Computer networks are subject to ever increasing security risks. To protect against attacks some network security protocols utilize public-key encryption techniques for secure communication. Public-key techniques use two separate keys—a public key which is made public for others to use and a private key that is only known to its owner. Each user generates a pair of keys to be used for encryption and decryption of message. A device's private key is kept secure and the public key is available to all users. If a first user wishes to send a private message to a second user, the first user encrypts the message using the second user's public key. When the second user receives the message, the second user decrypts it using its private key.
Alternatively, the public-key technique may be utilized to authenticate the sender of the message, instead of securely exchanging the message. In particular, the first user encrypts the message using its own private key. When the second user receives the message, the second user decrypts it using the first user's public key. It is appreciated that no other user but the first user could have generated the encrypted message. Thus, the entire encrypted message serves as a digital signature. In addition it is not possible to alter the message without the first user's private key, so the message is authenticated both in terms of source and in terms of data integrity.
In yet another implementation, a portion of the message is encrypted to generate an authenticator. The authenticator is sent with the unencrypted message. If the authenticator is encrypted with the private key of the first user, the authenticator serves as a signature that may be utilized to verify the origin and content of the message.
In all of the implementations, a method of authenticating the public key of a given device is needed when using public key techniques. Typically, a trusted third party (e.g., certificate authority) verifies the identity of entities, such as individuals and devices. A unique digital certificate is issued to each authenticated entity which confirm their identity. The certificate typically contains the device identifier of the certificate holder, a serial number, expiration dates, a copy of the certificate holder's public key and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
A recipient of an encrypted message uses the certificate authority's public key to decode the digital certificate attached to the encrypted message. The receiving device verifies that the digital certificate was issued by the certificate authority and then obtains the sender's public key and identification information encoded in the certificate. With this information, the recipient can securely communicate on the network with the other device.
The trusted third party, however, adds a significant amount of overhead in small networks and/or networks implementing a modest level of security. A certificate authority can be eliminated and mutual trust can be established directly between the devices if the certificates are transferred outside of the network (e.g., output-of-band transfer of certificates). However, to achieve a reasonable level of security the certificates need to be a large sequence of bits, typically 1024-bits or more. As a result of their length the digital certificates are not readily remembered by users, making manual transfer difficult. Furthermore, the manual transfer of certificates is also difficult if the devices are separated by large distances (e.g., in another building, across town, in another country). Accordingly, it is not practical for a user to manually transfer certificates between devices. Nor can the certificates always be transferred by a portable computer-readable medium (e.g., floppy disk, USB key, SD Flash, portable memory card or the like) because the devices may not have a common portable computer-readable medium interface.