Patent Grant
8393001
The present invention relates to securing software and data, and more particularly to securing software and data utilizing signatures.
Public key encryption is based on encryption algorithms that have two keys. A first key is used for encryption, and a second key is used for decryption. In such systems, there is a known algorithm that computes the second key given the first. However, without full knowledge of all the parameters, one cannot compute the first key given the second key. The first key is referred to as the “private key”, and the second key is referred to as the “public key”. In practice, either the private key or the public key may be used to encrypt data and/or software, with the other key used to decrypt it. In general, the private key must be kept private, but the public key may be provided to anyone. A variety of public key cryptographic schemes have been developed for the protection of data and/or software communicated over networks via messages.
Public key systems are used for not only encrypting messages, but also effectively “signing” messages, allowing the received party to authenticate the sender of the message. One can also use such public key systems to seal or render tamper-proof a message. In such event, the sender computes a message digest from the data and/or software using specially designed cryptographically strong digests designed for this purpose. The sender then uses the private key to encrypt the message digest, wherein this encrypted message digest is called a digital “signature”. The sender then packages the data and/or software, the message digest, and the public key together. The receiver may check for tampering by computing the message digest again, then decrypting the received message digest with the public key. If the recomputed and decrypted message digests are identical, there was no tampering of the data.
In the prior art, software such as pretty good privacy (PGP) software is often used to generate the aforementioned signature. Typically, this software must have direct access to a private key to create the signature. For example, a command such as “C:>pgp −ks data. file” is often used to accomplish this.
Unfortunately, the fact that such PGP software must have read access to the file system where the private key is stored means that the user running the PGP software must also have access to such data. In a typical working environment, multiple users may be alternating in the job of creating signatures. Unfortunately, this exposes the private key to theft.
The seriousness of such theft is exemplified in a situation involving wireless computers that are equipped with a public key “burned” in memory. In such a case, the security of the entire system may be compromised upon the theft of the private key, since there is no way of changing the public key in the wireless computers.
There is thus a need for a system of securely generating signatures without the risks associated with private key theft, especially in environments where the public key can not be changed in response to a compromise of the private key.
A system, method and computer program product are provided for securely generating signatures. Initially received is a request to generate a signature at a secure server. Then, the signature is automatically generated at the secure server utilizing a private key stored at the secure server. The signature is then transmitted from the secure server. Such signature is capable of being used to verify an authenticity of an update (i.e. data, software, etc.) for a computer utilizing a public key.
In one embodiment, the request may include authentication information. Still yet, the secure server may authenticate the request utilizing the authentication information. At any point, it may be determined at the secure server whether the authentication information has been compromised. If it is determined that the authentication information has been compromised, the authentication information may be invalidated.
In another embodiment, various logging may be carried out at the secure server. For example, the authentication information may be logged at the secure server. Moreover, the request may be logged at the secure server. Still yet, any connection with the secure server and/or related information may be logged at the secure server.
As an option, the update may include data and/or software. In one particular embodiment, the computer may be equipped with anti-virus software. In such embodiment, the update may include virus signatures for use in conjunction with the anti-virus software.
In still another embodiment, the update may be encrypted at the secure server utilizing the private key. Such update is decrypted at the computer utilizing the public key.
In still yet another embodiment, the signature may be transmitted from the secure server to the computer. Optionally, the computer may include a wireless computer. As a further option, the computer may include a client computer which, in turn, transmits the signature to a wireless computer.
From the perspective of a computer receiving updates, a technique for securely generating signatures is as follows. Initially, a request to generate a signature is sent to a secure server capable of automatically generating the signature at the secure server utilizing a private key stored at the secure server. The signature is then received from the secure server. An authenticity of an update may then be verified utilizing a public key.
As an option, a system, method and computer program product may be provided for securely encrypting an update (i.e. software and/or data). Initially, a request to encrypt the update is received. Such update is then automatically encrypted at the secure server utilizing a private key stored at the secure server. The encrypted update may then be transmitted from the secure server. In use, the update is capable of being decrypted at a computer utilizing a public key.
These and other advantages of the various embodiments will become apparent upon reading the following detailed description and studying the various figures of the drawings.
The foregoing and other aspects and advantages are better understood from the following detailed description of the various embodiments with reference to the drawings.
Coupled to the networks 102 are data server computers 104 which are capable of communicating over the networks 102. For reasons that will soon become apparent, at least one of the data server computers 104 may include a secure server. In the context of the present description, such secure server may be equipped with a private key, and operate in a manner that effectively prevents theft of the private key.
Also coupled to the networks 102 and the data server computers 104 is a plurality of client computers 106 which may include wireless computers 110. In the context of the present description, such wireless computers 110 may include any device (i.e. personal digital assistant (PDA), palm computer, digital phone, etc.) that is capable of communicating over the networks 102 in a wireless fashion.
In order to facilitate communication among the networks 102, at least one gateway 108 is coupled therebetween. It should be noted that each of the foregoing network devices as well as any other unillustrated devices may be interconnected by way of a plurality of network segments.
In the context of one embodiment, the client computers 106 and/or wireless computers 110 may be equipped with software that may require updating. Such updating may include data and/or software components for being processed and/or executed, respectively, utilizing the associated computer.
To avoid a situation where a third party attempts to update one of the computers with unauthorized/tampered software and/or data, each of the computers is equipped with a public key. In the case of the wireless computer 110, the public key may be stored in a non-rewriteable read only memory (ROM).
In use, the present network architecture 100 may authenticate the updates to the computers. This may be accomplished utilizing a signature generated using the private key and authenticated using the public key. Moreover, the signature may be generated in a secure manner that avoids the theft of the private key and comprise of the security of the updating process as a whole.
Specifically, this may be accomplished by securely generating signatures utilizing the secure server. Initially, a request is received to generate a signature at a secure server. The signature is then automatically generated at the secure server. The signature is subsequently transmitted from the secure server to a computer. Such signature is then capable of being used to verify the authenticity of an update for the computer. More information regarding various optional aspects of the present embodiment will be set forth hereinafter in greater detail.
The workstation shown in
The workstation may have resident thereon an operating system such as the Microsoft Windows NT or Windows/95 Operating System (OS), the IBM OS/2 operating system, the MAC OS, or UNIX operating system. It will be appreciated that a preferred embodiment may also be implemented on platforms and operating systems other than those mentioned. A preferred embodiment may be written using JAVA, C, and/or C++ language, or other programming languages, along with an object oriented programming methodology. Object oriented programming (OOP) has become increasingly used to develop complex applications.
Included is a client computer 302 equipped with updates capable of being distributed to a plurality of wireless computers 306. Again, such updates may include data and/or software components for being processed and/or executed, respectively, utilizing the associated wireless computer 306. While a wireless computer 306 is shown in the present example to be in receipt of such updates, it should be noted that any type of computer may be equipped to receive the updates.
For reasons that will soon become apparent, the wireless computer 306 is further equipped with a public key that may be included in associated ROM. As an option, the client computer 302 may include a plurality of operator modules for governing the distribution of the updates.
In one exemplary embodiment, the software to be updated on the wireless computer 306 may include anti-virus software, and the updating may involve equipping the anti-virus software with updated virus signatures representative of any new virus threats. Of course, however, the software may involve any process that may be updated. Just by way of example, software updates in the form of newer versions, or mere data updates may fall within the scope of the present embodiment.
So that the authenticity of the updates may be verified during distribution between the client computer 302 and the wireless computers 306, the client computer 302 is coupled to a secure server 304 equipped with a securely stored, inaccessible private key. Unlike the prior art, such private key is stored in a manner that effectively prevents theft.
In particular, the client computer 302 logs into the secure server 304 after which an update (i.e. software, data, etc.) is sent thereto for being encrypted and “signed.” See 307. This is accomplished by the secure server 304 automatically generating a signature and/or encrypting the update utilizing the private key. Since the private key at the secure server 304 is inaccessible to the client computer 302, and the signature generation process is automated and situated inside the secure server 304; there is a reduced chance that the private key will be compromised.
By this design, the encrypted update and signature 308 may then be transmitted to the client computer 302 for distribution to the wireless computer 306. To this end, the encrypted update and signature 308 may be authenticated and decrypted at the wireless computer 306 utilizing the public key with increased security.
It should be understood that the present embodiment is set forth for illustrative purposes only, and various modifications may be made. For example, either the client computer 302 or the wireless computers 306 (not necessarily wireless) may be excluded, combined, etc. per the desires of the user.
In decision 401, any connection between a computer and a secure server is initially identified. In the context of the embodiment of
Once the connection is identified in decision 401, log-in information is received in the form of a request to generate a signature along with authentication information. Note operation 402. Such authentication information may optionally take the form of a user name and/or password. Using this authentication information, the secure server then authenticates the computer. Note decision 403.
Various information may be logged during the present method 400. For example, the connection, request, and/or authentication information may be logged in operation 404. By tracking usage of the secure server via the logging, enhanced security options may be provided. For example, specific security actions may be documented and alleged perpetrators may be contacted, blocked, etc.
In operation 405, an update (i.e. software and/or data) is then received from the computer at the secure server. It is then determined whether the update is to be encrypted and/or signed in decisions 406 and 410, respectively. As an option, such decisions 406 and 410 may be based on instructions included with the log-in information. In accordance with such decisions 406 and 410, the update is then encrypted and/or signed in operations 408 and 412, respectively.
The encrypted update and the signature are then transmitted from the secure server to the computer. See operation 414. For additional security, it may be determined at the secure server whether the authentication information has been compromised. Note decision 416. Such authentication information may then be invalidated if it is determined that the authentication information has been compromised. Note operation 418. In one embodiment, the authentication information may be simply removed from an authorized list on the secure server.
To enhance the aforementioned authentication operation of operation 403, the secure server may be adapted to provide a random binary sequence upon the connection being established per decision 401. The accessing computer may then combine such random binary sequence with the authentication information in the form of a hash. This way, the chances of the authentication information being compromised is reduced. As an option, a “sigcln” program may be used to communicate with the secure server by using a custom protocol built on top of TCP/IP while avoiding private key exchange.
When the accessing computer connects to the secure server, it may receive a welcome string (i.e. “+OK<random-string>Secure Signature Server Welcome”, where the random-string is a string randomly generated for each connection. The accessing computer extracts the random-string from the welcome string. The accessing computer then supplies the program with a user name and password that the program may use to perform the secure authentication. Specifically, it may build a string shown in Table 1.
where blank is a space character
Then, the program may create a SHA1 signature of the above string of Table 1 and send to the secure server a login string set forth in Table 2.
where sha1-hex is the hexadecimal conversion of the SHA1 signature created above
The signature server then receives the login string above and extracts the user name that will be used to lookup a local (for the server) password file that stores user name/password couples in the way set forth in Table 3.
where colon is the colon (:) character
If the supplied user name does not exist, the secure server returns an access denied response. If the user name is found, the server extracts the password that will be used to prepare the SHA1-string together with the random-string.
The secure server then computes the SHA1 signature of the SHA1-string and compares the result with the one extracted from the login-string. If there is no match, the secure server returns an access denied response. Otherwise, it returns an access granted response. In both cases, the result is logged inside a secure server log file together with other useful information such as IP address, user name, etc.
By this design, the signature may be distributed with the encrypted data from the computer to a wireless computer equipped a public key for authenticating the signature and decrypting the data.
In any case, the signature is generated while avoiding a user or application associated with the client computer from having direct access to the private key. By using the secure server, the private key may be stored in a manner completely isolated in terms of services running and no user (or limited users) may have access to it.
While various embodiments have been described above, it should be understood that they have been presented by way of example only, and not limitation. For example, any of the network elements may employ any of the desired functionality set forth hereinabove. Thus, the breadth and scope of a preferred embodiment should not be limited by any of the above-described exemplary embodiments, but should be defined only in accordance with the following claims and their equivalents.
| Number | Name | Date | Kind |
|---|---|---|---|
| 5164988 | Matyas et al. | Nov 1992 | A |
| 5534855 | Shockley et al. | Jul 1996 | A |
| 5604801 | Dolan et al. | Feb 1997 | A |
| 5649099 | Theimer et al. | Jul 1997 | A |
| 5677953 | Dolphin | Oct 1997 | A |
| 5724425 | Chang et al. | Mar 1998 | A |
| 5757925 | Faybishenko | May 1998 | A |
| 5872848 | Romney et al. | Feb 1999 | A |
| 5894516 | Brandenburg | Apr 1999 | A |
| 5948104 | Gluck et al. | Sep 1999 | A |
| 5956403 | Lipner et al. | Sep 1999 | A |
| 5982890 | Akatsu | Nov 1999 | A |
| 5991406 | Lipner et al. | Nov 1999 | A |
| 6049671 | Slivka et al. | Apr 2000 | A |
| 6052531 | Waldin et al. | Apr 2000 | A |
| 6085322 | Romney et al. | Jul 2000 | A |
| 6134660 | Boneh et al. | Oct 2000 | A |
| 6138236 | Mirov et al. | Oct 2000 | A |
| 6185678 | Arbaugh et al. | Feb 2001 | B1 |
| 6223291 | Puhl et al. | Apr 2001 | B1 |
| 6249585 | McGrew et al. | Jun 2001 | B1 |
| 6269456 | Hodges et al. | Jul 2001 | B1 |
| 6272632 | Carman et al. | Aug 2001 | B1 |
| 6275941 | Saito et al. | Aug 2001 | B1 |
| 6285991 | Powar | Sep 2001 | B1 |
| 6314190 | Zimmermann | Nov 2001 | B1 |
| 6317829 | Van Oorschot | Nov 2001 | B1 |
| 6336186 | Dyksterhouse et al. | Jan 2002 | B1 |
| 6378069 | Sandler et al. | Apr 2002 | B1 |
| 6442686 | McArdle et al. | Aug 2002 | B1 |
| 6546492 | Walker et al. | Apr 2003 | B1 |
| 6611916 | Cacace-Bailey et al. | Aug 2003 | B1 |
| 6678741 | Northcutt et al. | Jan 2004 | B1 |
| 6799197 | Shetty et al. | Sep 2004 | B1 |
| 6976163 | Hind et al. | Dec 2005 | B1 |
| 7194618 | Suominen | Mar 2007 | B1 |
| 7266845 | Hypponen | Sep 2007 | B2 |
| 7302487 | Ylonen et al. | Nov 2007 | B2 |
| 7500104 | Goland | Mar 2009 | B2 |
| 20010023416 | Hosokawa | Sep 2001 | A1 |
| 20010054087 | Flom et al. | Dec 2001 | A1 |
| 20020046350 | Lordemann et al. | Apr 2002 | A1 |
| 20020078354 | Sandhu et al. | Jun 2002 | A1 |
| 20020112161 | Thomas et al. | Aug 2002 | A1 |
| 20020169953 | Moharram et al. | Nov 2002 | A1 |
| 20020174422 | Kelley et al. | Nov 2002 | A1 |
| 20030028542 | Muttik et al. | Feb 2003 | A1 |
| 20030051236 | Pace et al. | Mar 2003 | A1 |
| 20030065936 | Wray | Apr 2003 | A1 |
| 20030066884 | Reddy et al. | Apr 2003 | A1 |
| 20030074567 | Charbonneau | Apr 2003 | A1 |
| 20030074581 | Hursey et al. | Apr 2003 | A1 |
| 20030217163 | Lagerweij et al. | Nov 2003 | A1 |
| 20040039911 | Oka et al. | Feb 2004 | A1 |
| 20040039916 | Aldis et al. | Feb 2004 | A1 |
| 20040111608 | Oom Temudo de Castro et al. | Jun 2004 | A1 |
| 20040158742 | Srinivasan et al. | Aug 2004 | A1 |
| 20050074126 | Stanko | Apr 2005 | A1 |
| 20090187986 | Ozeki | Jul 2009 | A1 |
| 20090313694 | Mates | Dec 2009 | A1 |
| 20090328186 | Pollutro et al. | Dec 2009 | A1 |
| Number | Date | Country |
|---|---|---|
| 9847260 | Oct 1998 | WO |
| 0109300 | Dec 2001 | WO |
| 0213455 | Feb 2002 | WO |
| Entry |
|---|
| Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone, Handbook of Applied Cryptography, Aug. 2001, CRC Press, 5th Edition, pp. 544-551, 559-561, 581-586. |
| Bruce Schneier, Applied Cryptography, 1996, John Wiley and Sons Inc., 2nd Edition, pp. 34-44. |
