The invention relates generally to methods and systems for providing updated public key pairs in a cryptographic system and more specifically to methods and systems for providing updated digital signature key pairs and updated encryption key pairs in public key systems.
In typical public key cryptographic systems, digital signature key pairs (a private key and a public key) are used to authenticate a digital signature of a client to ensure that a message sent by client actually came from the client sending the message. In addition to digital signature key pairs, encryption key pairs are also generally used to encrypt the data being sent from one client to another client. Certificates are generated by a manager or trusted certification authority for the public keys of the private/public key pair to certify that the keys are authentic and valid. The public keys and certificates are used for two main purposes: verifying digital signatures and encrypting information. The receiver of a digitally signed e-mail or documents for example, uses the public key in the sender's certificate to verify the digital signature of the sender. A user wishing to send encrypted e-mail first encrypts the e-mail with a random symmetric key, then uses the intended receiver's public key to encrypt the symmetric key and then attaches the encrypted symmetric key to the encrypted e-mail so that the receiver can decrypt the e-mail.
Hence, a client unit sending a message sends the data with its digital signature along with a certificate. The certificate has the certification authority signature. A receiver validates the digital signature by looking at the received certificate. Each client stores a certification authority public key to verify that the certificate was made by the manager. A digital signature certificate typically includes a user public key, a user name and a signature of the certification authority. Each sender has a copy of its own certificate. To send an encrypted message, a sender accesses a directory, such as an onboard client cache memory or other certificate storage medium to get a copy of the encryption certificate for a specified receiver (other client). For an encrypted message to be considered valid, the digital signature must be valid and there can be no certificate replication by the certification authority. The use of hybrid encryption formats can be used to encrypt a digital signature key for encrypted message transmission. Typically, secure key pair update analysis and requests only occurs when a user is logged onto the system so if a user does not log on for some period of time, an update may not timely occur. For tracking private key expiration, a manager typically sends a validity period of a private key on initialization and the client terminal keeps track of the elapsed period. Or alternatively, the private key expiration date is embedded in the public key certificate.
However, a problem arises because the encryption certificate and digital signature certificates have limited validity periods. If the key pair expires prior to being updated, information can be lost or no longer accessible. Also, it is desirable to have a smooth transition from old to new encryption key pairs during the updating process so changes do not cause unnecessary loss of access to information. Although in conventional public key systems a client is supposed to request an encryption key pair update from a manager in advance of the key expiry period, conventional public key cryptographic systems typically have a fixed default period that is the same for all clients on the system. The fixed default period is generally a fixed percentage of a total key lifetime that is not adjustable by a manager or certification authority. Key lifetime refers to how long a key is valid. If certain clients in the system are required to have only short key lifetime periods, such as temporary contract employees that are required to use the system for only a few days or a few months, the fixed default key expiry period does not typically allow enough time for the system to update key pairs.
It is also important that the system allow certificate validation after a certificate expires, particularly if e-mails are stored or other messages are stored that need to be retrieved after an expiry date has occurred. Typically old messages stay encrypted and signed using the original encryption key and signature keys. The system revalidates the messages each time the data is looked at. Therefore, it is desirable to allow the public key to last longer than the private key expiration to be able to retrieve old messages sent with the old private key. However, with variable term contract employees or other users that only require variable term access clients in the system, it is desirable to stop public key and private key expirations on the same date. With conventional systems that have pre-fixed default settings for all clients, such situations are not adequately accommodated. Traditional systems do not generally allow the flexibility to vary expiration periods on a per user basis.
Consequently there exists a need for a method and system for providing updated digital signature key pairs and encryption key pairs in a public key system that is effectively transparent to a user and that allows for selectable variation of expiry periods on a per user basis.