Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-11-06
2001-10-16
Swann, Tod (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S156000, C713S157000, C713S170000, C713S175000, C713S176000, C380S279000, C380S282000
Reexamination Certificate
active
06304974
ABSTRACT:
BACKGROUND
1. Field of the Invention
The present invention relates to authentication and security in networked computer systems. More particularly, the present invention relates to a method and apparatus for managing a set of trusted certificates for authenticating communications to and from entities belonging to an enterprise.
2. Related Art
The advent of computer networks, such as the Internet, and the rise of the World Wide Web have led to an explosion in the development of applications, such as web browsers and web servers, that facilitate rapid dissemination of information. Using the World Wide Web, it is presently possible to instantaneously access information on the weather in Africa or stock prices in Tokyo with only a few clicks of a computer mouse.
As the Internet continues to evolve, it no longer merely functions as a mechanism for dissemination of information; it is also becoming an infrastructure that supports electronic commerce. The Internet is now commonly used to sell items such as books, software, compact discs, and even investment securities. One major challenge in facilitating such transactions is that parties to a transaction require confidence that communications received from other parties originate from parties that can be trusted.
The public key infrastructure (PKI) has been developed to provide some measure of confidence that communications originate from authenticated parties. The public key infrastructure uses mathematically related private key/public key pairs to authenticate communications across a network. In a typical mode of operation, an entity sending a communication signs it with its private key. This enables another entity receiving the communication to use the corresponding public key to verify that the communication has been signed with the private key. Note that private key/public key pairs are designed in such a way that a holder of a public key cannot easily construct the private key from the public key. Hence, the public key can be freely distributed without compromising the private key. The public key is typically propagated to other entities on the network through some verifiable mechanism, such as hand delivery, or through digital signature techniques which are described in the detailed description below.
The public key infrastructure presently relies on certificate authorities (CAs) to establish trust among entities that communicate with each other through the public key infrastructure. A CA typically issues a “certificate” to an entity on the network after first verifying the identity of entity. This certificate typically contains an identifier for the entity along with a public key belonging to the entity. This public key can be used to authenticate that a communication is signed with the private key of the entity, and has hence originated from the entity.
In order to provide some degree of confidence that a particular certificate is valid, the certificate is signed with the private key of the CA so that other entities can use the public key of the CA to verify that the certificate has been signed by the CA. The fact that the certificate has been signed by the CA indicates that the CA has somehow verified that the certificate belongs to a trusted party. The CA verifies this fact by receiving the public key from the party through a trusted communication channel, and optionally by asking additional questions of the party, or by receiving additional indicators that the party can be trusted.
Presently, one of the significant problems with the public key infrastructure is the task of initially establishing trust with various CAs. Web browsers, such as Netscape Navigator produced by Netscape Communications of Mountain View, Calif., presently include a list of trusted certificates from various certificate authorities. However, such lists may include certificates for CAs that are not acceptable to the enterprise because the enterprise may not have confidence in the procedures a particular CA uses to authenticate entities.
One solution to this problem is to make every user in an enterprise independently verify each CA the user wants to use. This verification may involve inquiring about the procedures used by a CA in issuing certificates as well as ensuring that the certificate for the CA actually originated from the CA. This solution is inefficient because it requires a large number of independent verifications. Furthermore, it is unreliable because users may make mistakes in verifying CAs.
Another solution is to use a technique known as “cross certification” in which a root CA verifies a group of other CAs and then signs their certificates. When a user determines that a certificate has been signed by the root CA, the user knows that the corresponding certificate authority has been verified by the root CA.
However, the root CA may belong to another organization outside of the enterprise. For example, VeriSign, Inc. of Mountain View, Calif. presently provides a root CA that is extensively used by other organizations. Unfortunately, the policies that a particular root CA uses in cross-certifying other CAs may not be acceptable to the enterprise.
What is needed is a mechanism that establishes and maintains a list of certificates for trusted CAs for users within an enterprise.
SUMMARY
One embodiment of the present invention provides a system for managing trusted certificates for authenticating communications for clients belonging to an enterprise. The system operates by assembling a list of trusted certificates containing public keys for authenticating communications from users whose public key has been signed by associated private keys. This assembly process may include verifying the authenticity of trusted certificates in the list. Once the list of trusted certificates is assembled, the system constructs a fingerprint for the list. The list is then communicated to a client through a first communication mechanism, and the fingerprint is communicated to the client through a second communication mechanism. Next, the client verifies that the fingerprint received through the second communication mechanism was constructed from the list of trusted certificates received through the first communication mechanism. This establishes a high degree of confidence that the list of trusted certificates is authentic. The client can then confidently use trusted certificates from the list to authenticate subsequent communications.
According to an aspect of the above embodiment, trusted certificates in the list are associated with certificate authorities that issue certificates for entities communicating across the network. Each of these trusted certificates includes a public key and an identity for a certificate authority.
According to another aspect of the above embodiment, the acts of assembling the list and communicating the list to the client are performed by an enterprise administrator that manages the list of trusted certificates for the enterprise. This enterprise administrator may or may not be a certificate authority.
According to another aspect of the above embodiment, the enterprise administrator includes its own certificate along with other trusted certificates in the list, signs the list, and sends the signed list as well as the fingerprint to the user. Once the user verifies the fingerprint and installs the list, subsequent updates to the list do not require further out-of-band verification of the fingerprint because the updated list can be verified using the public key of the enterprise administrator taken from the enterprise administrator's certificate in the previous list.
Thus, the present invention facilitates establishment and maintenance of a list of trusted certificate authorities for an enterprise. This frees the enterprise from relying on a certificate authority outside of the enterprise to cross certify trusted certificate authorities. Furthermore, efficiency is gained by centralizing administration of the list of trusted certificate authorities for the enterprise, instead of requiring users within the enterprise to individually
Callahan Paul E.
Oracle Corporation
Park Vaughan & Fleming LLP
Swann Tod
LandOfFree
Method and apparatus for managing trusted certificates does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and apparatus for managing trusted certificates, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and apparatus for managing trusted certificates will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2561164