Secure communication among a community of users is critical given today's increased use of email and other types of Internet communication in business-to-customer, business-to-business, and business-to-independent consultant applications. An example of a business-to-customer application utilizing secure communication is a bank providing monthly notifications of account balances to its clients via email or banking software applications. An example of a business-to-business application utilizing secure communication is sending emails confirming receipt of invoices from a supplier. An example of a business-to-independent consultant application utilizing secure communication is transmittal of confidential client account access information to an independent personal financial advisor. Business-to-business and business-to-independent consultant scenarios also often employ secure collaboration among the parties involved. Such collaboration requires secure communication with authenticated and authorized access to information across organizational boundaries.
Secure communication has typically been described and addressed as a peer-to-peer communication problem, for example, between a party A and a party B. Parties A and B may be members of a large community where secure communication may occur between any pair of parties within the community, or only between pairs in which only a designated party, such as party A, is involved. The latter case typically occurs in business-to-customer applications. Existing solutions today, such as those based on the public key cryptography, typically require deployment of expensive new infrastructure and are plagued by bottlenecks and other inefficiencies.
Public key cryptography is used in many applications to secure network communications between parties. Public key cryptography employs public/private key pairs to secure communications by encrypting a message with a given public key such that the message may be decrypted only with the matching private key, and vice versa. The private key is a secret maintained by its owner. A significant hurdle in the implementation of public key cryptography systems is the distribution of public keys in a trustworthy manner.
Currently, digital certificates are a typical means for distributing public keys. For example, in public key infrastructure (PKI) systems, the digital certificate is a data structure used to bind a particular, authenticated user to a particular public key, thereby ensuring the integrity and authenticity of the public key transfer. Hence, a digital certificate is a digital representation of information including the name or some other identity associated with the subscriber, the subscriber's public key, the operational period of the digital certificate, the certification authority issuing the digital certificate and a digital signature or similar verifying mechanism corresponding to the certification authority.
PKI systems which enable the distribution of public keys using digital certificates have been historically unwieldy and unaffordable to all but the largest companies given the various representation formats for certificates and the complexity of the associated certificate allocation and revocation mechanisms. The high cost of implementing and using PKI systems and the associated digital certificates has deterred many small and medium-sized businesses from utilizing secure network communication and collaboration. Furthermore, social engineering methods have been utilized to corrupt the trust in PKI systems to obtain falsified digital certificates, a type of risk associated with any centralized trust authority.
Identity based encryption (IBE) is another public key cryptography technique that does not use digital certificates, but instead uses algorithms to generate matching public/private key pairs. IBE enables senders to encrypt messages for recipients without requiring the recipient's public key to be established, certified and published. The keys used for IBE are based on the identity of the recipient in the system and some other public parameters provided by a key generation server. The appropriate public key is generated based on the recipient's identity and other public parameters by an entity wishing to send an encrypted message to the recipient. Then, the key generation server provides the matching private key to the recipient of the message, who must also authenticate with the key generation server to receive the private key and, thereby, decrypt the message. In this way, all secure communications are monitored and managed from a centralized authoritative key server.
However, this centralized key server also provides a single point of failure and/or attack for an IBE system. Furthermore, the key server usually must be available to public networks in order to distribute its public parameters, yet this accessibility leaves the key server more vulnerable to attack by malicious users. Once a malicious user has obtained the value of the key generator's master key, then the malicious user may calculate all other keys. To mitigate this risk, the master key is changed periodically. However, periodically changing the master key significantly increases system complexity as all public and private keys must correspondingly change and all public and private keys generated based on the old master key must be revoked. Variations of IBE that relax the key escrowing features of IBE have been proposed, but they too suffer from the need for a key generation server, and the problems arising from partial sharing of secrets between the key generation server and network entities
For example, email is a widely available means of communication among low-end users and much effort has been spent on securing emails using PKI and IBE systems. Although these secure email solutions provide the ability to exchange keys, they have not yet met the price and feature requirements of many users, resulting in limited deployment of secure email solutions. Additionally, other Internet-based communication, such as community bulletin boards or web sites providing secure message exchange, or secure web-based mail boxes for providing pair-wise secure message exchange between parties, are limited by a username/password mechanism for authentication and secure sockets layer (SSL) encryption for confidentiality. The use of username/password mechanisms are known to suffer from inherent security limitations, such as being prone to mishandling of passwords by users and attack by password cracking programs. However, migrating away from username/password mechanisms is difficult, especially given that deployment of PKI or IBE techniques can require significant up-front investment in terms of equipment (e.g., servers) and/or software development and configuration.