As is known, to securely transmit data from one party to another in a secured communications system, the data is encrypted using an encryption key and an encryption algorithm. Such an encryption algorithm may be a symmetric key algorithm such as the data encryption standard ("DES") while the encryption key is a corresponding symmetric key. A secure transmission begins when a sending party encrypts the data using the symmetric key algorithm and the symmetric key. Once the data is encrypted, it is transmitted to the receiving party over a transmission medium (e.g., the Internet, a telephone line, a local area network, a wide area network, an Ethernet link, etc.). Upon receipt, the receiving party decrypts the data using the same symmetric key, which must be transmitted to it or derived by it by some appropriate security mechanism.
Encrypting data using public key algorithms is somewhat more expensive than using a symmetric key algorithm, but it is fairly easy to get secured keys (e.g., a public key and a private key) to both parties. Thus, to obtain the cost saving benefits of symmetric key encryption and the key distribution advantage of public/private key pairs, a wrap session key is provided to the receiving party along with the encrypted data. The wrap session key is an encrypted version of the symmetric key, where the symmetric key has been encrypted using the public key (of a public/private key pair) of the receiving party. When the receiving party receives the encrypted message, it decrypts the wrapped session key, using its private key, to recapture the symmetric key. Having recaptured the symmetric key, it utilizes it to encrypt the message. Typically, symmetric keys are used for relatively short duration (e.g., a communication, a set number of communications, an hour, a day, a few days), while encryption public keys are used for a longer duration (e.g., a week, a month, a year, or more).
To further enhance security of encrypted data transmissions in the secured communications system, the sending party provides its signature with encrypted messages that it transmits. The signature of the sending party consists of a tag computed as a function of both the data being signed and the signature private key of the sender. The receiving party, using the corresponding signature verification public key of the sending party, validates the signature. To ensure that the receiving party is using an authentic signature verification public key of the sending party, it obtains the signature public key certificate from a directory or a certification authority. The signature public key certificate includes the public key of the sending party and a signature of a certification authority. The receiving party, using a trusted public key of the certification authority, verifies the signature of the certification authority. Once the signature of the certification authority is verified, the receiving party can trust any message that was signed by the certification authority. Thus, the signature public key certificate is verified, which, in turn, allows the receiving party to trust the signature public key of the sending party to verify its signature.
To ensure that the signature verification public key certificates and the encryption public key certificates are reliable, some systems employ a key and life cycle management process. The key and life cycle management process updates public keys (both encryption and verification) as well as certificates containing such information. The updating may result from certificate revocation, key recovery, authority revocation, certificate expiration, and/or system policy changes. To take advantage of the key and certificate life-style management, software applications must embed key and certificate life-style management programming instructions. In most software applications, however, the key and certificate life-cycle management software is not included because software developers lack familiarity with security related functions. Thus, when a certificate and/or public key has expired, most software applications will not track the changes, thus compromising the security of data produced by the software application.
Therefore, a need exists for a method and apparatus that centralizes processing of key and certificate life-cycle management without the software applications having to include the corresponding programming instructions.