Data security and authenticity over an unsecured network is a major concern for the e-business. Data traveling over an open network is visible to unauthorized users and hackers. To address this problem the concept of cryptography was introduced in order to generate cipher text from plain text to be transmitted over the network. The concept of using Private and Public key for encryption and decryption of data is well known in the art. However, the public key cryptography requires maintaining records of all the users who are assigned the pair of private and public key. Further, if the pair of private and public key is compromised, any unauthorized user can generate a false identity and transfer data to other users, using the false identity.
To address this problem, the concept of digital signature was introduced. The digital signature is generated by a registration authority (RA). The digitally signed document acts as the proof for data integrity and authenticity of the user transmitting data. For this purpose, the digital certificate needs to be signed by a certification authority (CA) such that other users of the system can verity with the CA that the digital certificate belongs to a genuine user. The root certification authority (R-CA), certification authority (CA), and registration authority (RA) together constitute a Public Key Infrastructure (PKI).
The Public Key Infrastructure (PKI) provides an infrastructure to generate, distribute, revoke and update digital certificates for a plurality of users communicating over a network. The PKI generates a public key and a private key for each of the certificate holders. The digital certificate is generated using identification information associated with the user and is digitally signed by a certification authority (CA). The digital certificate further stores the private key of the user who is assigned the digital certificate. Whenever a secured data transfer is to be done between a sender and a receiver, the digitally signed certificate of the sender is attached to the data to be transferred. The complete set of data and digital signature is encrypted using the public key of the receiver to generate an encrypted message and transferred to the receiver where the private key of the receiver is used to decrypt the encrypted message. The digital certificate is used to verify the identity of the sender.
However, many a times there are situations where the private key of the user is compromised to an intruder. In such a case, the encrypted data can be easily accessed by an intruder. Now a day's hardware tokens such as smartcard, USB drives are used to provide more security to the private key and digital certificate. As a result, only a person with secure hardware token can access the private key and securely transfer data. However, the existing PKI system does not provide any means to remotely manage the digital certificate stored on the hardware token. Further, the existing PKI system does not provide any means by which the digital certificate can be updated, revoked or even canceled. Furthermore, the existing infrastructure does not provide any means to secure the data and log file of data transfer between a sender and a receiver.
As discussed above the existing hardware based PKI Framework has various limitations related to security of data, authenticity of data and maintenance of hardware tokens.