digital certificates contain as a minimum the individual's identity, the individual's public key, the Certification Authority's identity, and the Certification Authority's digital signature. An individual's certificate is typically freely available to anyone wishing to verify a signature. Certification can be provided by either private or governmental organizations. The only requirement is that the Certification Authority is trusted by both the signatory and the recipient. Certificates are often stored on electronic smart cards. Smart cards are usually the same size as credit cards and may also include data processing capability to allow the signing and verification operations to be performed on the cards themselves. Smart cards are seen as desirable as they provide an extra layer of security when storing a individual's signing code.
There are two basic kinds of smart cards. An “intelligent” smart card contains a central processing unit (CPU) that has the ability to store and secure information, and logic algorithms for making decisions as required by the card issuer's specific applications needs. Because intelligent cards offer a “read/write” capability, new information can be added and processed. The second type of card is often called a memory card. Memory cards are primarily information storage cards that contain stored value which the user can “spend” in a pay phone, retail, vending or related transaction. The intelligence of the integrated circuit chip in both types of cards allows them to protect the information being stored from damage or theft. For this reason, smart cards are much more secure than magnetic stripe cards, which carry information on the outside of the card and can be easily copied.
Corporations and other organization may use encryption for internal and external communications. When a number of users have access to internal data processing systems, means to gain access to encrypted files sent between users on the system and from outside sources are required in situations when there is a need to unlock a critical file and the user is unavailable. This may occur, for example, when a user refuses to produce his private keys or terminates employment suddenly and is unavailable to produce the private keys.
The current method to solving this problem is for the organization to escrow all keys and the authenticating certificates issued to users in the organization. This requires a complex database management system to track keys when a large number of users have access to the system.
A further complication arises if the organization wishes to use the certificates to digitally sign documents. In order to insure authenticity of the signatures, the signatures must be non-reputable, which means that the user cannot deny having sent or received transaction data. When keys are escrowed, there is always the possibility that a third party may gain unauthorized access to the keys and compromise security of digital signatures. One way to avoid this is to generate one key pair for digital signatures that is not escrowed, and another key pair for session key exchange that is escrowed. This results in even more complex system requirements to generate two private keys and two public keys per individual. A simpler system for allowing an organization to gain access to critical encrypted information without compromising security is required.