IMPROVEMENTS IN AND RELATING TO SECURE DATA TRANSMISSION
The present invention relates to a secure data transmission and in particular to a method for ensuring the authenticity and privacy of data transmission between two or more computer systems.
The business of selling products and services across communication channels, such as the Internet, is now generally referred to as electronic commerce or "E-Commerce". Security and responsiveness are the principal concerns for users in all Ecommerce transactions. To provide this security, cryptography is normally used. Traditionally in cryptography, the sender and receiver of a data message both know and use the same secret key. The sender uses the secret key to encrypt the message and the receiver decrypts the message using the same secret key. This is known as symmetric cryptography. Symmetric cryptography requires the sender and receiver to agree on the secret key without a third party discovering the key. This can prove problematic when the sender and receiver are in separate physical locations, as a transmission medium, which cannot always be guaranteed, is required to communicate the secret key. If a third party intercepts the key in transit they can use the key to read, modify, or forge messages encrypted or authenticated using that key. This destroys user confidence in the transmission system and is therefore not ideally suited to Ecommerce applications.
To overcome this problem, public-key cryptography has been developed. Public-key cryptosystems have two primary uses, encryption and digital signatures. In a public-key cryptosystem, used for encryption, sender and receiver each have a pair of keys, one called the public key and the other called the private key. The public key is published, while the private key is kept secret. The need for the sender and receiver to share secret information is eliminated as all data communications involve only public keys and no private key is ever transmitted or shared greatly increasing the trust level in the overall system. Public keys must, however, be associated with their users in an authenticated manner. In these types of systems, anyone can send a confidential message by just using public information and the message can only be decrypted with a private key, which is in the sole possession of the intended recipient. The problem with this system is that the private key is of
necessity, linked mathematically to the public key. Therefore, it is always possible to attack a public-key system to derive the private key from the public key. Typically, the defence against this is to make the problem of deriving the private key from the public key as difficult as possible. For example, many public-key cryptosystems are designed so that deriving the private key from the public key requires the attacker to factor a large number, it which case it is computationally infeasible to perform the derivation.
As indicated above, public-key cryptography can also be used for authentication often referred to as digital signatures. To sign a message, a sender performs a computation involving both the sender's private key and the data message. The output is called a digital signature and is attached to the message. To verify the signature, the recipient does a computation involving the data message, the purported signature, and the sender's public key. If the result is correct according to a simple, prescribed mathematical relation, the signature is verified to be genuine, otherwise, the signature is fraudulent or the message may have been altered.
A number of solutions to various aspects of public-key cryptosystems are known. For example, US Patent Nos. US 4,200,770 and US 4,218,582 (Hellman et al) show encryption as well as a means of authentication using long-term public keys as does US Patent No. 4,405,829 (Rivest et al). All of the proposed solutions provide a high level of security, however, as Ecommerce develops it is increasingly required that the senders private key be taken into a Vendor's software applet in an Ecommerce transaction to authenticate the purchase. The greatly reduces the consumers confidence in such transactions as the security of the private key is now in the hands of the vendor and beyond the control of the user. Additionally, it is possible to create code to transparently extract the private key and subsequently use the key for unauthorised transactions.
In an attempt to further enhance the security limitations described above, certification and certificates have been developed. These certificates allow for the possibility of accessing other public keys and making public one's own public key in a manner, which allows legitimate retrieval of public keys but prevents impersonation. Such certificates require authentication of the identity and the public key of an individual before issuing a
certificate. Even using such certificates, users are still required to store their private keys securely, so no intruder can obtain them, yet the keys must be readily accessible for legitimate use. Therefore, passing a private key for authentication to a vendor fundamentally compromises system integrity in a manner, which is unacceptable to most users.
There is therefore a need for method for secure data communication, which will overcome the aforementioned problems.
Accordingly, there is provided a method for secure data communication for use in an
Ecommerce environment of the type having an authentication server, a web server and an applet, the method controlling data communications between the authentication server, web server, applet and a secure private key server, the method performing the steps of: -
downloading the applet from a vendor web site in response to a data communication request;
requesting a copy of a vendor certificate from the web site;
extracting a data response to generate a certificate-received signal;
automatically initiating an authentication request for transmission to the authentication server;
interrogating the authentication server and requesting return transmission of a server authentication certificate;
transmitting a vendor certificate to the applet;
automatically extracting the vendor public key from the vendor certificate within the applet;
loading a client certificate into the applet and simultaneously transmitting the client certificate to the authentication server; and
receiving the client certificate at the authentication server and extracting a client public key from the client certificate and simultaneously automatically extracting the client public key from the client certificate by the applet.
Preferably, the method comprises the further steps of: -
initialising the secure private key server;
loading a certificate into the secure private key server;
loading a client private key into the secure private key server;
generating an auto authenticate signal for transmission to the authentication server requesting initialisation of a new authentication process;
retrieving a predefined text string from a local memory using the authentication server and encrypting the text string to generate a cipher text string using the client public key on receipt of the authenticate signal;
transmitting a cipher text string to the applet, receiving the cipher text string from the authentication server and routing the cipher text string to the secure private key server;
decrypting the cipher text string to extract a decrypted text string using the client private key and transferring the decrypted text string to the applet;
encrypting the decrypted text string received from the secure private key server with the vendor public key extracted from the vendor certificate to generate a vendor encoded text string;
sending the vendor encoded text string to the authentication server, decrypting the encoded text string to generate an authentication text string using the vendor private key; and
comparing the authentication text string and the predefined text string to generate a match / no match signal and in response to a no match signal terminating communication or in response to a match signal for further authenticated data communications.
According to another aspect of the invention there is provided a method of generating a certificate operating in a data communication system having a web server, a certification authority, an applet and a secure private key server the method performing the steps of: -
gathering certification information in the applet and transmitting the information to the secure private key server;
generating a key pair in the secure private key server on receipt of the packaged information and a certificate created using the generated key pair; and
returning the certificate to the applet for onward transmission to the certification authority for signature.
The invention will now be described with reference to the accompanying drawings, which show, by way of example only, a method for secure data communication in which: -
Fig.l is a block diagram showing an Ecommerce environment implementing a method for secure data communication in accordance with the invention; and
Fig.2 is a block diagrammatic view of a method of generating a certificate for use in the invention.
Referring to the drawings and initially to Fig.1 there is shown a block diagram illustrating a method for secure data communication in accordance with the invention indicated generally by the reference numeral 1. In order to aid clarity, references to specific computer systems, performance details, communications media, protocols, timing, ports and the like have been omitted. It will be appreciated, by those skilled in the art, that the invention may be implemented in a large number of ways including software, firmware or incorporation in an electronic commerce chip (ECC) without departing from the scope of the invention. An exhaustive recitation of possibilities would only serve to unnecessarily obscure the current invention.
The method for secure data communication 1 is illustrated in use in an Ecommerce environment having an authentication server 2, a web server 3, a secure private key server 4 and an applet 5.
In operation, the method begins by downloading the applet 5 from a vendor web site in response to a data communication request to purchase a service or product. The applet 5 then requests a copy of the vendor's certificate from the web site. Upon receiving a data response from the web site the certificate is extracted to generate a certificate-received signal. The certificate-received signal causes the applet to automatically initiate an authentication request, transmitted to the vendor's authentication server. This authentication request interrogates the authentication server and requests return transmission of a server authentication certificate. When this sequence has been completed without transmission error, the vendor then transmits a vendor certificate to the applet. The vendor's public key is automatically extracted from the vendor certificate within the applet upon receipt. The client then loads a client certificate into the applet and simultaneously transmits the client certificate to the authentication server. The Authentication Server receives the client certificate and extracts a client public key from the client certificate. At the same time, the client public key is automatically extracted from the client certificate by the applet.
Once these steps have been successfully completed, authentication begins by initialisation of the secure private key server 4. The client loads his/her own certificate into the secure
private key server. A client private key is then loaded into the secure private key server 4 generating an auto authenticate signal for transmission to the authentication server requesting initialisation of a new authentication process.
The authentication server retrieves a predefined text string from a local memory and encrypts the text string to generate a cipher text string using the client public key on receipt of the authenticate signal. This cipher text string is then transmitted to the applet for further processing. The applet receives the cipher text string from the authentication server and routes the cipher text string to the secure private key server.
When the secure private key server receives the entire cipher text string it decrypts the cipher text string to extract a decrypted text string using the client private key. The decrypted text string is then transferred to the applet.
The applet in turn encrypts the decrypted text string received from the secure private key server with the Vendor public key extracted from the vendor certificate described above to generate a vendor encoded text string.
The vendor encoded text string is then sent to the authentication server for processing. When the encoded text string is received it is immediately decrypted to generate an authentication text string using the vendor private key. A comparison is then performed between the authentication text string and the predefined text string from a local memory to generate a match / no match signal. If a no match signal is generated, data communication is terminated, however, a match signal shows that the client has been authenticated and the client can proceed to use the applet for further data communications.
In this way, the private key critical to such data communication is never beyond the user's control enhancing confidence in the overall communication system. As the private key is never stored on a vendors system it is not susceptible to attacks from individuals intent on fraudulent use of the key.
It will be understood that when the invention is enacted in software that the code required is minimal by comparison with currently available alternatives. Additionally, to further
promote consumer confidence in the security of the private key, it is intended to supply source code, which may be compiled by the user. This will allow customers to view the code and ensure no unauthorised caching or transmission of the private key occurs.
Referring now to Fig. 2 there is illustrated a method of generating a certificate for use in the invention indicated generally by the reference numeral 20. The method 20 operates in a data communication system having a web server 21, a certification authority 22, an applet 23 and a secure private key server 24.
In use to produce a certificate, the applet 23 gathers the required information about the person or entity requesting certification. When the applet has gathered the necessary information it is automatically packaged and transmitted to the secure private key server 24. A key pair is generated in the secure private key server 24 on receipt of the packaged information and a certificate created using the generated key pair. The certificate is then returned to the applet for onward transmission to the certification authority for signature.
It will be understood that subsequent to correct authentication any further encryption or decryption process requiring the private key will be processed by the secure private key server so that the advantages described continue.
It will further be understood that one form of certificate contains the users identitiy, the users private key and the users public key and that another form contains only the users identity and public key. The certificate containing the users private key is available only to the secure private key server and the other certificate is passed to the applet. It will also be understood that when the vendor sends its certificate to the applet that this does not contain a private key.
It will of course be understood that the invention is not limited to the specific details as herein described, which are given by way of example only, and that various alterations and modifications may be made without departing from the scope of the invention.