EP1042885A1 - Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree - Google Patents

Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree

Info

Publication number
EP1042885A1
EP1042885A1 EP99904041A EP99904041A EP1042885A1 EP 1042885 A1 EP1042885 A1 EP 1042885A1 EP 99904041 A EP99904041 A EP 99904041A EP 99904041 A EP99904041 A EP 99904041A EP 1042885 A1 EP1042885 A1 EP 1042885A1
Authority
EP
European Patent Office
Prior art keywords
public key
user
computer
key
certificate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP99904041A
Other languages
German (de)
English (en)
Inventor
Matthew Hur
Gennady Medvinsky
Joseph N. Kovara
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cybersafe Corp
Original Assignee
Cybersafe Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cybersafe Corp filed Critical Cybersafe Corp
Publication of EP1042885A1 publication Critical patent/EP1042885A1/fr
Withdrawn legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • G06F21/335User authentication using certificates for accessing specific resources, e.g. using Kerberos tickets
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption

Definitions

  • the present invention is directed to a public key authentication system and, in particular, to a system making it practical to implement client side public key authentication.
  • Encryption can be related to identification and authentication in a number of ways. Most apparently, if the receiver of an encrypted message trusts that only one other person possesses the key by which the message was encrypted, then identification and, to some extent, authentication, is achieved upon successful decryption. By using encryption for authentication purposes, its role in access control is apparent since control to a resource can be predicated upon authentication of the person seeking access.
  • encryption may play a role in avoiding disclosure of passwords to unauthorized parties (such as by encrypting passwords before they are transmitted or stored, or transforming the password into a symmetric key and using it in an encryption based protocol to authenticate the user).
  • Encryption systems are often categorized into secret key ("symmetric key”) systems and public key (“asymmetric key”) systems (sometime called a public-key private-key system), although there are other systems, as well.
  • secret key secret key
  • asymmetric key public key
  • the same key is used for both encrypting and decrypting. In this system, it is important to maintain secrecy of the key, (albeit a shared secret) e.g. , such that only authorized persons have knowledge or possession of the shared secret key.
  • TTP trusted third party
  • kerberos refers to kerberos and any trusted third party system that shares symmetric keys with users and services.
  • a kerberos-like system has been found highly useful in a number of situations, it is believed that previous kerberos-type systems typically have not been deployed so as to provide advantages associated with public key systems (such as, e.g. , digital signatures).
  • public key (PK) system two corresponding (“asymmetric")keys are used in connection with protecting information. Information which is encrypted with one of the two keys can be decrypted only with the other key.
  • either of the two keys can be used to encrypt and the other key to decrypt.
  • one key must be used only for encryption and the other only for decryption.
  • One important feature of public key systems is that it is computationally infeasible to use knowledge of one of the keys to deduce the other key.
  • each user of the system possesses a set of two such keys. One of the keys is maintained private while the other is freely published. If a sender encrypts a message with the recipient's public key, only the intended recipient can decrypt the message (since only the recipient is in possession of the private key corresponding to the published public key).
  • the sender before performing the above encryption, first encrypts the message with the sender's private key
  • the recipient upon performing first a decryption (using the recipient's private key), then a decryption on the result (using the sender's public key) is assured not only of privacy but of authentication since only the sender could have encrypted a message such that the sender's public key successfully decrypts it.
  • a one-way hash is first applied to a message and the hash of the message is encrypted with the sender's private key.
  • the degree of confidence that the recipient has in the source of the message depends on the degree of the recipient's confidence that the sender's public key corresponds to a private key that was possessed only by the sender.
  • a number of generally well-trusted certification authorities have been established to provide this degree of confidence. In the system currently in widest use, these authorities provide public key certificates.
  • such certificates Under the most widely used certificate standard (Standard X.509 developed by the International Standards Organization (ISO) and the Comit ⁇ Consultatif Internationale Brassique et Telephonique (CCITT)), such certificates include a public key, the name of the person who possesses or is associated with the public key, and other information which may, e.g., include an expiration date, all of which are digitally signed by a trusted party (and are thus in encrypted or otherwise modified form).
  • the digital signature may be provided, e.g., according to the digital signature standard (DSS) (National Institute of Standards and
  • a digital signature involves applying a one-way hash and then encrypting with the private key of, in this case, the certification authority.
  • Such digital signature is provided using the private key of the trusted party which, in turn, is authenticated using the trusted party's certificate signed by yet another trusted party, so that there may be a multi-level hierarchy of trusted parties.
  • public key systems are used in a number of situations, including certain Internet browsing situations, experience has shown that public key systems can have their own difficulties.
  • the key which a user maintains secret is not feasible to remember (typically being a large number such as a 1024-bit binary number) and thus, to be practical, must be stored, making it vulnerable to breach of security and, in many systems, requiring use of a particular piece of hardware (e.g., a Smartcard or, in some cases, a particular computer).
  • a Smartcard formed part of an authentication system.
  • a number of Smartcard systems and uses are known.
  • SSL Secure Socket Layer
  • a Smartcard will hold information used to provide such a digital signature, so that users can access such resources if they possess an appropriate Smartcard (and without the need to, e.g. memorize a key).
  • Other Smartcard authentication procedures using public and private key pairs are also known.
  • the principle Smartcard interfaces currently in use are
  • PKCS #11 Public Key Cryptography Standard, RSA Data Security, Inc.
  • PC/SC Personal Computer/Smartcard
  • a certificate is typically provided with an expiration date.
  • Such expiration dates typically are on the order of a year or more from issuance, thus making certificates, in current systems, relatively long-lived.
  • One of the features that makes a public key system attractive is its ease of use, and it would be counter to this goal if users had to obtain key pairs and publish new public keys on a very frequent basis. Nevertheless, in some circumstances, it is desirable to revoke a previously published certificate. For example, a public key pair which is used to control an employee's access to sensitive company information might be revoked when the employee leaves the company. Accordingly, previous public key systems have typically come to rely on checking certificates against a certificate revocation list (CRL).
  • CTL certificate revocation list
  • the X.509 standard provides an example of CRL representation.
  • This requires distribution, e.g. intranet- or Internet-wide distribution, of CRLs, and requires an additional checking or comparison step. These items can be burdensome or even render the system infeasible in relatively large enterprises or networks.
  • Another difficulty associated with public key systems is distribution and management of the private keys. For example, as a company hires new employees, it may want to provide some employees with public-private key pairs, but it becomes problematic to distribute the private keys in such a manner as to avoid revealing the private keys to other parties. Although employees' private keys should remain private if they are to serve the intended purpose, there are circumstances where a company may need to access such keys (e.g. to obtain company-owned information which was encrypted by a now-deceased employee). However, maintaining a employees' keys, e.g., in escrow would typically involve substantial management effort and expense.
  • the present invention provides a system for automatically generating short-lived public key certificates (PKC), i.e. with a validity period less than 1 month preferably less than 1 week, more preferably less than 1 day and even more preferably less than about 12 hours, e.g., for session-oriented authentication or other security purposes, such as authorization.
  • PKC public key certificates
  • each time a user authenticates using a first authentication system e.g., every time a user logs onto the system and authenticates him or herself
  • a new but short-lived PKC will be generated and delivered to the user.
  • the public key will be re-certified relatively frequently (e.g. every 8 hours, every workday, etc.); the public-private key pair itself remains unchanged, and is relatively long-lived (e.g. with a lifetime of about 1 year or more).
  • This newly generated PKC can then be used in a fashion similar to that for which PKCs were used in previous systems, including systems for controlling access to resources such as web pages or other resources.
  • the system not only delivers the short-lived PKC but also delivers the private key corresponding to the PKC s public key. This relieves the user from having to be responsible for storing a public key or from being restricted to using particular hardware on which the private key is stored (although such a hardware-based approach could be used if preferred). Because the PKC is short-lived, it is possible to achieve a relatively high degree of trust without the need (or with a reduced need) for processing CRLs. In the case of, for example, a departed employee, the system will be configured to refuse to issue any more (short-lived) certificates for such employees and because previously-valid issued certificates will have expired (or will shortly expire), checking against a CRL is unnecessary.
  • both the private key and public key are returned to the computer of the person seeking access, it is possible, if desired, to implement a simulated Smartcard in which the private key and public key, cached locally in the computer of the person seeking access, are used to simulate the presence of a physical Smartcard.
  • the simulation can take the form of fijlfffling Smart API Calls such as, e.g., C-SIGN, C-VERIFY.
  • the present invention can take advantage of relatively mature application prograinming interfaces (APIs) for Smartcards to implement a public key-based, client side authentication, without the need for actual Smartcard hardware (such as without the need for users to obtain and carry actual Smartcards).
  • APIs application prograinming interfaces
  • a TTP system which may be, for example, similar to a kerberos system, can be adapted for use as the short-lived certificate generating system.
  • Such a system combines some of the advantages of a kerberos-type system, such as being password based and tolerant of users who log on at different computers ("roving users") with certain advantages of a public key system (such as facilitating access to resources which are protected via a public key infrastructure or system) while avoiding the above-noted difficulties with public key systems, such as private key distribution and management difficulties, the need for maintaining and using CRLs and storing private keys in relatively insecure or inconvenient fashions.
  • FIG. 1 is a schematic block diagram of a kerberos-type system according to previous procedures
  • Fig. 2 is a flowchart of a public key/Smartcard authentication system according to previous systems
  • Fig. 3 is a flow chart depicting certificate generation and use according to an embodiment of the present invention
  • Fig. 4 is a block diagram of certain components of a system illustrating use of the procedure of Fig. 3;
  • Fig. 5 is a block diagram of a system for use with a simulated smartcard and/or a hardware smartcard, according to an embodiment of the present invention
  • Fig. 6 is a block diagram of a system for use with a simulated smartcard and/or a hardware smartcard, according to an embodiment of the present invention
  • Fig. 7 is a block diagram illustrating a system for logging in to a simulated smartcard, according to an embodiment of the present invention.
  • Fig. 8A and 8B are block diagrams illustrating examples of how a system according to the present invention can provide support for third-party Public Key Infrastructures (PKI); and
  • PKI Public Key Infrastructure
  • Fig. 9 is a block diagram illustrating user enrollment in the context of a simulated smartcard system, according to an embodiment of the present invention.
  • Fig. 1 depicts an authentication procedure using a kerberos system.
  • the kerberos system uses a password for authentication, the system is particularly secure because it never transmits passwords, either encrypted or unencrypted, over the network.
  • the system can provide a number of different services, including a ticket-granting service (described below) and various other services that may be desired by the user.
  • the person who desires to use a particular resource or service 112 (which may be, for example, a software service such as a particular application program, may be data, may be a particular hardware resource or combination thereof) attempts to log onto the system, entering (usually in response to a prompt) a password known only to the person being authenticated. Preferably, for a typical user session, this is the only time the user will need this password during a (normal-length, e.g. 8-10 hour) session (although, if desired the system can be configured to require re-input of the password to perform certain tasks, such as administration tasks on the security system).
  • the person makes the log-on attempt using a client computer 114 coupled, e.g.
  • the client 114 sends a request message (AS-REQ) 118 to the KDC.
  • the request 118 indicates the name of the person requesting the service but does not include the password.
  • the KDC 116 responds 122 with an encrypted "ticket granting ticket" (TGT) (AS-REP).
  • TGT ticket granting ticket
  • AS-REP encrypted "ticket granting ticket”
  • the ticket granting ticket includes two main components: a ticket for the client to use the ticket granting service
  • the client computer 114 transmits a ticket request 124 (TGS-REQ) to the KDC 116.
  • the request includes a number of components including an authenticator (generated by the client) for the client to use the service, encrypted with the session key(the session key is sealed in the TGT); the ticket for a client to use the ticket granting service, the majority of which is encrypted with the key of the ticket granting service (both of which were included in the ticket granting ticket 122) and the name of the service 112.
  • the key distribution center 116 transmits to the client a ticket 126 (TGS-REP) (the majority of which is encrypted) which contains a ticket for the client to use the server, at least partially encrypted with the server's key, and a copy of the session key, encrypted with the session key that is shared between the client and the ticket granting server.
  • TSS-REP ticket 126
  • the client now has sufficient items to gain access to the service 112 as desired. This is achieved by transmitting from the client to the service 112 a message containing an authenticator and a ticket.
  • the service provides the desired server response to the client.
  • the service 112 can treat the ticket as authentic because only the KDC and the service 112 share the secret key with which the ticket is encrypted. As depicted in Fig.
  • a public key system operates in a substantially different form.
  • a user generates a public-private key pair 202.
  • the user stores the private key 204 in any of a number of fashions, such as in a file on a client computer or on a Smartcard.
  • Such storage in previous systems is believed to raise difficulties. Storing in a file located on a particular computer impairs "roving users" since the user can only use or access his stored private key on the particular computer where it was stored.
  • the system is inconvenient or infeasible for users who need or desire the ability to log onto any of a plurality of different computers (e.g., any of a plurality of nodes in a local area network or other network) and still be able to use a public key system-controlled resource. It is further believed that storing private keys in a file on a computer, even if protected by encryption or other measures, represents a security vulnerability of the system. Storage of a private key on a Smartcard is at least theoretically compatible with roving users but in many situations is infeasible because of the cost and administrative overhead involved in equipping a plurality of machines with Smartcard readers and distributing Smartcards to various users.
  • the user submits the public key for certification to a trusted entity such as a certification authority (CA), e.g. via a PKCS #10 request.
  • a trusted entity such as a certification authority (CA)
  • CA certification authority
  • the certificate is then sent back to the user and typically will be publicly available, such as by publication in a directory such as an X.500 or LDAP (Lightweight Directory Access Protocol) directory, both well-know to those of skill in the art.
  • the CA also periodically issues certificate revocation lists (CRL's) 214 as described above.
  • CRL's certificate revocation lists
  • a user wishing to access a resource would retrieve the private key (typically in an automatic fashion) 218.
  • a resource control device will verify, using e.g. the user's public key (certified by the CA) that the user has been properly and correctly identified 222. Because of the long lifetime of certificates in previous systems, the resource control device will then perform a comparison with the CRL in order to determine whether the certificate has been revoked 224. As noted above, the comparison 224 represents an additional step in the process of controlling access. Additionally, there is an administrative cost in producing, distributing, storing and otherwise tracking CRLs, particularly when CRLs are promulgated with sufficient frequency to detect use of even recently-revoked certificates.
  • a certificate generation system as depicted in Fig. 3.
  • a modified kerberos-like system is used.
  • one of the components of the modified kerberos-like system is a key distribution center (KDC) 416 (Fig. 4).
  • KDC key distribution center
  • the key distribution center 416 can be similar to that described in connection with Fig. 1 but modified (e.g. provided with different software) for the procedure described below.
  • Fig. 3 initially (e.g.
  • the KDC 416 will generate a public-private key pair 312.
  • the system will also generate a certificate template (such as an X.509 certificate) 314.
  • the KDC 416 will then use the KDC's private key to sign the template.
  • steps 312, 314, 316 are substantially similar to procedures followed by root certification authorities (but not, typically, by network servers or KDC's) in previous systems.
  • the client administration When a user registers, the client administration will generate a long-lived public-private key pair associated with that particular user and will store 318 the key pair in the KDC 416, associated with an identifier of the user.
  • the system When the user begins a session, such as by logging on to a network, the user will enter a password, causing the client 114 to send 322 an AS-REQ message 118 to the KDC 416, as described previously in connection with Fig. 1.
  • the system in response to the AS-REQ 118, the system will re-certify the user's public key. Specifically, the system will generate and sign an X.509 certificate for the user 324.
  • a CA would generate and publish a certificate once (upon initial issuance) according to the system of Figs. 3 and 4, the system will generate a certificate containing the user's public key multiple times, typically, each time the user logs on to the system resulting, over time, in a sequence of certificates for this user.
  • the certificate is short-lived, i.e., contains an expiration time/date which is significantly less than the one- to two-year (or longer) certificate expiration date in previous public key systems, preferably expiring in less than six months, or preferably less than a month, more preferably less than a week, even more preferably less than 24 hours, and yet more preferably expiring less than 12 and preferably around 8-10 hours after issuance. It is anticipated that the expiration date of such short-lived certificates will vary with the needs of the company or other enterprise implementing such systems, and preferably one or more normal or default lifetimes for certificates can be established, e.g. by a system administrator (following proper authentication).
  • certificate lifetime policies will be set so as to provide certificates with lifetimes sufficiently short that checking against CRL's can be reduced or eliminated without significantly diminishing overall security. Accordingly, each time the system generates (or re-signs) a certificate for this user (i.e. a certificate containing the user's public key) the certificate will have a different expiration time. Typically, a new certificate (based on identical public key) will generate only after the expiration of the previous certificate, although other protocols could also be used. Thus, the result of the present system will typically be issuance of a series or sequence of certificates for any given user (typically on a daily or workday basis) but in which the certificates for this user are not completely identical, i.e.
  • other data may be added to or modified in the series of shortlived certificates for a user.
  • data indicating which resources a given user is authorized to use can be included in the short-lived certificates.
  • authorization information is information indicating one or more user groups with which a user is affiliated, e.g. whose members are authorized to use certain resources.
  • the system will then transmit or deliver 326 the certificate 422 to the client 144.
  • the delivery is made as part of the (modified) AS-REP response, analogous to that described above in connection with Fig. 1.
  • the user can do so, e.g. using the certificate, typically without the need to enter the password again.
  • the short-lived certificate has expired, in order for the user to authenticate to a resource, the user will need to repeat the procedure described above in order to obtain another short-lived certificate, thus typically requiring re-entering the password.
  • the system delivers not only the certificate, but also the private key of the user 328 (i.e. which corresponds to the public key on which the certificate is based), preferably protected by a shared secret such as a session key generated by the kerberos- like system.
  • a shared secret such as a session key generated by the kerberos- like system.
  • the user is able to retrieve the private key for use as described in Fig. 2 (218) but without having to store the private key in a file on the client computer 114 (where, as noted above, it may be relatively vulnerable).
  • central administration of private keys is made feasible, in contrast to previous PK systems, which were typically based on a paradigm of private keys being widely distributed (i.e. individually stored by individual users).
  • a user can use any of a plurality of computers to log onto the system using his or her password, this system supports roving users, but without the requirement for a physical Smartcard.
  • the client computer 114 being in possession of both the private key and the certificate, can access 332 a public key controlled resource 424.
  • a public/private key pair may be used in connection with authenticating to a number of resources.
  • an access control decision can be made based on an authentication process which involves use of a Smartcard, e.g. using a hardware Smartcard 516 in connection with a Smartcard interface 518 such as a PKCS #11 application programming interface 512 (Figs. 5 and 6).
  • the present invention affords an additional opportunity. According to the embodiment generally illustrated in
  • Fig. 5 it is possible to provide a simulated Smartcard/Smartcard interface in place of, or, as illustrated, in addition to, the hardware Smartcard 516 and interface 518. From the perspective of the application 514 (such as, for example, a browser 517) and API 512, there will be no difference between a simulated Smartcard/Smartcard interface 522 and the hardware Smartcard/interface 516, 518.
  • the application 514 such as, for example, a browser 51
  • API 512 there will be no difference between a simulated Smartcard/Smartcard interface 522 and the hardware Smartcard/interface 516, 518.
  • the user's password will be used to authenticate to the KDC 416 and retrieve the private key and a freshly generated X.509 certificate 422. These credentials are then cached locally 524 (or remotely).
  • the credentials may be used to fulfill Smartcard API calls (e.g. C-SIGN, C- VERIFY).
  • Smartcard API calls e.g. C-SIGN, C- VERIFY.
  • the approach of Figs. 5 and 6 permits transparent access to an application 514 via a PKCS #11 API, i.e. using a relatively mature API but without the cost and administrative overhead associated with hardware Smartcards.
  • a process for logging in to a simulated smartcard may begin when a client application 514 uses a standard API such as PKCS #11, MS-CAPL CDSA and the like, to initiate log on of user into a smartcard.
  • PKCS #11, MS-CAPL CDSA and the like a standard API
  • the process of the present invention is transparent to the client application 514 in the sense that the messages and/or data sent from and received by the client application during the process will be the same regardless of whether the client application 514 is logging on to the simulated smartcard as depicted in Fig. 7 or logs on to a physical smartcard.
  • the particular interface 512 which is used will typically depend on what client application 514 is performing the login (e.g.
  • the simulated smartcard client 714 (implemented with software typically residing on a client side computer) will authenticate to 716 a security server 718, typically an authentication service such as a Kerberos-like authentication service.
  • a security server 718 typically an authentication service such as a Kerberos-like authentication service.
  • the simulated smartcard client 714 will request a password and/or login name from the user before formulating and sending an authentication request 716.
  • the security server 718 responds by sending 722 authentication credentials to the simulated smartcard client 714.
  • the authentication credentials which are sent 722 may include those described above in connection with the embodiments of the present invention and/or previous systems.
  • the information sent 722 is sufficient to permit the simulated smartcard client 714 to send a message 724 to a simulated smartcard server 726 sufficient to authenticate to the simulated smartcard server.
  • the information 722 sent to the simulated smartcard client 714 will include a ticket (generally as described above) for the smartcard service.
  • the simulated smartcard server 726 returns a (preferably encrypted) smartcard image 728.
  • the "smartcard image” includes at least some information which, in a physical smartcard system, would be stored on or derived from a physical smartcard.
  • the smartcard image is encrypted, for example with a private key.
  • the simulated smartcard client 714 will then decrypt the smartcard image.
  • the decrypted image may contain, e.g., public keys, private keys, symmetric keys, certificates and similar information. Some or all of the information (preferably including especially sensitive information such as a private key) may be encrypted under a password known only to the end user.
  • blocks shown underneath the client application 514 are items which are client side items, i.e. which use or constitute software residing, typically, on a PC or other computer used by an end user, while items on the right side of the figure represent server-side items i.e.
  • a security server 718 and simulated smartcard server 726 are shown as separate blocks, it is also possible to configure a system in which one or more of the components depicted as separate blocks are, in fact on a single server computer, e.g. in which the security server 718 and simulated smartcard server 726 are located on a single server computer. It is possible, in this situation, to combine steps 2, 3 and 4 so that the simulated smartcard client 714 sends an authentication request 716 to the security server/simulated smartcard server which responds by sending a (preferably encrypted) smartcard image 728 back to the simulated smartcard client 714.
  • the smartcard client 714 After receiving the smartcard image, the smartcard client 714 will then check for expired public key certificates on the (decrypted) smartcard image. If an expired certificate is found, the simulated smartcard client 714 will submit a re-certification request 732 to a server-side certification authority 734. Typically certifications returned to the simulated smartcard client 714 will be short-lived certificates generally as described above. The simulated smartcard client 714 will then use the objects on the smartcard image to fulfil cryptographic operations provided by the cryptographic API's 512 responding 736 to the client application 514 in a manner substantially identical to the manner of response that would have been provided had a physical smartcard system been used.
  • FIG. 8A and 8B provide two (of many) possible examples of such further operation.
  • the client application 514 may, e.g., generate or store public key credentials 814 (typically using standard cryptographic API's 512).
  • public key credentials are, in the embodiment of Fig. 8 A, handled in a fashion which is transparent to the client application 514.
  • the simulated smartcard client 714 will send a message 816 to the simulated smartcard server 726 to update the simulated smartcard image on the server side.
  • Fig. 8B provides another example.
  • the client application 514 communicates with a third party certification authority 822, 824 which is neither on a client machine nor a server of the present security system.
  • the client application 514 may contact a third party certification authority to get certified.
  • the present system provides for simulated smartcard storage, in a manner similar to that described above in connection with Fig. 8A, by sending the information 816' prime to the simulated smartcard server 726 for storage.
  • Fig. 9 illustrates use of the system, according to an embodiment of the present invention, for enrolling new users in the simulated smartcard system.
  • an administrator e.g. using an administrator server 912, prepares a certificate template (preferably assisted by software for generating such templates) which is sent for storage 914 on a simulated smartcard server 726 (or a storage device 916 associated therewith).
  • the template specifies at least some of the components of the certificate for use in the system.
  • the template will contain, e.g., the user's distinguished name, the issuer's distinguished name and the like.
  • An initial password is generated for a new user and stored on the security server 718 (or a storage device couple therewith) preferably resetting the password 722 such that after the user preforms an initial log on, the password will be flagged as being in an expired state (thus forcing the user to change the password).
  • the generation of a new public-private key pair for the user could be performed either on the client side computer 714 or on a server (e.g. 912).
  • Client side key generation might be used when it is desired to reduce the computing load on server computers.
  • the passwords discussed above are distributed to the various users. Preferably this is done out-of-band (without transmitting the password over the computer network, such as by providing the password in a personal meeting, over the telephone and the like).
  • the user preferably will be required to change his or her password (as described above).
  • the simulated smartcard client 714 will generate the key pair.
  • the smartcard image is then downloaded to the client, e.g. using a procedure 812 similar to that described above.
  • the keys are then generated and written back to the smartcard image on the server side, e.g. using a procedure 816 similar to that described above in connection with Fig. 8A.
  • the present invention provides a turnkey solution making public key authentication feasible.
  • the present invention employs a symmetric key authentication to enable use of an application which may be protected by an asymmetric key system.
  • the present invention makes it practical to implement client side public key authentication by solving the private key management and certificate revocation problems.
  • the invention provides for public key authentication without the need for (or with reduced need for) CRLs and/or without the need for client-stored or smartcard- stored private keys.
  • the present invention provides for relatively frequent public key recertification (e.g. every work day) without the need for frequent regeneration of new key pairs, which is a computationally expensive operation.
  • the present invention can be implemented using (in modified fashion) certain previous systems or standards such as a modified kerberos and/or PKCS #11, MS-CAPI or CDSA implementations, thereby taking advantage of certain relatively mature or developed systems (or features of such systems) while avoiding certain disadvantages previously considered to be an unavoidable part of such systems.
  • the present invention provides an opportunity to implement central administration of both a public key system and kerberos system to accommodate both types of uses.
  • the present invention provides a single system which can both use or implement a public key system and act as a certification authority.
  • TTP Transmission Protocol
  • kerberos-type system for generating and delivering short-lived certificates
  • other systems could also be used for generating and delivering short-lived certificates. It is possible to provide a system in which different facilities are used for generating and for delivering the certificates. It is possible to provide a system in which delivery of a short-lived certificate is not necessarily accompanied by delivery of a private key or a kerberos ticket.
  • Smartcards or simulated Smartcards can be used in connection with other items, such as electronic mail ("e-mail").
  • e-mail electronic mail
  • KDC KDC
  • other system for generating short-lived certificates it is possible to configure they system to issue moderate- life or (standard) long-lived certificates.
  • certificate and/or private key delivery is described as occurring as part of a kerberos AS-REP message, it is possible to provide for delivery separately from the AS-REP message.
  • the system can be configured to deliver only private key and certificates to the client (i.e.
  • the system may be configured to allow the user to specify whether delivery of both public key credentials and kerberos tickets, and/or both certificate and private key is needed or desired.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Computer And Data Communications (AREA)

Abstract

Cette invention a trait à un système d'authentification à même de mettre en oeuvre de manière effective un système destiné à produire des certificats de courte durée. Un centre de distribution de clés (KDC) (116) produit et mémorise des paires de clés publiques-privées ainsi que des modèles de certificats. L'utilisateur se voit attribuer une paire de clés publiques-privées mémorisées dans le KDC (116). L'utilisateur (114), qui se fait reconnaître par le KDC (par exemple en utilisant un mot de passe, un système Cerbère notamment), amène le système à re-certifier la clé publique par production et signature d'un certificat de courte durée.
EP99904041A 1998-01-09 1999-01-06 Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree Withdrawn EP1042885A1 (fr)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
US85437 1979-10-16
US7108498P 1998-01-09 1998-01-09
US8543798A 1998-05-27 1998-05-27
PCT/US1999/000344 WO1999035783A1 (fr) 1998-01-09 1999-01-06 Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree
US71084P 2008-04-11

Publications (1)

Publication Number Publication Date
EP1042885A1 true EP1042885A1 (fr) 2000-10-11

Family

ID=26751814

Family Applications (1)

Application Number Title Priority Date Filing Date
EP99904041A Withdrawn EP1042885A1 (fr) 1998-01-09 1999-01-06 Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree

Country Status (6)

Country Link
EP (1) EP1042885A1 (fr)
JP (1) JP2002501218A (fr)
KR (1) KR20010033972A (fr)
AU (1) AU2452699A (fr)
CA (1) CA2313328A1 (fr)
WO (1) WO1999035783A1 (fr)

Families Citing this family (51)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6622999B1 (en) 1999-05-25 2003-09-23 Silverbrook Research Pty Ltd Printed media binder
US7461250B1 (en) * 1999-07-22 2008-12-02 Rsa Security, Inc. System and method for certificate exchange
CA2382922C (fr) * 1999-08-31 2011-12-13 American Express Travel Related Services Company, Inc. Procedes et appareil de transactions electroniques
FI19992197A (fi) * 1999-10-12 2001-04-30 Sonera Oyj Varmenteiden jakelu
JP4626001B2 (ja) * 1999-10-19 2011-02-02 ソニー株式会社 暗号化通信システム及び暗号化通信方法
US7340600B1 (en) * 2000-01-14 2008-03-04 Hewlett-Packard Development Company, L.P. Authorization infrastructure based on public key cryptography
US7010683B2 (en) * 2000-01-14 2006-03-07 Howlett-Packard Development Company, L.P. Public key validation service
US6763459B1 (en) * 2000-01-14 2004-07-13 Hewlett-Packard Company, L.P. Lightweight public key infrastructure employing disposable certificates
US7269726B1 (en) 2000-01-14 2007-09-11 Hewlett-Packard Development Company, L.P. Lightweight public key infrastructure employing unsigned certificates
US6802002B1 (en) 2000-01-14 2004-10-05 Hewlett-Packard Development Company, L.P. Method and apparatus for providing field confidentiality in digital certificates
JP2001326632A (ja) * 2000-05-17 2001-11-22 Fujitsu Ltd 分散グループ管理システムおよび方法
KR100441077B1 (ko) * 2000-06-08 2004-07-19 인터내셔널 비지네스 머신즈 코포레이션 독립된 장치들이 단일 토큰 인터페이스로서 함께 동작할수 있도록 해주는 방법 및 그래픽 사용자 인터페이스
DE60122828T2 (de) * 2000-06-09 2007-01-04 Northrop Grumman Corp., Los Angeles Vorrichtung und Verfahren zur Erzeugung eines Unterschriftszertifikats in einer Infrastruktur mit öffentlichen Schlüsseln
FR2810841B1 (fr) * 2000-06-22 2005-07-29 Bull Cp8 Procede pour le traitement et la transmission de donnees numeriques sur un reseau de telephonie mobile, notamment a la norme "gsm", et systeme embarque a puce electronique
US7020773B1 (en) 2000-07-17 2006-03-28 Citrix Systems, Inc. Strong mutual authentication of devices
FI109253B (fi) * 2000-08-22 2002-06-14 Smarttrust Systems Oy Varmennettu identiteettiketju
JP4626033B2 (ja) * 2000-08-31 2011-02-02 ソニー株式会社 公開鍵証明書利用システム、公開鍵証明書利用方法、および情報処理装置、並びにプログラム提供媒体
US6807577B1 (en) 2000-09-14 2004-10-19 International Business Machines Corporation System and method for network log-on by associating legacy profiles with user certificates
US6986040B1 (en) 2000-11-03 2006-01-10 Citrix Systems, Inc. System and method of exploiting the security of a secure communication channel to secure a non-secure communication channel
US20020120842A1 (en) * 2000-11-29 2002-08-29 Helge Bragstad Method, apparatus and computer program product for interoperable cryptographic material
KR20020042083A (ko) * 2000-11-30 2002-06-05 오경수 공개키 기반구조에서 개인키 이동과 로밍서비스를 위한이중암호화 및 송/수신방법
SE0100474D0 (sv) * 2001-02-14 2001-02-14 Ericsson Telefon Ab L M A security architecture
GB2372344A (en) * 2001-02-17 2002-08-21 Hewlett Packard Co System for the anonymous purchase of products or services online
US7100200B2 (en) * 2001-06-13 2006-08-29 Citrix Systems, Inc. Method and apparatus for transmitting authentication credentials of a user across communication sessions
GB2378104A (en) * 2001-07-27 2003-01-29 Hewlett Packard Co Authentification for computer networks using a hybrid protocol and digital certificate
EP1425874B1 (fr) 2001-08-13 2010-04-21 Board Of Trustees Of The Leland Stanford Junior University Systèmes et procédés de cryptage sur la base des identites, et procédures cryptographiques associées
GB2378780B (en) * 2001-08-14 2003-07-09 Elan Digital Systems Ltd Data integrity
JP4969745B2 (ja) * 2001-09-17 2012-07-04 株式会社東芝 公開鍵基盤システム
ES2341314T3 (es) * 2001-11-05 2010-06-18 Nokia Corporation Envio de resultados de analisis de auto-rendimiento y operacional de una estacion movil a una red en respuesta a un mensaje de solicitud cifrado.
EP1500289B1 (fr) 2002-01-16 2009-08-19 Broca Communications Limited Messagerie securisee par l'intermediaire d'un reseau de communications mobile
US20030163693A1 (en) * 2002-02-28 2003-08-28 General Instrument Corporation Detection of duplicate client identities in a communication system
KR100495817B1 (ko) * 2002-12-10 2005-06-16 주식회사 케이티 무선망에서의 사용자 인증 처리 시스템 및 그 방법
DE10259269B4 (de) * 2002-12-17 2013-10-31 Symantec Corporation (n.d.Ges.d. Staates Delaware) Vorrichtung und Verfahren zur individualisierten Ver- und Entschlüsselung sowie Signatur und Signaturprüfung über zentrale Komponenten
US7178724B2 (en) 2003-04-21 2007-02-20 Stmicroelectronics, Inc. Smart card device and method used for transmitting and receiving secure e-mails
JP4712326B2 (ja) * 2003-07-25 2011-06-29 株式会社リコー 通信装置、通信システム、通信方法及びプログラム
JP5348148B2 (ja) * 2003-07-25 2013-11-20 株式会社リコー 通信装置、通信システム、通信方法及びプログラム
JP4611680B2 (ja) * 2003-07-25 2011-01-12 株式会社リコー 通信装置、通信システム、通信方法及びプログラム
US8015399B2 (en) * 2003-09-30 2011-09-06 Ricoh Company, Ltd. Communication apparatus, communication system, certificate transmission method and program
KR101010795B1 (ko) * 2003-11-27 2011-01-25 엘지전자 주식회사 휴대폰의 멀티캐스팅 방법
JP2005333596A (ja) * 2004-05-21 2005-12-02 Toshiba Corp 電子申請システム、電子申請装置
US7685630B2 (en) 2006-05-04 2010-03-23 Citrix Online, Llc Methods and systems for providing scalable authentication
JP5464794B2 (ja) * 2006-07-24 2014-04-09 コニカミノルタ株式会社 ネットワーク管理方法およびネットワーク管理システム
WO2008017913A2 (fr) * 2006-08-07 2008-02-14 Nokia Corporation Connexion d'un premier et d'un deuxième dispositifs
WO2010013699A1 (fr) 2008-07-28 2010-02-04 日本電気株式会社 Système de signature
TWI426762B (zh) 2008-08-04 2014-02-11 Ind Tech Res Inst 網路身分管理方法與系統
JP2011114730A (ja) * 2009-11-27 2011-06-09 Cybertrust Japan Co Ltd メール暗号化送信システム及びプログラム
CN115719224A (zh) 2016-01-25 2023-02-28 创新先进技术有限公司 基于移动终端卡模拟的信用支付方法及装置
CN106997527A (zh) 2016-01-25 2017-08-01 阿里巴巴集团控股有限公司 基于移动终端p2p的信用支付方法及装置
JP6647259B2 (ja) * 2017-09-19 2020-02-14 セコム株式会社 証明書管理装置
WO2019168477A1 (fr) * 2018-03-02 2019-09-06 Nitto Denko Corporation Système et procédé pour sécuriser une communication de données entre des ordinateurs
JP6894469B2 (ja) * 2019-06-11 2021-06-30 株式会社ユビキタスAiコーポレーション 情報処理装置およびその制御プログラム

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5200999A (en) * 1991-09-27 1993-04-06 International Business Machines Corporation Public key cryptosystem key management based on control vectors
EP0566811A1 (fr) * 1992-04-23 1993-10-27 International Business Machines Corporation Méthode et système d'authentification à l'aide d'une carte à puce
US5521966A (en) * 1993-12-14 1996-05-28 At&T Corp. Method and system for mediating transactions that use portable smart cards
US5737419A (en) * 1994-11-09 1998-04-07 Bell Atlantic Network Services, Inc. Computer system for securing communications using split private key asymmetric cryptography
US5655077A (en) * 1994-12-13 1997-08-05 Microsoft Corporation Method and system for authenticating access to heterogeneous computing services
US5687235A (en) * 1995-10-26 1997-11-11 Novell, Inc. Certificate revocation performance optimization
US5774552A (en) * 1995-12-13 1998-06-30 Ncr Corporation Method and apparatus for retrieving X.509 certificates from an X.500 directory

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9935783A1 *

Also Published As

Publication number Publication date
KR20010033972A (ko) 2001-04-25
WO1999035783A1 (fr) 1999-07-15
JP2002501218A (ja) 2002-01-15
AU2452699A (en) 1999-07-26
CA2313328A1 (fr) 1999-07-15

Similar Documents

Publication Publication Date Title
WO1999035783A1 (fr) Technique et dispositif d'authentification de cle publique cote client avec certificats de courte duree
US9544297B2 (en) Method for secured data processing
US6317829B1 (en) Public key cryptography based security system to facilitate secure roaming of users
US7624269B2 (en) Secure messaging system with derived keys
US8281136B2 (en) Techniques for key distribution for use in encrypted communications
US5687235A (en) Certificate revocation performance optimization
US7395549B1 (en) Method and apparatus for providing a key distribution center without storing long-term server secrets
EP0695985B1 (fr) Certificats d'entrée
US7890767B2 (en) Virtual smart card system and method
EP1500226B1 (fr) Systeme et procede de stockage et recuperation d'un secret cryptographique parmi un ensemble clients agrees d'un reseau
US6826686B1 (en) Method and apparatus for secure password transmission and password changes
US6092201A (en) Method and apparatus for extending secure communication operations via a shared list
US8315393B2 (en) System for on-line and off-line decryption
US8302171B2 (en) System and method for privilege delegation and control
US7698565B1 (en) Crypto-proxy server and method of using the same
US20030115452A1 (en) One time password entry to access multiple network sites
US20020087862A1 (en) Trusted intermediary
US7065642B2 (en) System and method for generation and use of asymmetric crypto-keys each having a public portion and multiple private portions
GB2385955A (en) Key certification using certificate chains
US7412059B1 (en) Public-key encryption system
Zhou et al. An efficient public-key framework
Alagappan et al. SPX Guide
Macdonell MiniCA: A web-based certificate authority

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20000728

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): BE CH DE ES FR GB IT LI

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20020801