The invention relates generally to systems and methods for granting security privilege in a communication systems and more particularly to systems and methods for granting security privilege in communication systems employing cryptography based security, such as public key cryptography security systems.
Information security is becoming increasingly important as more and more information is communicated over electronic communication links. Public key cryptography systems are well known as a mechanism for securely protecting digital information. Typically, public key certificates are used by a subscriber unit sending a message to a relying party unit, such as another subscriber or commercial institution or other entity. Generally, a subscriber unit may be for example a network computer node, a software application(s) or other entity communicating within a communication system or systems. A relying party unit may be a software application, computer node or other entity that relies on information associated with the subscriber unit.
Public key certificates, as known in the art, are data structures that serve as a vehicle by which public keys may be stored, distributed or forwarded over unsecured media without danger of undetectable manipulation. A certification authority is a trusted third party whose digital signature appears on the certificate and vouches for the authenticity of the public key bound to the subject subscriber sending the certificate.
Other data structures, such as attribute certificates, are intended to allow specification of information other than public keys so that the information may be conveyed in a trusted manner. Attributes certificates, as known in the art, may be associated with a specific public key by binding the attribute information (specific information), to the public key by the serial number of a corresponding public key certificate, or to a hash-value of the public key or certificate, or in any other suitable manner. Data appearing in the attribute certificate may include, for example, data representing limited liability resulting from a digital signature or a financial transaction, data representing a constraint of the use of a public key, such as whether the public key will be used during certain hours, or other suitable information. In some instances, attributes certificates may include data representing privileges for specific services of a relying party, such as a banking institution, software application parameters, or other suitable information. Privilege information may include, for example, the membership role of a subscriber where the subscriber is allowed specific access to certain information controlled by a relying party unit. Such privilege data may be useful, for example, in global communication networks; such as where a subscriber unit may only gain access to a specific site or section within a site reserved for employees only.
Several types of public key infrastructure systems exists. One type is sometimes referred to as an open public key infrastructure. In an open public key infrastructure system, a certificate is issued for a subscriber for a general purpose use, and not for a particular system or relying party. Typically, such systems do not include privilege data and do not authenticate a user based on privilege information, but typically only authenticate based on user identification data. Some open public infrastructure systems use access control lists that list users that are allowed to access services provided by a relying party or other subscribers. Generally, there is no implied privilege associated with a subscriber certificate until the subscriber is listed on the access control list. The certificates are such that any person or entity is entitled to receive a certificate, and the issuer of the certificate does not have any information about any subsequent relying parties to suitably restrict usage through certificate information.
A closed public key infrastructure system typically includes certification authorities that only grant certificates to subscribers within a defined group. Hence certificates are only issued to qualified subscribers, thereby eliminating the need for an access control list as used in typical open public key infrastructure systems. In closed public key infrastructure systems, the attribute certificates may be issued by a certificate issuing authority. Many attribute certificates may be issued for a given subscriber or one attribute certificate may include data representing many privileges for a given subscriber.
When a relying party unit, such as a software application, communicates with a subscriber, typical closed public key infrastructure systems require the subscriber to present all attribute certificates to the relying party. When sending the group of certificates to a relying party, some certificates may contain privilege data that is not needed by relying party and may include sending privilege information to a non-privileged party. In the case where many privileges are represented by privilege data within one certificate, sending the one certificate to a relying party may include sending privilege information to a non-privileged party. For example, a banking institution may receive an attribute certificate containing other privilege information such as a non-listed telephone number in the attribute certificate when the relying banking institution does not have privilege to obtain this information. Hence, security can be compromised.
In the instances where many attribute certificates have been issued to a subscriber unit, a relying party unit receiving multiple attributes certificates needs to process the information to determine which information within any one or more of the received attribute certificates is necessary to complete the transaction. This requires the use of unnecessary overhead in the transfer and evaluation of unnecessary information between a subscriber unit and a relying party unit. Moreover, if a subscriber wishes to operate in a different community, such as an employee of one company wishing to send information to an employee in a different company when the two companies use different attribute certificate structures, a subscribing party may have to send all attribute certificates to allow the other subscriber in the different community to obtain the necessary information to determine whether or not privilege should be granted to the subscriber.
Consequently, there exists a need for a system and method that facilitates granting of privilege in a selective manner to help reduce processing loads and to avoid communication of privileged data to non privileged parties.