1. Technical Field
The present invention relates in general to data processing, and, in particular, to a system, method, and program for providing data security. Still more particularly, the present invention relates to a system, method, and program for managing a user key used to sign a message for a data processing system.
2. Description of the Related Art
Cryptography involves encrypting data to provide security for the data. For example, before transmission of a message from one party to another, the message may be encrypted using a mathematical function known as a cryptographic algorithm. The most common cryptographic algorithms are key-based, where special knowledge of variable information called a “key” is required to decrypt an encrypted message. Two prevalent types of key-based cryptographic algorithms exist, namely, symmetric key (or secret key) algorithms and public key (asymmetric key) algorithms. The security provided by these cryptographic algorithms is centered around the keys and not the details of the cryptographic algorithms. In other words, the cryptographic algorithms can typically be known to all, but the keys can only be known by authorized parties. As a result, the cryptographic algorithm may be published for public scrutiny and then mass produced for incorporation into security products.
In most symmetric key algorithms, the encryption key and the decryption key are the same secret key. The sender and recipient of a message must be able to exchange information regarding the secret key, and each party must trust the other not to disclose the secret key. The sender must communicate the key through another relatively secure communication path. With public key algorithms, the key used for encryption is different from the key used for decryption. The decryption key is difficult to calculate from an encryption key. In a typical operation, the public key used for encryption is made public via a readily accessible directory, while the corresponding private key used for decryption is known only to the recipient of the encrypted message. In an exemplary public key transaction, a sender retrieves the recipient's public key and uses it to sign the message prior to sending the message. The recipient then receives and decrypts the encrypted message with the corresponding private key. Encrypting a message using a private key and decrypting the encrypted message using a public key, which is sometimes used in digital signatures to authenticate the source of a message, are possible.
One of the more popular public key algorithms is RSA (named after its inventors Rivest, Shamir, and Adleman). With RSA, when a message is encrypted utilizing a user public key, the encrypted message may only be decrypted utilizing a user private key. In one implementation, each user private key is also associated with a password, and both are enclosed within an individual secure wrapper. All user private keys along with their respective passwords are stored in a protected storage area within an encryption/decryption device, such as an encryption chip. In order to allow the encryption chip to perform an authentication procedure, such as signing signatures, a user must provide a correct password to the encryption chip. For security purposes, copies of any user private key must not exist outside the secure wrapper. Thus, a user private key and its respective password can only be unwrapped inside the encryption chip, leaving no opportunity for the password to be changed.
Public-private key cryptography allows messages to be digitally signed. A sender may publish his decryption key as a public key and maintain his encryption key secret as a private key. If the sender encrypts a message using the private key, then anyone receiving the message is able to decrypt the message using the sender's public key. In doing so, the recipients are able to verify that the message was encrypted by the sender since he is the sole possessor of the private key. The sender has, in effect, digitally signed the message. An alternative way of digitally signing a message involves the use of a hashing function, which is also known as a “message digest” or “fingerprint” algorithm. A message is hashed using a cryptographic hash function. The cryptographic hash function maps an arbitrary-length message to a fixed number of bits. The hashed message or hash is then encrypted. Digitally signing a message using the hashing function is generally a two-step process. The first step involves hashing the message and encrypting the hashed message using a private key. The message is transmitted along with the encrypted hash from the sender to the recipient. The second step involves the verification of the signature. The recipient hashes the received message, decrypts the received, encrypted hash with the associated public key and compares the pair of hashed values. The signature is valid if the two hashed values match. Otherwise, the message was somehow altered during transmission.
Certification is the process of binding a key, such as a public key or private key, to an individual, organization, entity, or piece of information, such as a permission or credential. A certificate is a collection of information that has been digitally signed by a certificate issuer. The certificate issuer is a party who issues a key to a person, organization, entity, or piece of information and manages the validity of the issued key. If a user is no longer permitted to use a key, the certificate issuer needs to revoke the certificate for the user's key by publishing the certificate for the key on a certificate revocation list (“CRL”). However, a time gap typically exists between when a certificate issuer receives a notification that a certificate for a key should be revoked and when the certificate issuer publishes the certificate of the key on the next CRL. This time gap results in what is known as the CRL time-granularity problem. During this time period, the user may attempt to use the key to engage in unauthorized transactions and communications that should have been invalidated by the revocation of the key and the certificate for the key. The user may then continue to sign messages and communicate without proper authority. The present invention recognizes the need and desire to resolve this problem.