1. Technical Field
The present invention relates generally to digital security, and more specifically relates to a Public Key technology framework in which the relying party controls the trust anchor.
2. Related Art
A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and execute transactions through the use of a public and a private cryptographic key pair, where the public keys are obtained and shared through a trusted Certificate Authority. Using the public key infrastructure users can be uniquely authenticated. A Certificate Authority uses a certificates data repository, usually an LDAP (Lightweight Directory Access Protocol) Directory for storing user certificates and information on revoked certificates.
In the traditional PKI model, a two factor authentication scenario is commonly used in which the user uses: (1) a private key/certificate issued by the trusted Certificate Authority (CA), and (2) a user ID (UID)/password issued by the relying party. A typical embodiment of this process includes the following steps:    1. The relying party challenges the user for the user's UID and password;    2. The user responds with the UID and password;    3. The relying party verifies the presented UID and password against the information stored securely in a credentials database.    4. The user is authenticated to the relying party over SSL using a private key and the corresponding certificate;    5. The relying party web server verifies the following information:            a. the certificate is not expired,        b. the certificate is signed by the trusted issuing CA,        c. the certificate is not revoked based on a Certificate Revocation List (CRL) analysis (where the CRL is created and controlled by the issuing CA);        
Traditional PKI models consider the issuing party CA as a trust anchor. This means that a relying party expects that the CA creates legitimate certificates that uniquely bind information about a subscriber (end-user) to a public key. The model also expects that the CA verifies the subscriber's identity and verifies that the subscriber's private key. is generated and stored securely before the CA issues a certificate. In traditional PKI, relying parties explicitly trust the CA under all circumstances.
In distributed multi-domain PKI models, multiple CAs exist that have trust relationships (hierarchy, cross certification, mesh, etc.) set up between them. During certificate validation, PKI-enabled applications must first try to discover a trust path that reaches to the level of the CA which is a trust anchor, and then must verify the certificate revocation status by checking a CRL/ARL (Authority Revocation List) issued by the trusted CA. In the general case, the relying party needs to know the CRL/ARL location, format and access for each CA. This can present significant challenges if many CAs exist, as well as if certificates are self-signed.
Some of these challenges include the fact that: (1) subscribers need to be securely authenticated by relying parties using public key technology; (2) subscribers can use certificates issued by any CA, which can be either trusted or not trusted; and (3) subscriber certificates can be self-signed (using, e.g., PGP, OpenSSL, or other proprietary applications).
The traditional PKI model cannot effectively meet these requirements because: (1) issuing CAs are not considered to be trusted (in a sense of trust anchor) by a relying party, and they may not have any trust relationships defined between them; (2) self-signed and CA signed certificates cannot be easily accommodated in the same environment; and (3) since CAs are not trusted by the relying party, they cannot be used by the relying party for a certificate revocation status validation.
Thus, in the case of heterogeneous complex large scale PKI that encompasses self-signed certificates and independent CAs whose number can be unpredictable and vary over time, the traditional PKI model cannot provide a consistent level of trust and cannot use those CAs as well as self-signed certificates as trust anchors. Accordingly, a need exists for a PKI model that can effectively handle multiple CAs, as well as self-signed certificates.