This invention relates to supporting secure network connections, and more particularly to updating trusted root certificates on a client computer.
Computer technology is continually advancing, resulting in continually evolving uses for computers. One such use is with other computers over a network, such as the Internet, to obtain or exchange information, purchase or sell goods or services, etc. To assist in such communication, the Internet supports the xe2x80x9cWorld Wide Webxe2x80x9d, which is a collection of facilities that links together documents (each referred to as a xe2x80x9cweb pagexe2x80x9d). Web pages can be located on the same server or distributed among multiple servers worldwide.
The uses for the Internet and the World Wide Web are continually increasing, and have expanded into xe2x80x9csecurexe2x80x9d areas. Maintaining security in a large public network such as the Internet can be a difficult task. Different mechanisms for maintaining security have been developed, such as the Secure Sockets Layer (SSL) security protocol. The SSL protocol uses a public key infrastructure to maintain security. In establishing an SSL connection between a client computer and a server computer hosting a web page, the server computer transmits a certificate to the client computer for verification. If a trusted certifying authority has approved the server computer (or web page) for secure connections, then a root certificate that is maintained at the client and issued by a root certifying authority (CA) will verify the certificate received from the server.
Currently, many different certifying authorities exist and new certifying authorities are continually being established. The root certificates maintained at the client computer are typically included as part of an application, such as a web browser (which allows a user to access web pages) or an operating system. Problems arise with the use of root certificates because new certifying authorities are being established that would like to include new root certificates at the client computers, or existing certifying authorities may want to add new root certificates, after the application has been distributed to consumers. However, adding new root certificates to an application that has already been distributed to consumers can be a difficult and cumbersome process.
One solution to this problem is to re-distribute the application including the root certificates (e.g., a web browser or operating system) each time a new root certificate is to be added. However, this is cumbersome on both the application developer and distributors as well as the consumer because new versions would have to be continually distributed (e.g., changes in root certificates could occur as frequently as weekly or daily), and the consumer would be required to install each new version of the application. Such continual installation is burdensome on the consumer, particularly since the consumer may not actually use the new certificates.
Another solution to this problem is to require the user to manually install new root certificates. However, this solution is also burdensome on the consumer because the consumer is required to know that he or she needs a new certificate, as well as how to obtain such a certificate, verify the integrity of the certificate, and proceed with manually adding the certificate to his or her computer. Such manual installation is unlikely to be attempted, much less successful, by anyone except the most experienced users.
Thus, it would be beneficial to provide a more user-friendly way in which root certificates at a client computer can be updated. The updating of trusted root certificates on a client computer described below addresses these disadvantages, providing a more user-friendly approach to updating root certificates.
Updating trusted root certificates on a client computer is described herein. An update process is used to update the root certificates on the client computer, allowing the integrity of existing root certificates as well as any new root certificates to be maintained.
According to one aspect of the invention, a root certificate store on the client computer is updated by adding trusted root certificates to the store, removing root certificates from the store, or modifying usage restrictions of root certificates in the store. A cryptographically signed message including a certificate trust list, as well as any new root certificates to be added to the store, is accessed by an update root control to update the root certificates in the store. The certificate trust list includes a subject usage indication indicating that the certificates identified by the list are root certificates, and a set of one or more hash values that correspond to the root certificates being updated. The certificate trust list may also optionally include one or more hash attributes corresponding to the hash values. These hash attributes can indicate whether the root certificate corresponding to the hash value is to be added to the store, removed from the store, or what modifications are to be made to the root certificate in the store.
According to another aspect of the invention, during the update process the update root control obtains the cryptographically signed message and a signer certificate from the signer of the message. The control verifies the integrity of the message, and thus the integrity of the certificate trust list contained therein, by establishing a certificate chain from the signer certificate to a root certificate in the client""s root certificate store. Once such integrity is verified, the update root control proceeds to update the root certificate store in accordance with the information in the certificate trust list. The update root control can further use the hash values in the certificate trust list to verify the integrity of root certificates in the signed message, as well as verify which root certificates in the root certificate store are to be removed or modified.
According to another aspect of the invention, root certificates in the client""s root certificate store are updated when a World Wide Web web page is accessed by the client. A check is made during the access as to whether the client""s root certificate store should be updated (e.g., a new root certificate is needed in order to access the web page). If the store should be updated, then the client is redirected to another web page that hosts the update root control. The update root control executes to update the client""s certificate store, and then redirects the client back to the originally requested web page.