1. Field
The invention relates to the field of information security and, more particularly, to the assigning of trust to a key employed in an electronic operation.
2. Background Information
In modern computing environments, it is desirable to identify the authenticity, integrity and authority of software modules seeking access to data/or and services for which access may be restricted. For example, on a computer system comprising software modules from a variety of sources, including commercial software vendors, the Internet, and private bulletin board services, it may be useful to restrict access by some modules to services that read, write, or otherwise modify information on the computer system mass storage device (for example, a hard drive). A computer system may be any device comprising a processor to execute instructions and a memory to store the instructions. For example desktop computers, laptop computers, hand held computers and set-top boxes are all examples of what may comprise a computer system. As used herein, the term “software module” may refer to any form of packaging (that is, organizing and grouping) sequences of software instructions, for example executable programs, statically-linked libraries, dynamically-linked libraries, applets, objects, and many other forms of packaging and organization for software sequences well known in the art.
One technique for providing security is to associate a secret value, sometimes called a key, with each software module seeking access. If the possessor of the key may be traced back to a trusted source, such as, for example a “Certificate Authority” such as Verisign Inc. of Mountain View, Calif., the module or modules associated with the key may be trusted with access to select services and data.
One difficulty with this approach is that keys may be “compromised”, meaning that secret components of their value may become known to a third party not intended to possess such knowledge. In well-known public-private key systems, such as the RSA Public Key Cryptosystem (1977), secret values may be compromised in a number of ways, including through inadvertent disclosure of the private key, or through reverse engineering (sometimes known as key or code “cracking”) of data or software encrypted with the key.
When a key is compromised, the parties with unauthorized access to the key may impersonate authorized parties to obtain access to the secure services or data available to those with legitimate knowledge of the key. Consequently, it may be desirable to “revoke” the trusted status of the key so that it may no longer be used for access to secure data and services. Once revocation occurs, it may be difficult or impossible for software modules authorized to rely on the key to continue accessing the secure data or services because, along with the unauthorized parties, their access is revoked along with the trusted status of the key.
Software modules relying upon the revoked keys may embed an identification of the revoked key within the binary file or files comprising the modules themselves. In this circumstance, the software module may be re-compiled, re-linked, and redistributed with a new embedded key whose trust has not been compromised. Recompilation, re-linkage, and redistribution of software modules may be an arduous and expensive process. Therefore, there exists a continuing need for techniques to assign trust in a new key once trust in a key has been compromised.