The invention relates generally to systems that employ information security algorithms, and more particularly to systems and methods for controlling software application access to limited access based data, such as cryptographic security keys.
Many of today""s computer systems and communication systems employ some type of information security system such as a public key cryptography system or other cryptographic based security system to either encrypt information communicated among applications or to other units within the system, or to digitally sign documents as a method of electronic commerce or for other suitable purpose. Information security systems are often used by multiple software applications, for example, an e-mail application may use public/private key cryptographic programs to allow the encryption of electronic mail or digital signing of electronic mail. Similarly, other software applications such as financial transaction applications that allow a user to digital sign, for example, electronic contracts or purchase orders to carryout financial transactions, may also use the same public public/private key infrastructure as the e-mail application and other applications within the system. In a public/private key based cryptography system as known in the art, a private signing key and a private decryption key may be stored in an encrypted secret file in each computer corresponding to a user of the computer. The user typically has to login on the computer to gain access to the secret key information by entering a specific password, or through another mechanism, each time the security system needs to be used. As such, when multiple applications are being used by a user, a login requirement on a per application basis for use of the security system becomes cumbersome, although it can provide a high level of security from unauthorized access.
In other known computer systems using information security systems, a single login by the user can be used wherein subsequent applications are allowed access to the secret key information stored in the file. When a login or use is requested by a different application, the application retrieves the stored login information and obtains it automatically. A problem arises with such systems when rogue software applications may be attempting access to a computer either in a foreground or background mode. Since the system allows access by any application seeking use of the cryptographic system, protected credentials such as secret decryption keys and signing keys can be obtained without the user""s knowledge. As a result, an unauthorized party may use a rogue application to obtain a secret signing key to digitally forge documents or decrypt important documents that were originally encrypted only for receipt by a specific user. The rogue application can attempt and obtain access, by being downloaded, for example, from a worldwide computer network.
In an attempt to overcome such problems, a code-signing scheme has been developed to help ensure that a specific software application is a legitimate application. For example, when a manufacturer releases a new software application, or new version of a previously released application, over a public network, the manufacturer digitally signs the software application with a signature that is trusted by the receiving unit in the network through the use of, for example, certificate authorities, as known in the art. As such, a computer node or other communication unit may determine that the application is not a virus or a rogue software application. Code signing schemes generally involve an executable file being digitally signed by a trusted authority and the signature is verified by a computer unit before the program is run. However, these schemes do not typically involve access to limited access based data, such as a user""s secret signing key or decryption key. A problem with such systems is that an operating system or other application cannot prevent code signed applications from accessing digital signing keys or other cryptographic keys for information that may not be necessarily needed by an application. Hence, no personal security data is protected. A user of a node or software application within a given node does not have the ability to decide whether access to cryptographic keys or other limited access based data should be restricted. In addition, all of the trust is in the manufacturer or the entity signing the application.
Other computer systems are known that have mechanisms that allow a user to grant or deny specific applications access to peripheral devices such as hard disks and to limit access to networks. However, such systems do not typically involve providing access to a user""s limited access based data for a number of different software applications.
Consequently there exists a need for a system and method for controlling application access to limited access based data, such as security parameters including private keys and other security-related information.