EP1042885A1 - Kundenseitiges authentifizierungsverfahren mit öffentlichem schlüssel und vorrichtung mit kurzlebigen zertifikaten - Google Patents
Kundenseitiges authentifizierungsverfahren mit öffentlichem schlüssel und vorrichtung mit kurzlebigen zertifikatenInfo
- Publication number
- EP1042885A1 EP1042885A1 EP99904041A EP99904041A EP1042885A1 EP 1042885 A1 EP1042885 A1 EP 1042885A1 EP 99904041 A EP99904041 A EP 99904041A EP 99904041 A EP99904041 A EP 99904041A EP 1042885 A1 EP1042885 A1 EP 1042885A1
- Authority
- EP
- European Patent Office
- Prior art keywords
- public key
- user
- computer
- key
- certificate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/33—User authentication using certificates
- G06F21/335—User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
Definitions
- the present invention is directed to a public key authentication system and, in particular, to a system making it practical to implement client side public key authentication.
- Encryption can be related to identification and authentication in a number of ways. Most apparently, if the receiver of an encrypted message trusts that only one other person possesses the key by which the message was encrypted, then identification and, to some extent, authentication, is achieved upon successful decryption. By using encryption for authentication purposes, its role in access control is apparent since control to a resource can be predicated upon authentication of the person seeking access.
- encryption may play a role in avoiding disclosure of passwords to unauthorized parties (such as by encrypting passwords before they are transmitted or stored, or transforming the password into a symmetric key and using it in an encryption based protocol to authenticate the user).
- Encryption systems are often categorized into secret key ("symmetric key”) systems and public key (“asymmetric key”) systems (sometime called a public-key private-key system), although there are other systems, as well.
- secret key secret key
- asymmetric key public key
- the same key is used for both encrypting and decrypting. In this system, it is important to maintain secrecy of the key, (albeit a shared secret) e.g. , such that only authorized persons have knowledge or possession of the shared secret key.
- TTP trusted third party
- kerberos refers to kerberos and any trusted third party system that shares symmetric keys with users and services.
- a kerberos-like system has been found highly useful in a number of situations, it is believed that previous kerberos-type systems typically have not been deployed so as to provide advantages associated with public key systems (such as, e.g. , digital signatures).
- public key (PK) system two corresponding (“asymmetric")keys are used in connection with protecting information. Information which is encrypted with one of the two keys can be decrypted only with the other key.
- either of the two keys can be used to encrypt and the other key to decrypt.
- one key must be used only for encryption and the other only for decryption.
- One important feature of public key systems is that it is computationally infeasible to use knowledge of one of the keys to deduce the other key.
- each user of the system possesses a set of two such keys. One of the keys is maintained private while the other is freely published. If a sender encrypts a message with the recipient's public key, only the intended recipient can decrypt the message (since only the recipient is in possession of the private key corresponding to the published public key).
- the sender before performing the above encryption, first encrypts the message with the sender's private key
- the recipient upon performing first a decryption (using the recipient's private key), then a decryption on the result (using the sender's public key) is assured not only of privacy but of authentication since only the sender could have encrypted a message such that the sender's public key successfully decrypts it.
- a one-way hash is first applied to a message and the hash of the message is encrypted with the sender's private key.
- the degree of confidence that the recipient has in the source of the message depends on the degree of the recipient's confidence that the sender's public key corresponds to a private key that was possessed only by the sender.
- a number of generally well-trusted certification authorities have been established to provide this degree of confidence. In the system currently in widest use, these authorities provide public key certificates.
- such certificates Under the most widely used certificate standard (Standard X.509 developed by the International Standards Organization (ISO) and the Comit ⁇ Consultatif Internationale Brassique et Telephonique (CCITT)), such certificates include a public key, the name of the person who possesses or is associated with the public key, and other information which may, e.g., include an expiration date, all of which are digitally signed by a trusted party (and are thus in encrypted or otherwise modified form).
- the digital signature may be provided, e.g., according to the digital signature standard (DSS) (National Institute of Standards and
- a digital signature involves applying a one-way hash and then encrypting with the private key of, in this case, the certification authority.
- Such digital signature is provided using the private key of the trusted party which, in turn, is authenticated using the trusted party's certificate signed by yet another trusted party, so that there may be a multi-level hierarchy of trusted parties.
- public key systems are used in a number of situations, including certain Internet browsing situations, experience has shown that public key systems can have their own difficulties.
- the key which a user maintains secret is not feasible to remember (typically being a large number such as a 1024-bit binary number) and thus, to be practical, must be stored, making it vulnerable to breach of security and, in many systems, requiring use of a particular piece of hardware (e.g., a Smartcard or, in some cases, a particular computer).
- a Smartcard formed part of an authentication system.
- a number of Smartcard systems and uses are known.
- SSL Secure Socket Layer
- a Smartcard will hold information used to provide such a digital signature, so that users can access such resources if they possess an appropriate Smartcard (and without the need to, e.g. memorize a key).
- Other Smartcard authentication procedures using public and private key pairs are also known.
- the principle Smartcard interfaces currently in use are
- PKCS #11 Public Key Cryptography Standard, RSA Data Security, Inc.
- PC/SC Personal Computer/Smartcard
- a certificate is typically provided with an expiration date.
- Such expiration dates typically are on the order of a year or more from issuance, thus making certificates, in current systems, relatively long-lived.
- One of the features that makes a public key system attractive is its ease of use, and it would be counter to this goal if users had to obtain key pairs and publish new public keys on a very frequent basis. Nevertheless, in some circumstances, it is desirable to revoke a previously published certificate. For example, a public key pair which is used to control an employee's access to sensitive company information might be revoked when the employee leaves the company. Accordingly, previous public key systems have typically come to rely on checking certificates against a certificate revocation list (CRL).
- CTL certificate revocation list
- the X.509 standard provides an example of CRL representation.
- This requires distribution, e.g. intranet- or Internet-wide distribution, of CRLs, and requires an additional checking or comparison step. These items can be burdensome or even render the system infeasible in relatively large enterprises or networks.
- Another difficulty associated with public key systems is distribution and management of the private keys. For example, as a company hires new employees, it may want to provide some employees with public-private key pairs, but it becomes problematic to distribute the private keys in such a manner as to avoid revealing the private keys to other parties. Although employees' private keys should remain private if they are to serve the intended purpose, there are circumstances where a company may need to access such keys (e.g. to obtain company-owned information which was encrypted by a now-deceased employee). However, maintaining a employees' keys, e.g., in escrow would typically involve substantial management effort and expense.
- the present invention provides a system for automatically generating short-lived public key certificates (PKC), i.e. with a validity period less than 1 month preferably less than 1 week, more preferably less than 1 day and even more preferably less than about 12 hours, e.g., for session-oriented authentication or other security purposes, such as authorization.
- PKC public key certificates
- each time a user authenticates using a first authentication system e.g., every time a user logs onto the system and authenticates him or herself
- a new but short-lived PKC will be generated and delivered to the user.
- the public key will be re-certified relatively frequently (e.g. every 8 hours, every workday, etc.); the public-private key pair itself remains unchanged, and is relatively long-lived (e.g. with a lifetime of about 1 year or more).
- This newly generated PKC can then be used in a fashion similar to that for which PKCs were used in previous systems, including systems for controlling access to resources such as web pages or other resources.
- the system not only delivers the short-lived PKC but also delivers the private key corresponding to the PKC s public key. This relieves the user from having to be responsible for storing a public key or from being restricted to using particular hardware on which the private key is stored (although such a hardware-based approach could be used if preferred). Because the PKC is short-lived, it is possible to achieve a relatively high degree of trust without the need (or with a reduced need) for processing CRLs. In the case of, for example, a departed employee, the system will be configured to refuse to issue any more (short-lived) certificates for such employees and because previously-valid issued certificates will have expired (or will shortly expire), checking against a CRL is unnecessary.
- both the private key and public key are returned to the computer of the person seeking access, it is possible, if desired, to implement a simulated Smartcard in which the private key and public key, cached locally in the computer of the person seeking access, are used to simulate the presence of a physical Smartcard.
- the simulation can take the form of fijlfffling Smart API Calls such as, e.g., C-SIGN, C-VERIFY.
- the present invention can take advantage of relatively mature application prograinming interfaces (APIs) for Smartcards to implement a public key-based, client side authentication, without the need for actual Smartcard hardware (such as without the need for users to obtain and carry actual Smartcards).
- APIs application prograinming interfaces
- a TTP system which may be, for example, similar to a kerberos system, can be adapted for use as the short-lived certificate generating system.
- Such a system combines some of the advantages of a kerberos-type system, such as being password based and tolerant of users who log on at different computers ("roving users") with certain advantages of a public key system (such as facilitating access to resources which are protected via a public key infrastructure or system) while avoiding the above-noted difficulties with public key systems, such as private key distribution and management difficulties, the need for maintaining and using CRLs and storing private keys in relatively insecure or inconvenient fashions.
- FIG. 1 is a schematic block diagram of a kerberos-type system according to previous procedures
- Fig. 2 is a flowchart of a public key/Smartcard authentication system according to previous systems
- Fig. 3 is a flow chart depicting certificate generation and use according to an embodiment of the present invention
- Fig. 4 is a block diagram of certain components of a system illustrating use of the procedure of Fig. 3;
- Fig. 5 is a block diagram of a system for use with a simulated smartcard and/or a hardware smartcard, according to an embodiment of the present invention
- Fig. 6 is a block diagram of a system for use with a simulated smartcard and/or a hardware smartcard, according to an embodiment of the present invention
- Fig. 7 is a block diagram illustrating a system for logging in to a simulated smartcard, according to an embodiment of the present invention.
- Fig. 8A and 8B are block diagrams illustrating examples of how a system according to the present invention can provide support for third-party Public Key Infrastructures (PKI); and
- PKI Public Key Infrastructure
- Fig. 9 is a block diagram illustrating user enrollment in the context of a simulated smartcard system, according to an embodiment of the present invention.
- Fig. 1 depicts an authentication procedure using a kerberos system.
- the kerberos system uses a password for authentication, the system is particularly secure because it never transmits passwords, either encrypted or unencrypted, over the network.
- the system can provide a number of different services, including a ticket-granting service (described below) and various other services that may be desired by the user.
- the person who desires to use a particular resource or service 112 (which may be, for example, a software service such as a particular application program, may be data, may be a particular hardware resource or combination thereof) attempts to log onto the system, entering (usually in response to a prompt) a password known only to the person being authenticated. Preferably, for a typical user session, this is the only time the user will need this password during a (normal-length, e.g. 8-10 hour) session (although, if desired the system can be configured to require re-input of the password to perform certain tasks, such as administration tasks on the security system).
- the person makes the log-on attempt using a client computer 114 coupled, e.g.
- the client 114 sends a request message (AS-REQ) 118 to the KDC.
- the request 118 indicates the name of the person requesting the service but does not include the password.
- the KDC 116 responds 122 with an encrypted "ticket granting ticket" (TGT) (AS-REP).
- TGT ticket granting ticket
- AS-REP encrypted "ticket granting ticket”
- the ticket granting ticket includes two main components: a ticket for the client to use the ticket granting service
- the client computer 114 transmits a ticket request 124 (TGS-REQ) to the KDC 116.
- the request includes a number of components including an authenticator (generated by the client) for the client to use the service, encrypted with the session key(the session key is sealed in the TGT); the ticket for a client to use the ticket granting service, the majority of which is encrypted with the key of the ticket granting service (both of which were included in the ticket granting ticket 122) and the name of the service 112.
- the key distribution center 116 transmits to the client a ticket 126 (TGS-REP) (the majority of which is encrypted) which contains a ticket for the client to use the server, at least partially encrypted with the server's key, and a copy of the session key, encrypted with the session key that is shared between the client and the ticket granting server.
- TSS-REP ticket 126
- the client now has sufficient items to gain access to the service 112 as desired. This is achieved by transmitting from the client to the service 112 a message containing an authenticator and a ticket.
- the service provides the desired server response to the client.
- the service 112 can treat the ticket as authentic because only the KDC and the service 112 share the secret key with which the ticket is encrypted. As depicted in Fig.
- a public key system operates in a substantially different form.
- a user generates a public-private key pair 202.
- the user stores the private key 204 in any of a number of fashions, such as in a file on a client computer or on a Smartcard.
- Such storage in previous systems is believed to raise difficulties. Storing in a file located on a particular computer impairs "roving users" since the user can only use or access his stored private key on the particular computer where it was stored.
- the system is inconvenient or infeasible for users who need or desire the ability to log onto any of a plurality of different computers (e.g., any of a plurality of nodes in a local area network or other network) and still be able to use a public key system-controlled resource. It is further believed that storing private keys in a file on a computer, even if protected by encryption or other measures, represents a security vulnerability of the system. Storage of a private key on a Smartcard is at least theoretically compatible with roving users but in many situations is infeasible because of the cost and administrative overhead involved in equipping a plurality of machines with Smartcard readers and distributing Smartcards to various users.
- the user submits the public key for certification to a trusted entity such as a certification authority (CA), e.g. via a PKCS #10 request.
- a trusted entity such as a certification authority (CA)
- CA certification authority
- the certificate is then sent back to the user and typically will be publicly available, such as by publication in a directory such as an X.500 or LDAP (Lightweight Directory Access Protocol) directory, both well-know to those of skill in the art.
- the CA also periodically issues certificate revocation lists (CRL's) 214 as described above.
- CRL's certificate revocation lists
- a user wishing to access a resource would retrieve the private key (typically in an automatic fashion) 218.
- a resource control device will verify, using e.g. the user's public key (certified by the CA) that the user has been properly and correctly identified 222. Because of the long lifetime of certificates in previous systems, the resource control device will then perform a comparison with the CRL in order to determine whether the certificate has been revoked 224. As noted above, the comparison 224 represents an additional step in the process of controlling access. Additionally, there is an administrative cost in producing, distributing, storing and otherwise tracking CRLs, particularly when CRLs are promulgated with sufficient frequency to detect use of even recently-revoked certificates.
- a certificate generation system as depicted in Fig. 3.
- a modified kerberos-like system is used.
- one of the components of the modified kerberos-like system is a key distribution center (KDC) 416 (Fig. 4).
- KDC key distribution center
- the key distribution center 416 can be similar to that described in connection with Fig. 1 but modified (e.g. provided with different software) for the procedure described below.
- Fig. 3 initially (e.g.
- the KDC 416 will generate a public-private key pair 312.
- the system will also generate a certificate template (such as an X.509 certificate) 314.
- the KDC 416 will then use the KDC's private key to sign the template.
- steps 312, 314, 316 are substantially similar to procedures followed by root certification authorities (but not, typically, by network servers or KDC's) in previous systems.
- the client administration When a user registers, the client administration will generate a long-lived public-private key pair associated with that particular user and will store 318 the key pair in the KDC 416, associated with an identifier of the user.
- the system When the user begins a session, such as by logging on to a network, the user will enter a password, causing the client 114 to send 322 an AS-REQ message 118 to the KDC 416, as described previously in connection with Fig. 1.
- the system in response to the AS-REQ 118, the system will re-certify the user's public key. Specifically, the system will generate and sign an X.509 certificate for the user 324.
- a CA would generate and publish a certificate once (upon initial issuance) according to the system of Figs. 3 and 4, the system will generate a certificate containing the user's public key multiple times, typically, each time the user logs on to the system resulting, over time, in a sequence of certificates for this user.
- the certificate is short-lived, i.e., contains an expiration time/date which is significantly less than the one- to two-year (or longer) certificate expiration date in previous public key systems, preferably expiring in less than six months, or preferably less than a month, more preferably less than a week, even more preferably less than 24 hours, and yet more preferably expiring less than 12 and preferably around 8-10 hours after issuance. It is anticipated that the expiration date of such short-lived certificates will vary with the needs of the company or other enterprise implementing such systems, and preferably one or more normal or default lifetimes for certificates can be established, e.g. by a system administrator (following proper authentication).
- certificate lifetime policies will be set so as to provide certificates with lifetimes sufficiently short that checking against CRL's can be reduced or eliminated without significantly diminishing overall security. Accordingly, each time the system generates (or re-signs) a certificate for this user (i.e. a certificate containing the user's public key) the certificate will have a different expiration time. Typically, a new certificate (based on identical public key) will generate only after the expiration of the previous certificate, although other protocols could also be used. Thus, the result of the present system will typically be issuance of a series or sequence of certificates for any given user (typically on a daily or workday basis) but in which the certificates for this user are not completely identical, i.e.
- other data may be added to or modified in the series of shortlived certificates for a user.
- data indicating which resources a given user is authorized to use can be included in the short-lived certificates.
- authorization information is information indicating one or more user groups with which a user is affiliated, e.g. whose members are authorized to use certain resources.
- the system will then transmit or deliver 326 the certificate 422 to the client 144.
- the delivery is made as part of the (modified) AS-REP response, analogous to that described above in connection with Fig. 1.
- the user can do so, e.g. using the certificate, typically without the need to enter the password again.
- the short-lived certificate has expired, in order for the user to authenticate to a resource, the user will need to repeat the procedure described above in order to obtain another short-lived certificate, thus typically requiring re-entering the password.
- the system delivers not only the certificate, but also the private key of the user 328 (i.e. which corresponds to the public key on which the certificate is based), preferably protected by a shared secret such as a session key generated by the kerberos- like system.
- a shared secret such as a session key generated by the kerberos- like system.
- the user is able to retrieve the private key for use as described in Fig. 2 (218) but without having to store the private key in a file on the client computer 114 (where, as noted above, it may be relatively vulnerable).
- central administration of private keys is made feasible, in contrast to previous PK systems, which were typically based on a paradigm of private keys being widely distributed (i.e. individually stored by individual users).
- a user can use any of a plurality of computers to log onto the system using his or her password, this system supports roving users, but without the requirement for a physical Smartcard.
- the client computer 114 being in possession of both the private key and the certificate, can access 332 a public key controlled resource 424.
- a public/private key pair may be used in connection with authenticating to a number of resources.
- an access control decision can be made based on an authentication process which involves use of a Smartcard, e.g. using a hardware Smartcard 516 in connection with a Smartcard interface 518 such as a PKCS #11 application programming interface 512 (Figs. 5 and 6).
- the present invention affords an additional opportunity. According to the embodiment generally illustrated in
- Fig. 5 it is possible to provide a simulated Smartcard/Smartcard interface in place of, or, as illustrated, in addition to, the hardware Smartcard 516 and interface 518. From the perspective of the application 514 (such as, for example, a browser 517) and API 512, there will be no difference between a simulated Smartcard/Smartcard interface 522 and the hardware Smartcard/interface 516, 518.
- the application 514 such as, for example, a browser 51
- API 512 there will be no difference between a simulated Smartcard/Smartcard interface 522 and the hardware Smartcard/interface 516, 518.
- the user's password will be used to authenticate to the KDC 416 and retrieve the private key and a freshly generated X.509 certificate 422. These credentials are then cached locally 524 (or remotely).
- the credentials may be used to fulfill Smartcard API calls (e.g. C-SIGN, C- VERIFY).
- Smartcard API calls e.g. C-SIGN, C- VERIFY.
- the approach of Figs. 5 and 6 permits transparent access to an application 514 via a PKCS #11 API, i.e. using a relatively mature API but without the cost and administrative overhead associated with hardware Smartcards.
- a process for logging in to a simulated smartcard may begin when a client application 514 uses a standard API such as PKCS #11, MS-CAPL CDSA and the like, to initiate log on of user into a smartcard.
- PKCS #11, MS-CAPL CDSA and the like a standard API
- the process of the present invention is transparent to the client application 514 in the sense that the messages and/or data sent from and received by the client application during the process will be the same regardless of whether the client application 514 is logging on to the simulated smartcard as depicted in Fig. 7 or logs on to a physical smartcard.
- the particular interface 512 which is used will typically depend on what client application 514 is performing the login (e.g.
- the simulated smartcard client 714 (implemented with software typically residing on a client side computer) will authenticate to 716 a security server 718, typically an authentication service such as a Kerberos-like authentication service.
- a security server 718 typically an authentication service such as a Kerberos-like authentication service.
- the simulated smartcard client 714 will request a password and/or login name from the user before formulating and sending an authentication request 716.
- the security server 718 responds by sending 722 authentication credentials to the simulated smartcard client 714.
- the authentication credentials which are sent 722 may include those described above in connection with the embodiments of the present invention and/or previous systems.
- the information sent 722 is sufficient to permit the simulated smartcard client 714 to send a message 724 to a simulated smartcard server 726 sufficient to authenticate to the simulated smartcard server.
- the information 722 sent to the simulated smartcard client 714 will include a ticket (generally as described above) for the smartcard service.
- the simulated smartcard server 726 returns a (preferably encrypted) smartcard image 728.
- the "smartcard image” includes at least some information which, in a physical smartcard system, would be stored on or derived from a physical smartcard.
- the smartcard image is encrypted, for example with a private key.
- the simulated smartcard client 714 will then decrypt the smartcard image.
- the decrypted image may contain, e.g., public keys, private keys, symmetric keys, certificates and similar information. Some or all of the information (preferably including especially sensitive information such as a private key) may be encrypted under a password known only to the end user.
- blocks shown underneath the client application 514 are items which are client side items, i.e. which use or constitute software residing, typically, on a PC or other computer used by an end user, while items on the right side of the figure represent server-side items i.e.
- a security server 718 and simulated smartcard server 726 are shown as separate blocks, it is also possible to configure a system in which one or more of the components depicted as separate blocks are, in fact on a single server computer, e.g. in which the security server 718 and simulated smartcard server 726 are located on a single server computer. It is possible, in this situation, to combine steps 2, 3 and 4 so that the simulated smartcard client 714 sends an authentication request 716 to the security server/simulated smartcard server which responds by sending a (preferably encrypted) smartcard image 728 back to the simulated smartcard client 714.
- the smartcard client 714 After receiving the smartcard image, the smartcard client 714 will then check for expired public key certificates on the (decrypted) smartcard image. If an expired certificate is found, the simulated smartcard client 714 will submit a re-certification request 732 to a server-side certification authority 734. Typically certifications returned to the simulated smartcard client 714 will be short-lived certificates generally as described above. The simulated smartcard client 714 will then use the objects on the smartcard image to fulfil cryptographic operations provided by the cryptographic API's 512 responding 736 to the client application 514 in a manner substantially identical to the manner of response that would have been provided had a physical smartcard system been used.
- FIG. 8A and 8B provide two (of many) possible examples of such further operation.
- the client application 514 may, e.g., generate or store public key credentials 814 (typically using standard cryptographic API's 512).
- public key credentials are, in the embodiment of Fig. 8 A, handled in a fashion which is transparent to the client application 514.
- the simulated smartcard client 714 will send a message 816 to the simulated smartcard server 726 to update the simulated smartcard image on the server side.
- Fig. 8B provides another example.
- the client application 514 communicates with a third party certification authority 822, 824 which is neither on a client machine nor a server of the present security system.
- the client application 514 may contact a third party certification authority to get certified.
- the present system provides for simulated smartcard storage, in a manner similar to that described above in connection with Fig. 8A, by sending the information 816' prime to the simulated smartcard server 726 for storage.
- Fig. 9 illustrates use of the system, according to an embodiment of the present invention, for enrolling new users in the simulated smartcard system.
- an administrator e.g. using an administrator server 912, prepares a certificate template (preferably assisted by software for generating such templates) which is sent for storage 914 on a simulated smartcard server 726 (or a storage device 916 associated therewith).
- the template specifies at least some of the components of the certificate for use in the system.
- the template will contain, e.g., the user's distinguished name, the issuer's distinguished name and the like.
- An initial password is generated for a new user and stored on the security server 718 (or a storage device couple therewith) preferably resetting the password 722 such that after the user preforms an initial log on, the password will be flagged as being in an expired state (thus forcing the user to change the password).
- the generation of a new public-private key pair for the user could be performed either on the client side computer 714 or on a server (e.g. 912).
- Client side key generation might be used when it is desired to reduce the computing load on server computers.
- the passwords discussed above are distributed to the various users. Preferably this is done out-of-band (without transmitting the password over the computer network, such as by providing the password in a personal meeting, over the telephone and the like).
- the user preferably will be required to change his or her password (as described above).
- the simulated smartcard client 714 will generate the key pair.
- the smartcard image is then downloaded to the client, e.g. using a procedure 812 similar to that described above.
- the keys are then generated and written back to the smartcard image on the server side, e.g. using a procedure 816 similar to that described above in connection with Fig. 8A.
- the present invention provides a turnkey solution making public key authentication feasible.
- the present invention employs a symmetric key authentication to enable use of an application which may be protected by an asymmetric key system.
- the present invention makes it practical to implement client side public key authentication by solving the private key management and certificate revocation problems.
- the invention provides for public key authentication without the need for (or with reduced need for) CRLs and/or without the need for client-stored or smartcard- stored private keys.
- the present invention provides for relatively frequent public key recertification (e.g. every work day) without the need for frequent regeneration of new key pairs, which is a computationally expensive operation.
- the present invention can be implemented using (in modified fashion) certain previous systems or standards such as a modified kerberos and/or PKCS #11, MS-CAPI or CDSA implementations, thereby taking advantage of certain relatively mature or developed systems (or features of such systems) while avoiding certain disadvantages previously considered to be an unavoidable part of such systems.
- the present invention provides an opportunity to implement central administration of both a public key system and kerberos system to accommodate both types of uses.
- the present invention provides a single system which can both use or implement a public key system and act as a certification authority.
- TTP Transmission Protocol
- kerberos-type system for generating and delivering short-lived certificates
- other systems could also be used for generating and delivering short-lived certificates. It is possible to provide a system in which different facilities are used for generating and for delivering the certificates. It is possible to provide a system in which delivery of a short-lived certificate is not necessarily accompanied by delivery of a private key or a kerberos ticket.
- Smartcards or simulated Smartcards can be used in connection with other items, such as electronic mail ("e-mail").
- e-mail electronic mail
- KDC KDC
- other system for generating short-lived certificates it is possible to configure they system to issue moderate- life or (standard) long-lived certificates.
- certificate and/or private key delivery is described as occurring as part of a kerberos AS-REP message, it is possible to provide for delivery separately from the AS-REP message.
- the system can be configured to deliver only private key and certificates to the client (i.e.
- the system may be configured to allow the user to specify whether delivery of both public key credentials and kerberos tickets, and/or both certificate and private key is needed or desired.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Computer And Data Communications (AREA)
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US85437 | 1979-10-16 | ||
US7108498P | 1998-01-09 | 1998-01-09 | |
US8543798A | 1998-05-27 | 1998-05-27 | |
PCT/US1999/000344 WO1999035783A1 (en) | 1998-01-09 | 1999-01-06 | Client side public key authentication method and apparatus with short-lived certificates |
US71084P | 2008-04-11 |
Publications (1)
Publication Number | Publication Date |
---|---|
EP1042885A1 true EP1042885A1 (de) | 2000-10-11 |
Family
ID=26751814
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP99904041A Withdrawn EP1042885A1 (de) | 1998-01-09 | 1999-01-06 | Kundenseitiges authentifizierungsverfahren mit öffentlichem schlüssel und vorrichtung mit kurzlebigen zertifikaten |
Country Status (6)
Country | Link |
---|---|
EP (1) | EP1042885A1 (de) |
JP (1) | JP2002501218A (de) |
KR (1) | KR20010033972A (de) |
AU (1) | AU2452699A (de) |
CA (1) | CA2313328A1 (de) |
WO (1) | WO1999035783A1 (de) |
Families Citing this family (51)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6622999B1 (en) | 1999-05-25 | 2003-09-23 | Silverbrook Research Pty Ltd | Printed media binder |
US7461250B1 (en) * | 1999-07-22 | 2008-12-02 | Rsa Security, Inc. | System and method for certificate exchange |
CA2382922C (en) * | 1999-08-31 | 2011-12-13 | American Express Travel Related Services Company, Inc. | Methods and apparatus for conducting electronic transactions |
FI19992197A (fi) * | 1999-10-12 | 2001-04-30 | Sonera Oyj | Varmenteiden jakelu |
JP4626001B2 (ja) * | 1999-10-19 | 2011-02-02 | ソニー株式会社 | 暗号化通信システム及び暗号化通信方法 |
US7340600B1 (en) * | 2000-01-14 | 2008-03-04 | Hewlett-Packard Development Company, L.P. | Authorization infrastructure based on public key cryptography |
US7010683B2 (en) * | 2000-01-14 | 2006-03-07 | Howlett-Packard Development Company, L.P. | Public key validation service |
US6763459B1 (en) * | 2000-01-14 | 2004-07-13 | Hewlett-Packard Company, L.P. | Lightweight public key infrastructure employing disposable certificates |
US7269726B1 (en) | 2000-01-14 | 2007-09-11 | Hewlett-Packard Development Company, L.P. | Lightweight public key infrastructure employing unsigned certificates |
US6802002B1 (en) | 2000-01-14 | 2004-10-05 | Hewlett-Packard Development Company, L.P. | Method and apparatus for providing field confidentiality in digital certificates |
JP2001326632A (ja) * | 2000-05-17 | 2001-11-22 | Fujitsu Ltd | 分散グループ管理システムおよび方法 |
KR100441077B1 (ko) * | 2000-06-08 | 2004-07-19 | 인터내셔널 비지네스 머신즈 코포레이션 | 독립된 장치들이 단일 토큰 인터페이스로서 함께 동작할수 있도록 해주는 방법 및 그래픽 사용자 인터페이스 |
DE60122828T2 (de) * | 2000-06-09 | 2007-01-04 | Northrop Grumman Corp., Los Angeles | Vorrichtung und Verfahren zur Erzeugung eines Unterschriftszertifikats in einer Infrastruktur mit öffentlichen Schlüsseln |
FR2810841B1 (fr) * | 2000-06-22 | 2005-07-29 | Bull Cp8 | Procede pour le traitement et la transmission de donnees numeriques sur un reseau de telephonie mobile, notamment a la norme "gsm", et systeme embarque a puce electronique |
US7020773B1 (en) | 2000-07-17 | 2006-03-28 | Citrix Systems, Inc. | Strong mutual authentication of devices |
FI109253B (fi) * | 2000-08-22 | 2002-06-14 | Smarttrust Systems Oy | Varmennettu identiteettiketju |
JP4626033B2 (ja) * | 2000-08-31 | 2011-02-02 | ソニー株式会社 | 公開鍵証明書利用システム、公開鍵証明書利用方法、および情報処理装置、並びにプログラム提供媒体 |
US6807577B1 (en) | 2000-09-14 | 2004-10-19 | International Business Machines Corporation | System and method for network log-on by associating legacy profiles with user certificates |
US6986040B1 (en) | 2000-11-03 | 2006-01-10 | Citrix Systems, Inc. | System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel |
US20020120842A1 (en) * | 2000-11-29 | 2002-08-29 | Helge Bragstad | Method, apparatus and computer program product for interoperable cryptographic material |
KR20020042083A (ko) * | 2000-11-30 | 2002-06-05 | 오경수 | 공개키 기반구조에서 개인키 이동과 로밍서비스를 위한이중암호화 및 송/수신방법 |
SE0100474D0 (sv) * | 2001-02-14 | 2001-02-14 | Ericsson Telefon Ab L M | A security architecture |
GB2372344A (en) * | 2001-02-17 | 2002-08-21 | Hewlett Packard Co | System for the anonymous purchase of products or services online |
US7100200B2 (en) * | 2001-06-13 | 2006-08-29 | Citrix Systems, Inc. | Method and apparatus for transmitting authentication credentials of a user across communication sessions |
GB2378104A (en) * | 2001-07-27 | 2003-01-29 | Hewlett Packard Co | Authentification for computer networks using a hybrid protocol and digital certificate |
EP1425874B1 (de) | 2001-08-13 | 2010-04-21 | Board Of Trustees Of The Leland Stanford Junior University | Systeme und Verfahren zur Verschlüsselung auf Identitätsbasis und damit zusammenhängende kryptografische Techniken |
GB2378780B (en) * | 2001-08-14 | 2003-07-09 | Elan Digital Systems Ltd | Data integrity |
JP4969745B2 (ja) * | 2001-09-17 | 2012-07-04 | 株式会社東芝 | 公開鍵基盤システム |
ES2341314T3 (es) * | 2001-11-05 | 2010-06-18 | Nokia Corporation | Envio de resultados de analisis de auto-rendimiento y operacional de una estacion movil a una red en respuesta a un mensaje de solicitud cifrado. |
EP1500289B1 (de) | 2002-01-16 | 2009-08-19 | Broca Communications Limited | Sicherheitsnachrichten über ein mobilkommunikationsnetzwerk |
US20030163693A1 (en) * | 2002-02-28 | 2003-08-28 | General Instrument Corporation | Detection of duplicate client identities in a communication system |
KR100495817B1 (ko) * | 2002-12-10 | 2005-06-16 | 주식회사 케이티 | 무선망에서의 사용자 인증 처리 시스템 및 그 방법 |
DE10259269B4 (de) * | 2002-12-17 | 2013-10-31 | Symantec Corporation (n.d.Ges.d. Staates Delaware) | Vorrichtung und Verfahren zur individualisierten Ver- und Entschlüsselung sowie Signatur und Signaturprüfung über zentrale Komponenten |
US7178724B2 (en) | 2003-04-21 | 2007-02-20 | Stmicroelectronics, Inc. | Smart card device and method used for transmitting and receiving secure e-mails |
JP4712326B2 (ja) * | 2003-07-25 | 2011-06-29 | 株式会社リコー | 通信装置、通信システム、通信方法及びプログラム |
JP5348148B2 (ja) * | 2003-07-25 | 2013-11-20 | 株式会社リコー | 通信装置、通信システム、通信方法及びプログラム |
JP4611680B2 (ja) * | 2003-07-25 | 2011-01-12 | 株式会社リコー | 通信装置、通信システム、通信方法及びプログラム |
US8015399B2 (en) * | 2003-09-30 | 2011-09-06 | Ricoh Company, Ltd. | Communication apparatus, communication system, certificate transmission method and program |
KR101010795B1 (ko) * | 2003-11-27 | 2011-01-25 | 엘지전자 주식회사 | 휴대폰의 멀티캐스팅 방법 |
JP2005333596A (ja) * | 2004-05-21 | 2005-12-02 | Toshiba Corp | 電子申請システム、電子申請装置 |
US7685630B2 (en) | 2006-05-04 | 2010-03-23 | Citrix Online, Llc | Methods and systems for providing scalable authentication |
JP5464794B2 (ja) * | 2006-07-24 | 2014-04-09 | コニカミノルタ株式会社 | ネットワーク管理方法およびネットワーク管理システム |
WO2008017913A2 (en) * | 2006-08-07 | 2008-02-14 | Nokia Corporation | Connecting a first device and a second device |
WO2010013699A1 (ja) | 2008-07-28 | 2010-02-04 | 日本電気株式会社 | 署名システム |
TWI426762B (zh) | 2008-08-04 | 2014-02-11 | Ind Tech Res Inst | 網路身分管理方法與系統 |
JP2011114730A (ja) * | 2009-11-27 | 2011-06-09 | Cybertrust Japan Co Ltd | メール暗号化送信システム及びプログラム |
CN115719224A (zh) | 2016-01-25 | 2023-02-28 | 创新先进技术有限公司 | 基于移动终端卡模拟的信用支付方法及装置 |
CN106997527A (zh) | 2016-01-25 | 2017-08-01 | 阿里巴巴集团控股有限公司 | 基于移动终端p2p的信用支付方法及装置 |
JP6647259B2 (ja) * | 2017-09-19 | 2020-02-14 | セコム株式会社 | 証明書管理装置 |
WO2019168477A1 (en) * | 2018-03-02 | 2019-09-06 | Nitto Denko Corporation | System and method for securing data communication between computers |
JP6894469B2 (ja) * | 2019-06-11 | 2021-06-30 | 株式会社ユビキタスAiコーポレーション | 情報処理装置およびその制御プログラム |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5200999A (en) * | 1991-09-27 | 1993-04-06 | International Business Machines Corporation | Public key cryptosystem key management based on control vectors |
EP0566811A1 (de) * | 1992-04-23 | 1993-10-27 | International Business Machines Corporation | Verfahren und System zur Authentifizierung mit einer Chipkarte |
US5521966A (en) * | 1993-12-14 | 1996-05-28 | At&T Corp. | Method and system for mediating transactions that use portable smart cards |
US5737419A (en) * | 1994-11-09 | 1998-04-07 | Bell Atlantic Network Services, Inc. | Computer system for securing communications using split private key asymmetric cryptography |
US5655077A (en) * | 1994-12-13 | 1997-08-05 | Microsoft Corporation | Method and system for authenticating access to heterogeneous computing services |
US5687235A (en) * | 1995-10-26 | 1997-11-11 | Novell, Inc. | Certificate revocation performance optimization |
US5774552A (en) * | 1995-12-13 | 1998-06-30 | Ncr Corporation | Method and apparatus for retrieving X.509 certificates from an X.500 directory |
-
1999
- 1999-01-06 KR KR1020007007557A patent/KR20010033972A/ko not_active Application Discontinuation
- 1999-01-06 WO PCT/US1999/000344 patent/WO1999035783A1/en not_active Application Discontinuation
- 1999-01-06 CA CA002313328A patent/CA2313328A1/en not_active Abandoned
- 1999-01-06 JP JP2000528045A patent/JP2002501218A/ja active Pending
- 1999-01-06 AU AU24526/99A patent/AU2452699A/en not_active Abandoned
- 1999-01-06 EP EP99904041A patent/EP1042885A1/de not_active Withdrawn
Non-Patent Citations (1)
Title |
---|
See references of WO9935783A1 * |
Also Published As
Publication number | Publication date |
---|---|
KR20010033972A (ko) | 2001-04-25 |
WO1999035783A1 (en) | 1999-07-15 |
JP2002501218A (ja) | 2002-01-15 |
AU2452699A (en) | 1999-07-26 |
CA2313328A1 (en) | 1999-07-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO1999035783A1 (en) | Client side public key authentication method and apparatus with short-lived certificates | |
US9544297B2 (en) | Method for secured data processing | |
US6317829B1 (en) | Public key cryptography based security system to facilitate secure roaming of users | |
US7624269B2 (en) | Secure messaging system with derived keys | |
US8281136B2 (en) | Techniques for key distribution for use in encrypted communications | |
US5687235A (en) | Certificate revocation performance optimization | |
US7395549B1 (en) | Method and apparatus for providing a key distribution center without storing long-term server secrets | |
EP0695985B1 (de) | Anmeldungszertifikate | |
US7890767B2 (en) | Virtual smart card system and method | |
EP1500226B1 (de) | System und methode zum speichern sowie abrufen kryptographischer geheimnisse von unterschiedlichen kundenendgeräten in einem netzwerk | |
US6826686B1 (en) | Method and apparatus for secure password transmission and password changes | |
US6092201A (en) | Method and apparatus for extending secure communication operations via a shared list | |
US8315393B2 (en) | System for on-line and off-line decryption | |
US8302171B2 (en) | System and method for privilege delegation and control | |
US7698565B1 (en) | Crypto-proxy server and method of using the same | |
US20030115452A1 (en) | One time password entry to access multiple network sites | |
US20020087862A1 (en) | Trusted intermediary | |
US7065642B2 (en) | System and method for generation and use of asymmetric crypto-keys each having a public portion and multiple private portions | |
GB2385955A (en) | Key certification using certificate chains | |
US7412059B1 (en) | Public-key encryption system | |
Zhou et al. | An efficient public-key framework | |
Alagappan et al. | SPX Guide | |
Macdonell | MiniCA: A web-based certificate authority |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20000728 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): BE CH DE ES FR GB IT LI |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN |
|
18D | Application deemed to be withdrawn |
Effective date: 20020801 |