This invention relates to methods and systems for reducing fraud.
With the rapid spread of the world wide web, and the explosion of commercial and other types of transactions that take place on the world wide web, it has become increasingly important for parties who engage in such transactions to be certain that a person on the other side of a transaction is who he or she represents to be. This is true also where the party on the other side is an organization such as a company.
One of the key concerns to owners and distributors of digital content is that only authorized parties should be allowed to access the content, after the content has been distributed, either through downloads from networks such as the Internet, or through the distribution of content on storage devices. One of the ways to avoid unauthorized access is to use a system for establishing the identity of the party before content access is granted to the party. Systems such as the public key infrastructure (PKI) have been developed for this purpose. In a PKI system, a trusted authority known as a certificate authority (CA) issues certificates for proving the identity of persons and organizations. Parties such as organizations and persons who wish to establish proof of identity may register with the certificate authority with adequate evidence for proving their identities. After the identity of a party has been proven to the CA, the CA will issue a certificate to such party. The certificate typically includes the name of the CA that issued the certificate, the name of the party to whom the certificate is issued, a public key of the party, and the public key of the party signed (i.e. encrypted) by a private key of the CA.
The private key and the public key of the CA are related so that any data signed using the public key may be decrypted by means of the private key, and vice versa. The private key and the public key thus form a key pair. An explanation of the private and public key pair for cryptography is provided in “PKCS#1 v2.1:RSA Cryptography Standard,” dated Jun. 14, 2002, from RSA Security Inc. The public key of the CA is made publicly available. Therefore, when one party wishes to verify whether the certificate presented by another party is genuine, the verifying party may simply use the public key of the CA to decrypt the encrypted public key in the certificate. The decryption algorithm for decrypting the signed public key in the certificate is typically also identified in the certificate. If the decrypted public key matches the unencrypted public key in the certificate, this proves that the public key of the party in the certificate has not been tampered with and is verified to be genuine, based on trust in the CA and authenticity of the public key of the CA.
By means of the above mechanism, two parties who otherwise may not trust each other may establish trust by verifying the public key of the other party in the other party's certificate using the process described above. Recommendation X.509 from the International Telecommunication Union (ITU) Telecommunication Standardization Sector (ITU-T) is a standard that specifies certificate frameworks, and is referred to below as the “ITU X.509 standard.” More detailed information concerning certificates and their use can be found in this standard.
For convenience in administration, and in large organizations, it may be appropriate for a higher level CA, known as the root CA, to delegate the responsibility for issuing certificates to several lower level CAs. In a two level hierarchy, for example, the root CA at the top level issues certificates to the lower level CAs to certify that the public keys of these low level authorities are genuine. These lower level authorities, in turn, issue certificates to parties through the registration process described above. The verifying process starts from the top of the certificate chain. The verifying party will first use the public key of the root CA (known to be genuine) to first verify the genuineness of the public key of the lower level CA. Once the genuineness of the public key of the lower level CA has been verified, then the genuineness of the public key of the party to whom the lower level issued a certificate can be verified using the verified public key of the lower level CA. The certificates issued by the root CA and by the lower level CA then form a chain of two certificates of the party whose identity is being verified.
Certificate hierarchies may of course include more than two levels, where each CA except for the root CA at a lower level derives its authority from a higher level CA, and has a certificate containing its public key issued by the higher level CA. Therefore, in order to verify the genuineness of another party's public key, it may be necessary to trace the path or chain of certificates to the root CA. In other words, in order to establish one's identity, the party whose identity needs to be proven may need to produce the entire chain of certificates, all the way from its own certificate to the root CA certificate. However, if the root certificate or public key is already known to the verifying party, then there is no need to present the root certificate.
To verify the identity of a party, the verifying party typically will send a challenge (e.g. random number) and ask that the other party send his or her certificate as well as a response to the challenge (i.e. the random number encrypted with the private key of the other party). When the response and certificate are received, the verifying party can then decrypt the response using the public key in the certificate, and compare the result to the random number sent originally. If they match, this means the other party does have the correct private key, and for that reason has proven his or her identity. If the decrypted response fails to match the challenge, authentication fails. Thus, a party wishing to prove his or her identity will need to possess both the certificate and the associated private key.
With the growing use of certificates for secured transactions between parties on the Internet, however, piracy has also grown. For example, users all over the world are sharing files with the assistance of file sharing networks. On many occasions, the files shared are pirated copies of genuine products of copyright owners, such as pirated video, audio as well as other types of data files. The shared files can also include software or other material with copy prevention removed. There is therefore a threat that an attacker may obtain a certificate or certificate chain together with the associated private key by illegitimate means and cause harm in many ways. Thus the attacker may make such pirated certificate or chain of certificates with the associated private key available on file sharing networks and web sites such as File Transfer Protocol (FTP) sites so that unauthorized parties may enjoy privileged and protected content, such as media files, through piracy. The certificate or chain of certificates and the associated private key made available may also be used by thieves to access bank accounts of victims. It is therefore desirable to provide solutions whereby such fraud can be reduced or forestalled.