The development and proliferation of sophisticated computer technology and distributed data processing systems have led to a rapid increase in the transfer of information in digital form. Transmission of this information over unsecured or unprotected communication channels risks exposing the transmitted information to electronic eavesdropping or alteration. Cryptographic communications systems preserve the privacy of these transmissions by preventing the monitoring of messages transmitted over an insecure channel by unauthorized parties. Cryptographic communications systems also ensure the integrity of these transmissions by preventing the alteration by unauthorized parties of information in messages transmitted over an insecure channel. The cryptographic communications systems can further ensure the integrity and authenticity of the transmission by providing for recognizable, unforgeable and document-dependent digitized signatures that can prevent denial by the sender of his own message.
Two basic classes of cryptographic algorithms are employed today: symmetric key algorithms and asymmetric key algorithms.
Symmetric key algorithms use an identical key for both encrypting by the sender of a message and decrypting by the receiver of the message. Symmetric key cryptographic systems are built on the mutual trust of the two parties sharing the same key to use the cryptographic system to protect against distrusted third parties.
The second class of cryptographic algorithms, asymmetric key algorithms, uses two different but mathematically related keys for encrypting and decrypting. One key is arbitrarily termed a public key and the other a private key. A message encrypted with a public key is decrypted with a private key. Conversely, a message encrypted with the private key is decrypted with the public key. Although the keys of the pair are related, it is computationally infeasible to derive one key from knowledge of the other key.
Digital signatures utilize the asymmetric cryptographic system. FIG. 1 illustrates the process of digitally signing a document containing a message “buy widgets” 60. A hash function 62 hashes the message “buy widgets” to arrive at a hash result 64 of “529” for that message. The hash function 62 is an algorithm which creates a digital representation or “fingerprint” in the form of a hash result that is substantially unique to the message. The hash result 64 is then encrypted using an encryption function 66 with a signer's private key 68. The resulting digital signature 70 is thus unique to both the message 60 and the private key 68 used to create it. The digital signature (a digitally signed hash result of the message) is then attached to its message 60 to create a digitally signed message 72.
Referring to FIG. 2, to verify the digitally signed message 72, the message portion 60 is hashed by the same hashing function 62 that was used to create the digital signature 70. The digital signature portion 70 is decrypted using a decryption function 74 with a public key 76 corresponding to the private key 68. The digitally signed message 72 is verified if the hash result 64 from the message portion 60 matches the decrypted value 78 from the digital signature portion 70.
The processes used for digital signatures have undergone thorough technological review for over a decade. Digital signatures have been accepted in several national and international standards developed in cooperation with and accepted by many corporations, banks, and government agencies. The likelihood of malfunction or a security problem in a digital signature system designed and implemented as prescribed in the industry standards is extremely remote, and is far less than the risk of undetected forgery or alteration on paper or of using other less secure electronic signature techniques.
One disadvantage of a digital signature system, however, is that a public and private key pair has no intrinsic association with any person; it is simply a pair of numbers. Some convincing strategy is necessary to reliably associate a particular person or entity to the key pair.
That association can be done using one or more trusted third parties who are referred to as a certification authority. To associate a key pair with a prospective signer known as a subscriber, a certification authority issues a certificate, an electronic record that lists a public key of the subscriber, and confirms that the subscriber identified in the certificate holds the corresponding private key. To assure both message and identity authenticity of the certificate, the certification authority digitally signs it with its own private key. The issuing certification authority's digital signature on the certificate can be verified by using the public key of the certification authority listed in another certificate by another certificate authority (which may but need not be on a higher level in a hierarchy), and that other certificate can in turn be authenticated by the public key listed in yet another certificate, and so on, until the person relying on the digital signature is adequately assured of its genuineness. At the root level of this chain, a certification authority self-signs its own certificate.
Among other data, the digital certificate usually contains a time stamp or an operational time period to allow the verifier to determine reliably whether the digital signature has expired. To make a public key and its identification with a specific subscriber readily available for use in verification, the certificate may be published in a repository or made available by other means. Repositories are on-line databases of certificates and other information available for retrieval and use in verifying digital signatures. Retrieval can be accomplished automatically by having the verification program directly inquire of the repository to obtain certificates as needed.
Once issued, a certificate may prove to be unreliable, such as in situations where the subscriber misrepresents his identity to the certification authority. In other situations, a certificate may be reliable enough when issued but come to be unreliable sometime thereafter. If the subscriber loses control of the private key, the certificate has become unreliable, and the certification authority (either with or without the subscriber's request depending on the circumstances) may suspend (temporarily invalidate) or revoke (permanently invalidate) the certificate. Immediately upon suspending or revoking a certificate, the certification authority publishes notice of the revocation or suspension or notify persons who inquire or who are known to have received a digital signature verifiable by reference to the unreliable certificate. The revoked certificate is also added to a revocation list maintained by the certification authority.
In the context of intelligent portable devices having embedded processors such as smart cards, even higher security can be obtained by having the smart card itself generate a private/public key combination. This is because the self-generated private key never leaves the card, cannot be viewed and cannot be copied to another card. The private key can only be used by its own smart card for such things as signing, decrypting and encrypting documents. The fact that the private key cannot be copied to another card means that such a highly secure smart card cannot be used for encryption as loss of that one card causes the encrypted data to be unrecoverable.
Therefore, it is desirable to provide a system and method that allows the cryptographic key to be copied from one smart device to another securely and with high assurance.