The present invention relates generally to cryptography and, more particularly, to supporting authorities in a public key infrastructure.
In distributed environments, such as network systems, a high level of assurance is often required when identifying and authenticating various entities in the system. For example, in networks storing confidential information, access control is typically employed for limiting access to the confidential information to designated parties. Additionally, general authentication services are also typically employed to authenticate users of secure electronic mail (email) systems to ensure that originators and recipients of email messages are actually the parties they claim to be.
Public key cryptography has been commonly used to provide a mechanism to support access control and general authentication services in such distributed environments. Conventional public key cryptography relies upon public key certificates, such as those defined in ITU X.509, to bind a user""s public key reliably to his name and provide users with the high level of assurance desired when identifying other entities. Other forms of certificates, called attribute certificates, bind data other than a public key to a user""s name, and associate the user""s public key through a pointer to the user""s public key certificate. A certificate, or a request containing information to be included in a certificate, may be transmitted to an authority, such as a certification authority (CA), a registration authority (RA), or an attribute authority (AA) which verifies the data contained in the certificate or certificate request. After verifying that the certificate is legitimate, the CA digitally xe2x80x9csignsxe2x80x9d the certificate using the CA""s private key. The recipient of a message, signed using the private key corresponding to the public key in the signed certificate, can then verify that the message was actually sent by the originator named in the message, provided that the recipient verifies the signature on the message and verifies the CA""s digital signature on the certificate using the CA""s public key.
In conventional systems, the responsibility for signing a certificate is borne by an application executing on a general-purpose computer, under the control of a general-purpose operating system. For example, a conventional CA may use a conventional computer connected to a network, such as the Internet, to check certificate requests and sign certificates. Such systems are subject to a wide range of security attacks, including physical, procedural and software security attacks.
Cryptographic modules have been employed to lessen the risks of these types of security attacks. Such cryptographic modules may be connected to an authority""s workstation, such as a particular CA""s workstation, and may be used to sign a certificate on behalf of the CA. The CA""s private key is typically stored in the cryptographic module and the cryptographic module uses this key to sign the certificate or, more commonly, a hash of the certificate. The cryptographic module may also perform some simple checks to verify the data contained in the certificate before signing it. For example, the cryptographic module may check whether the issuer""s name in the certificate matches the configured name of the CA that is supposed to sign the certificate. The cryptographic module may also check whether the authority is authorized to issue public key certificates, versus attribute certificates or certificate revocation lists (CRLs).
A problem with such conventional systems is that the authority""s workstation typically performs most if not all of the processing associated with determining whether a certificate/request or CRL/request is valid. For example, the CA workstation typically determines whether a cryptographically protected certificate/request was generated by the party in question. The CA workstation then strips off the digital signature transmitted with the certificate/request and sends the stripped certificate/request to the cryptographic module for signing. In this manner, the cryptographic module relies upon the CA to determine whether the certificate is legitimate and the cryptographic module performs no checking, or only minimal checking, before signing the certificate on behalf of the CA. As described previously, the CA, or any other authority""s workstation, may be vulnerable to various types of security attacks. Therefore, having the CA perform much of the checking associated with the certificate may lessen the overall security of the system.
Another drawback with conventional cryptographic modules is that, if they perform any checks at all, the checks are essentially the same rudimentary syntactic checks for all certificates, i.e., the modules generally are unable to perform different syntactic checks for different CAs. Additionally, in environments where multiple registration authorities (RAs) may communicate with a single CA, conventional cryptographic modules are unable to perform different syntactic checks for the various RAs on a per-RA basis.
A further problem with conventional cryptographic modules is that they typically include no audit trail. That is, conventional cryptographic modules do not record enough information to enable an audit authority to fully determine the actions performed by the module.
As a result, there exists a need for a cryptographic device that overcomes the problems of conventional cryptographic modules, when used to support CAs, RAs, or AAs.
Systems and methods consistent with the present invention address this and other needs by providing a cryptographic module that supports multiple authorities in a public key infrastructure. The cryptographic module includes multiple customized templates based on the requirements of the particular trusted authorities. The cryptographic module syntactically checks each of the inputs against one of the templates to validate the input. The cryptographic module also stores a complete audit trail that enables an audit authority to later determine the actions performed by the cryptographic module.
In accordance with the purpose of the invention as embodied and broadly described herein, a method for validating the status of an input in a cryptographic device is provided. The cryptographic device stores one or more templates. Each template includes syntactic constraints associated with at least one authority. The method includes receiving an input representing a request for certificate/CRL generation and comparing the syntax of the input to syntactic constraints defined in one of the templates. The method also includes determining whether the syntax of the input is consistent with the template and validating the input when the syntax is consistent with the template.
In another aspect of the present invention, a cryptographic module is provided. The cryptographic module comprises a memory configured to store a plurality of templates. Each template includes syntactic constraints associated with at least one authority. The cryptographic module also includes a processor configured to receive an input representing a request for certificate/CRL generation services and compare the syntax of the input to syntactic constraints defined in one of the templates. The processor is also configured to determine whether the syntax of the input is consistent with the template and validate the input when the syntax is consistent with the template.
In still another aspect of the present invention, a computer-readable medium, having sequences of instructions stored thereon is provided. The instructions include sequences of instructions which, when executed by a processor, cause the processor to receive an input representing a request for authentication services and compare the syntax of the input to syntactic constraints defined in one of multiple templates. Each template includes syntactic constraints associated with at least one authority. The instructions also cause the processor to determine whether the syntax of the input is consistent with the template and validate the input when the syntax is consistent with the template.