X.509 is an International Telecommunication Union (ITU) standard for public key infrastructure (PKI) and privilege management infrastructure (PMI). X.509 specifies a public key certificate for cryptographically binding a digital signature of a certification authority to a particular public key of a particular user so that the public may be assured, via the digital signature of the certifying authority, that a message encrypted using the public key of the particular user may be decrypted by the user's private key (hopefully, only by the particular user), and that a message that can be decrypted using the particular public key came from someone possessing the corresponding private key (hopefully, only the particular user). X.509 is described in Request for Comment 5280 (RFC 5280) of the Internet Engineering Task Force organization.
X.509 includes two extensions described in RFC 3779. The first extension binds a digital signature of a certification authority to a list of Internet Protocol (IP) addresses (e.g., a set of personal computing devices). The second extension binds a digital signature of a certification authority to an Autonomous System (AS) number (i.e., a set of routers).
The theory employed by the prior art digital certificates is that an electronic communication encrypted using a public key bound to a digital signature of a certification authority has not been altered (e.g., is free from malicious code) prior to encryption. The theory is based on the assumption that a user starts with electronic information (e.g., a computer program) that has not been altered. If a user encrypts unaltered information using public key cryptography then the recipient of the encrypted information is reasonably assured that the information has not been altered during transmission. If the assumption is not correct then using public key cryptography to encrypt and transmit the altered information will not protect a recipient from the effects of the altered information. Extending the X.509 certification process to a set of IP addresses or a set of routers also does not protect a recipient against the effects of information that was altered prior to encryption and transmission.
The X.509 certificates have been used in serial fashion by multiple certification authorities to form a chain of trust. That is, a public key bound to a digital signature of a root certification authority is used by a first user to communicate with a second user. The second user modifies the information received and either self certifies the modification (i.e., the second user's digital signature is bound to the second user's public key) or gets a second certification authority to do so and sends the second certified information to a third user along with the root certification so that the third user may verify the chain of certificates back to the root certifying authority. If there is a break in the chain of the certifications then the communication is not trusted (i.e., it is assumed that it has been altered by an unauthorized entity). While the chain of authority certifications give some assurance that the transmissions were not altered by an unauthorized entity they still do not guarantee that the users started with information that was not altered by an unauthorized user or that would not be altered in an unwanted way during use of the information.
There is a need for a chain-of-trust certification device and method that enables detection of unauthorized alteration of electronic information at more than just the encryption and transmission levels, indicates whether any revisions were made to the electronic information, but also allows for the use of uncertified computer objects. The present invention is such a device and method.
U.S. Pat. Nos. 7,275,155 and 7,747,852, both entitled “CHAIN OF TRUST PROCESSING,” discloses a method of using a first certificate to obtain another certificate to establish a train of trust. U.S. Pat. Nos. 7,275,155 and 7,747,852 are incorporated by reference into the specification of the present invention.
U.S. Pat. No. 8,510,859 entitled “METHODS AND ARRANGEMENTS TO LAUNCH TRUSTED, CO-EXISTING ENVIRONMENTS,” discloses a method of launching trusted environments by comparing integrity metrics for the runtime environment of an embedded partition against integrity metrics for a trusted runtime environment of the embedded partition. U.S. Pat. No. 8,510,859 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20080010448 entitled “DELEGATED CERTIFICATE AUTHORITY,” discloses a method of generating a digital certificate that includes a common name field and a distinguished field name for identifying a plurality of resources in the certification path between the trusted root resource and the resource issuing the digital certificate. U.S. Pat. Appl. Pub. No. 20080010448 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20090259854 entitled “METHOD AND SYSTEM FOR IMPLEMENTING A SECURE CHAIN OF TRUST,” discloses a device for and method of authenticating less-secure boot code using a secret key. U.S. Pat. Appl. Pub. No. 20090259854 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20080313712 entitled “TRANSFORMATION OF SEQUENTIAL ACCESS CONTROL LISTS UTILIZING CERTIFICATES,” discloses a device for and method of mapping an access policy as expressed in an access control list to a set of certificates. U.S. Pat. Appl. Pub. No. 20080313712 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20090070591 entitled “GRID MUTUAL AUTHORIZATION THROUGH PROXY CERTIFICATE GENERATION,” discloses a device for allowing a primary resource to offload a grid computing job to a secondary resource if the user machine and the primary resource mutually authenticate the secondary resource. U.S. Pat. Appl. Pub. No. 20090070591 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20100048296, entitled “RESOURCE VALIDATION,” discloses a device for and method of validating a digital certificate that was generated using an access key stored within the basic input/output system (BIOS) of the machine that generated the certificate. U.S. Pat. Appl. Pub. No. 20100048296 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20110119390, entitled “SELECTIVELY RE-MAPPING A NETWORK TOPOLOGY,” discloses a device for and method of selectively re-mapping a network topology based on information in a user profile. U.S. Pat. Appl. Pub. No. 20110119390 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20100138907, entitled “METHOD AND SYSTEM FOR GENERATING DIGITAL CERTIFICATES AND CERTIFICATE SIGNING REQUESTS,” discloses a device for and a method of issuing digital certificates and signing the certificate request with a trusted root chain associated with the network resource. U.S. Pat. Appl. Pub. No. 20100138907 is incorporated by reference into the specification of the present invention.
U.S. Pat. Appl. Pub. No. 20130191643, entitled “ESTABLISHING A CHAIN OF TRUST WITHIN A VIRTUAL MACHINE,” discloses a device for and a method of establishing a chain of trust in a virtual machine by generating a trust anchor by measuring an immutable portion of a virtual machine image configured to instantiate as the virtual machine. U.S. Pat. Appl. Pub. No. 20130191643 is incorporated by reference into the specification of the present invention.