Given a communication between communication participants, it is necessary in many technical fields to secure the communication of the participants against any and all misuse with cryptographic methods. The expense that is required for a cryptographic securing of the entire communication is thereby dependent on the respective application. In private calls, for example, it is thus not especially significant under certain circumstances that all crytographically possible security measures be undertaken for securing the communication. Given communication with extremely confidential content, however, a very strict securing of the communication is, for example, of considerable significance.
The selection of security services, security mechanisms, security algorithms and security parameters for securing the communication is referred to as security policy that is adhered to during the communication between communication partners.
Since, however, the security needs and, connected therewith, the security policy differs from communication session to communication session and from application to application and since the communication participants do not in fact have all cryptographic methods available to them, serious discrepancies in the required or, respectively, possible security policy that is supported by the respective computer unit of the communication partner and can thus be assured can arise given frequently changing communication partners.
It is required that a uniform security policy for the respective communication is defined in every communication session within a group that participates in a communication session.
The problem arises in many different application protocols that are described, for example, in MMC overview article, for example CMAP, CDAP, etc., that different application protocols of the same or different computer units required a different security policy. Separate, specific cryptographic codes for the respective application protocol are also potentially required for a logical connection of the respective application protocol between two computer units. Since different application protocols can be implemented on one computer unit, a plurality of cryptographic codes may have to be exchanged between two computer units under certain circumstances. For this reason, it can also be necessary to negotiate a plurality of different security policies between two computer units.
A secure code exchange or a trustworthy negotiation of a security policy is based on a mutual authentification of the computer units involved in the negotiation or, respectively, in the code exchange be fore the actual code exchange or, respectively, the negotiation of the security policy.
An authentification phase in which the computer units mutually authenticate each other is usually implemented before every negotiation of a security policy or, respectively, before every code exchange.
Given a plurality of negotiations of security policy or code exchange procedures, this leads to a plurality of implemented authentifications that means an increased communication outlay and increased need for computing capacity.
This problem is even intensified when it is not only two computer units that communicate with one another but a plurality of computer units are provided that are assigned to different security domains. What is to be understood by a security domain in this context is a set of computer units that pursue a common security policy.
In this case, the authentification is usually implemented on the basis of the security domains.
An overview of generally employable cryptographic methods that can be utilized in the method can be found, for example, in S. Muftic, Sicherheitsmechanismen fxc3xcr Rechnernetze, Carl Hanser Verlag, Munich, ISBN 3-446-16272-0, pp. 34-70, 1992.
It is known to negotiate a security policy between two communication partners, whereby, however, the negotiation disclosed in this E. Kipp et al., The SSL Protocol, Internet Draft, available in the Internet in June 1995 at the following address: gopher://ds.internic.net:70/00/internet-drafts/draft-hickman-netscape-ssl-01.txt is limited to a few previously defined parameters.
It is an object of the invention to specify a method for code management between two computer units wherein the required communication expense and the computing capacity required for the implementation of the method is lower than in known methods.
According to the method of the present invention for cryptographic code management between a first computer unit and a second computer unit, an authentication is implemented between the first computer unit and the second computer unit. Authentification references with which authenticity of the computer unit is assured are exchanged between the first computer unit and the second computer unit during the authentification. A security policy is negotiated between the first computer unit and the second computer unit. At least one of the authentification references is employed in the negotiation of the security policy.
Given this method, an authentification is implemented between two computer units, authentification references being exchanged between the computer units in the framework thereof. A secret information with reference whereto an authentification of the computer units is possible is exchanged between the computer units together with the authentification references. A subsequent negotiation of a security policy and/or a subsequent code exchange between the computer units occurs upon employment of the authentification references.
As a result of this method, it is possible to avoid explicit authentification phases between the computer units for every new code exchange and/or for every new negotiation of security policy. Given a plurality of utilized application protocols, for example, this means a considerable reduction of required authentification phases, since the authentification only has to be implemented once between the computer units and the authentification of the computer units for all further steps occurs implicitly on the basis of the co-transmitted authentification references.
The communication expense between the computer units as well as the required calculating time is thus substantially reduced for a code management.
A further saving of required communication expense and required computing capacity is achieved given grouping of a plurality of computer units in security domains and an authentification of the computer units on the basis of the security domain that is respectively allocated to the computer unit. This is achieved by the modular structure of the method since an explicit authentification phase has to be implemented for respectively one computer unit of a security domain. When negotiations of a further security policy and/or a further code exchange between further computer units of the corresponding security domains for which a mutual authentification already occurred, the exchanged authentification references can be implicitly utilized in the further negotiation and/or the further code exchange for authentification of the further computer units.
In a development of the invention, further, it is advantageous to employ hash functions, since a formation of hash values can be implemented very fast upon employment of such hash functions. The implementation of the method is thus considerably speeded up.
A trustworthy, incontestable implementation of the method is possible by employing digital signatures in the method.
It is also advantageous to implement a connection cleardown phase (disconnect) within whose framework shared secrets, for example the exchanged code or the authentification references, are deleted. The security of the method is thus enhanced further since no exchanged, secret information are available to other computer units for potential, later misuse. The disconnect phase also serves for the synchronization of the computer units participating in the communication.
In a development of the method, it is advantageous to successively delete the secret information, so that a hierarchic re-employment of secret, previously exchanged information is possible, for example given further exchange of codes. This means, for example, that the session key exchanged for the logical connection is erased at the beginning of the disconnect phase but the security policy negotiated between the application protocols still remains stored. Given a following, new logical connection between the application protocols of the computer units, it is then only necessary to exchange a new key between the computers. The previously exchanged secret information, for example the authentification references or the negotiated security policy, can continue to be re-employed in the new logical connection.
The Figures show an exemplary embodiment of the invention, which is explained in greater detail below.