US20040177281A1 - VPN enrollment protocol gateway - Google Patents

Abstract

A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway is implemented as a registration authority that operates as an intermediary between routers and a certificate authority, allowing routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol. In accordance with one aspect, the gateway protocol supports various requests from the router, including router enrollment requests, get certificate revocation list request, get certificate requests, get certificate authority certificate requests, and password requests.

Description

RELATED APPLICATIONS
• This is a division of application Ser. No. 09/548,257, filed Apr. 12, 2000, entitled “VPN Enrollment Protocol Gateway”.[0001]
TECHNICAL FIELD
• This invention relates to secure communications, and more particularly to a protocol gateway allowing routers operating in accordance with one protocol to obtain and maintain certificates for a virtual private network (VPN) from a certificate authority operating in accordance with another protocol.[0002]
BACKGROUND OF THE INVENTION
• Computer technology is continually advancing, resulting in continually evolving uses for computers. One such use is communicating with other computers over a network, such as the Internet, to obtain or exchange information, purchase or sell goods or services, etc. One particular type of communication that can be established is referred to as a “virtual private network” or “VPN”. In a VPN, portions of a network (such as the Internet) are used to establish secure communications from one computer to another via multiple different routers in the network. The VPN allows users to use the larger network (e.g., the Internet) to connect to another computer as if they were part of a dedicated secure network.[0003]
• In order to operate as part of a VPN, a router enrolls for a VPN certificate via a certificate authority (CA). This VPN certificate is then provided to other routers that are part of the VPN and is used to authenticate the router and may also be used to securely communicate with the other routers. However, different protocols for enrolling for VPN certificates have arisen, many of which are incompatible with one another. For example, many routers available from Cisco Systems, Inc. of San Jose, Calif. use a proprietary protocol called Simple Certificate Enrollment Protocol (SCEP) for obtaining VPN certificates, while many certificate authorities available from Microsoft Corporation of Redmond, Wash. use an incompatible enrollment protocol based on Public-Key Cryptography Standard (PKCS) #10 and PKCS #7. Thus, a router using SCEP would not be able to enroll for a VPN certificate from a CA using PKCS #10 and PKCS #7.[0004]
• Additionally, many routers and CAs are already manufactured and in use that operate based on such incompatible protocols. Therefore, re-designing such routers or CAs to be compatible with one another would require the replacement of many such pre-existing devices. Thus, it would be beneficial to provide a solution that allows routers and CAs (including pre-existing routers and CAs) operating based on incompatible protocols to communicate with one another for VPN certificate enrollment.[0005]
• The VPN enrollment protocol gateway described below addresses these and other disadvantages.[0006]
SUMMARY OF THE INVENTION
• A virtual private network (VPN) enrollment protocol gateway is described herein. The protocol gateway allows routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol.[0007]
• According to one aspect, the VPN enrollment protocol gateway is implemented as a registration authority that operates as an intermediary between the router and the certificate authority. As a registration authority, the gateway is trusted by the certificate authority. The router communicates with the registration authority as if it were the certificate authority, not realizing that it is communicating with an intermediary.[0008]
• According to another aspect, the protocol gateway receives a router enrollment request from the router. The protocol gateway decrypts the request, adds an alterative subject name to the request, digitally signs the request, and forwards the signed request to the certificate authority. The certificate authority determines whether to trust the source of the request (the protocol gateway), and proceeds to respond with the requested certificate if it verifies that the gateway can be trusted. The gateway receives the requested certificate, encrypts and digitally signs a response including the certificate, and returns the signed and encrypted response to the router.[0009]
• According to another aspect, the certificate authority may not be able to immediately issue a certificate, in which case it issues a pending response. The registration authority maintains a mapping of a router transaction ID (identifier) received from the router and a pending response ID received from the certificate authority. This mapping allows subsequent requests from the router with the same transaction ID (e.g., querying whether the certificate has been issued yet) to be properly matched to a request previously submitted to the certificate authority for which a pending response was issued. The registration authority also maintains a mapping of a hash value of the request received from the router to the pending response for that request. This mapping allows the registration authority to determine when a request is resubmitted by the router (e.g., in the event the router never receives a pending response returned to it by the registration authority).[0010]
• According to another aspect, the protocol gateway receives a get certificate revocation list from the router. The protocol gateway decrypts the request and extracts from the request the certificate serial number of the signing certificate of the request. The protocol gateway then submits a Get Certificate by Serial Number request to the certificate authority, which returns to the protocol gateway the certificate corresponding to the serial number. The protocol gateway extracts a certificate revocation list distribution point from the response, and obtains the certificate revocation list from the distribution point. The protocol gateway then generates a response including the certificate revocation list, encrypts and signs the response, and returns the response to the router.[0011]
• According to another aspect, the protocol gateway receives a get certificate request from the router. The protocol gateway decrypts the request and extracts from the request the certificate serial number of the signing certificate of the request. The protocol gateway then submits a Get Certificate by Serial Number request to the certificate authority, which returns to the protocol gateway the certificate corresponding to the serial number. The protocol gateway then encrypts and signs a response including the certificate, and returns the response to the router.[0012]
• According to another aspect, the protocol gateway receives a get certificate authority certificate request from the router. The protocol gateway generates a response message including the signing certificate of the registration authority as well as the encryption certificate of the registration authority, and returns the response message to the router.[0013]
• According to another aspect, the protocol gateway maintains a record of passwords handed out to a router. A router obtains a password by communicating with the protocol gateway (or another device trusted by the protocol gateway) via an authenticatable mechanism (e.g., SSL (Secure Sockets Layer)). A password is returned to the router, which can then use this password for a request submitted to the protocol gateway. If the password presented by the router is in the router's record, then the request is processed; otherwise, the request is rejected.[0014]
BRIEF DESCRIPTION OF THE DRAWINGS
• The present invention is illustrated by way of example and not limitation in the figures of the accompanying drawings. The same numbers are used throughout the figures to reference like components and/or features.[0015]
• FIG. 1 shows a virtual private network environment with an enrollment protocol gateway in accordance with certain embodiments of the invention.[0016]
• FIG. 2 shows a general example of a computer that can be used in accordance with certain embodiments of the invention.[0017]
• FIG. 3 is a block diagram illustrating a registration authority operating as a protocol gateway between a router and a certificate authority in accordance with certain embodiments of the invention.[0018]
• FIG. 4 shows an exemplary transaction ID table in accordance with certain embodiments of the invention.[0019]
• FIG. 5 shows an exemplary request hash table in accordance with certain embodiments of the invention.[0020]
• FIG. 6 shows an exemplary password table in accordance with certain embodiments of the invention.[0021]
• FIGS. 7[0022]aand7bare a flowchart illustrating an exemplary process for handling a router enrollment request in accordance with certain embodiments of the invention.
• FIG. 8 is a flowchart illustrating an exemplary process for handling pending responses in accordance with certain embodiments of the invention.[0023]
• FIG. 9 is a flowchart illustrating an exemplary process for handling a Get Certificate Revocation List request in accordance with certain embodiments of the invention.[0024]
• FIG. 10 is a flowchart illustrating an exemplary process for handling a Get Certificate request in accordance with certain embodiments of the invention.[0025]
• FIG. 11 is a flowchart illustrating an exemplary process for handling a Get Certificate Authority Certificate request in accordance with certain embodiments of the invention.[0026]
• FIG. 12 is a flowchart illustrating an exemplary process for distributing and verifying passwords in accordance with certain embodiments of the invention.[0027]
DETAILED DESCRIPTION
• The discussion herein assumes that the reader is familiar with cryptography. For a basic introduction of cryptography, the reader is directed to a text written by Bruce Schneier and entitled “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” published by John Wiley & Sons with copyright 1994 (or second edition with copyright 1996).[0028]
• In the discussion below, embodiments of the invention will be described in the general context of computer-executable instructions, such as program modules, being executed by one or more conventional personal computers. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. Moreover, those skilled in the art will appreciate that various embodiments of the invention may be practiced with other computer system configurations, including hand-held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network PCs, minicomputers, mainframe computers, and the like. In a distributed computer environment, program modules may be located in both local and remote memory storage devices.[0029]
• Alternatively, embodiments of the invention can be implemented in hardware or a combination of hardware, software, and/or firmware. For example, all or part of the invention can be implemented in one or more application specific integrated circuits (ASICs).[0030]
• FIG. 1 shows a virtual private network environment with an enrollment protocol gateway in accordance with certain embodiments of the invention. Generally, one or[0031]more client computers102 can communicate with one ormore server computers104 via a public network supporting a conventional virtual private network (VPN)106.Server computers104 can be coupled directly to thenetwork supporting VPN106, or alternatively can be coupled to thenetwork supporting VPN106 via another network, such as local area network (LAN)108.
• [0032]VPN106 includes one ormore routers110,112, and114 through which data is passed betweenclient102 andserver104. Routers110-114 are part of a public network, such as the Internet. Routers that are part of other types of networks may also be included inVPN106, such as routers from a LAN or a private wide-area network.
• Additionally, other networks may be involved in the communication between[0033]client102 andserver104. By way of example,client102 may connect to the publicnetwork supporting VPN106 via a conventional modem and a Public Switched Telephone Network (PSTN), via a conventional cable modem and cable lines, etc.
• Routers[0034]110-114 can communicate with one another, as well asregistration authority118, via any of a wide variety of conventional communications protocols. In one implementation, routers110-114 communicate with one another andregistration authority118 using the Hypertext Transfer Protocol (HTTP).
• Each of the routers[0035]110-114 receives data from one of the other routers110-114 or alternatively from another component (e.g., a public network access provider, such as an Internet Service Provider (ISP);client computer102; etc.). The data is then securely passed on to another of the routers110-114 or other components.
• In order for data to be transmitted among routers[0036]110-114, a certificate-based authentication scheme is employed. In such an authentication scheme, each router110-114 is assigned a unique certificate that it can use to authenticate itself to other routers or other computing devices (e.g., an ISP, a bridge or gateway, etc.). Additionally, these other computing devices may be part ofVPN106 and may similarly be assigned unique certificates that can be used for authentication. Such certificates can also optionally be used to encrypt messages between routers and/or other computing devices in any of a variety of conventional manners. For ease of explanation, routers are described as the devices that are obtaining and maintaining certificates forVPN106. The establishment and operation of a VPN is well-known to those skilled in the art, and thus will not be discussed further except as it pertains to the invention.
• The certificates used by routers[0037]110-114 are assigned by a trusted certificate authority (CA)116. The process of obtaining such a certificate is referred to as “enrollment”. In the illustrated example, routers110-114 use a different enrollment protocol than is used bycertificate authority116. Aregistration authority118 communicates with both routers110-114 andcertificate authority116 and acts as an intermediary for enrollment, translating requests and responses in one protocol to another, as discussed in more detail below.
• FIG. 2 shows a general example of a[0038]computer142 that can be used in accordance with certain embodiments of the invention.Computer142 is shown as an example of a computer that can perform the functions of aclient computer102, aserver computer104, acertificate authority116, or aregistration authority118 of FIG. 1.Computer142 includes one or more processors orprocessing units144, asystem memory146, and abus148 that couples various system components including thesystem memory146 toprocessors144.
• The[0039]bus148 represents one or more of any of several types of bus structures, including a memory bus or memory controller, a peripheral bus, an accelerated graphics port, and a processor or local bus using any of a variety of bus architectures. The system memory includes read only memory (ROM)150 and random access memory (RAM)152. A basic input/output system (BIOS)154, containing the basic routines that help to transfer information between elements withincomputer142, such as during start-up, is stored inROM150.Computer142 further includes ahard disk drive156 for reading from and writing to a hard disk, not shown, connected tobus148 via a hard disk driver interface157 (e.g., a SCSI, ATA, or other type of interface); amagnetic disk drive158 for reading from and writing to a removablemagnetic disk160, connected tobus148 via a magneticdisk drive interface161; and anoptical disk drive162 for reading from or writing to a removableoptical disk164 such as a CD ROM, DVD, or other optical media, connected tobus148 via anoptical drive interface165. The drives and their associated computer-readable media provide nonvolatile storage of computer readable instructions, data structures, program modules and other data forcomputer142. Although the exemplary environment described herein employs a hard disk, a removablemagnetic disk160 and a removableoptical disk164, it11 should be appreciated by those skilled in the art that other types of computer readable media which can store data that is accessible by a computer, such as magnetic cassettes, flash memory cards, digital video disks, random access memories (RAMs) read only memories (ROM), and the like, may also be used in the exemplary operating environment.
• A number of program modules may be stored on the hard disk,[0040]magnetic disk160,optical disk164,ROM150, orRAM152, including anoperating system170, one ormore application programs172,other program modules174, andprogram data176.Operating system170 can be any of a variety of operating systems, such as any of the “Windows” family of operating systems available from Microsoft Corporation of Redmond, Wash. A user may enter commands and information intocomputer142 through input devices such askeyboard178 andpointing device180. Other input devices (not shown) may include a microphone, joystick, game pad, satellite dish, scanner, or the like. These and other input devices are connected to theprocessing unit144 through an interface168 (e.g., a serial port interface) that is coupled to the system bus. Amonitor184 or other type of display device is also connected to thesystem bus148 via an interface, such as avideo adapter186. In addition to the monitor, personal computers typically include other peripheral output devices (not shown) such as speakers and printers.
• [0041]Computer142 can operate in a networked environment using logical connections to one or more remote computers, such as aremote computer188. Theremote computer188 may be another personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative tocomputer142, although only amemory storage device190 has been illustrated in FIG. 2. The logical connections depicted in FIG. 2 include a local area network (LAN)192 and a wide area network (WAN)194. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets, and the Internet. In the described embodiment of the invention,remote computer188 executes an Internet Web browser program such as the “Internet Explorer” Web browser manufactured and distributed by Microsoft Corporation of Redmond, Wash.
• When used in a LAN networking environment,[0042]computer142 is connected to thelocal network192 through a network interface oradapter196. When used in a WAN networking environment,computer142 typically includes amodem198 or other means for establishing communications over thewide area network194, such as the Internet. Themodem198, which may be internal or external, is connected to thesystem bus148 via aserial port interface168. In a networked environment, program modules depicted relative to thepersonal computer142, or portions thereof, may be stored in the remote memory storage device. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
• Generally, the data processors of[0043]computer142 are programmed by means of instructions stored at different times in the various computer-readable storage media of the computer. Programs and operating systems are typically distributed, for example, on floppy disks or CD-ROMs. From there, they are installed or loaded into the secondary memory of a computer. At execution, they are loaded at least partially into the computer's primary electronic memory. The invention described herein includes these and other various types of computer-readable storage media when such media contain instructions or programs for implementing the steps described below in conjunction with a microprocessor or other data processor. The invention also includes the computer itself when programmed according to the methods and techniques described below. Furthermore, certain sub-components of the computer may be programmed to perform the functions and steps described herein. The invention includes such sub-components when they are programmed as described. In addition, the invention described herein includes data structures, described herein, as embodied on various types of memory media.
• For purposes of illustration, programs and other executable program components such as the operating system are illustrated herein as discrete blocks, although it is recognized that such programs and components reside at various times in different storage components of the computer, and are executed by the data processor(s) of the computer.[0044]
• FIG. 3 is a block diagram illustrating an[0045]exemplary registration authority118 operating as a protocol gateway between arouter210 and acertificate authority116.Router210 can be, for example, any of routers110-114 of FIG. 1.Router210 is configured (e.g., during an installation or setup process) with the address ofregistration authority118 rather thanCA116 as the certificate authority. In the illustrated example,router210 has no other knowledge that it is communicating withregistration authority118 rather thancertificate authority116.
• Communication between[0046]registration authority118 and each ofrouter210 andcertificate authority116 can be carried out using any of a wide variety of conventional encryption and/or digital signing techniques. By way of example, using well-known public key cryptography techniques, a device obtains a private11 key/public key pair; the public key is made available to other devices while the private key is kept secret by the device. Another device can encrypt a message intended for this device by using a conventional encryption algorithm and this device's public key. The private key/public key pair and the encryption algorithm are chosen such that it is relatively easy to decrypt the message with the private key, but extremely difficult to decrypt the message without the private key. Similarly, a message can be digitally signed by the device using a conventional encryption algorithm and its private key. The digitally signed message can be decrypted by another device using the public key, allowing the other device to verify that the message came from that device. Alternatively, rather than applying an encryption algorithm to the message itself, the encryption algorithm may be applied to a hash value generated based on the message and a known hash function. Different public key/private key pairs can be used for encryption and digital signatures, or alternatively the same public key/private key pair can be used for both encryption and digital signatures.
• [0047]Registration authority118 operates as an enrollment agent forcertificate authority116, allowing routers such asrouter210 to enroll for a VPN certificate fromcertificate authority116 viaregistration authority118.Registration authority118 obtains, fromcertificate authority116, an enrollment agency signature certificate (e.g., by enrolling for an “Offline IPSec” enrollment agent signature certificate) and an encryption certificate (e.g., by enrolling for an “IPSec Encryption” certificate). In the illustrated examples, these certificates are used byregistration authority118 to digitally sign data sent to both therouter210 and thecertificate authority116, and to encrypt data sent to therouter210.
• [0048]Router210 communicatesrequests212 toregistration authority118 in accordance with the protocol supported byrouter210. In the illustrated example,router210 supports the protocol SCEP. Different types ofrequests212 can be transmitted toregistration authority118. In one implementation,registration authority118 operates as a protocol gateway for the following types of requests: router enrollment, get certificate revocation list (CRL), get certificate, get certificate authority (CA) certificate, and password registration. The specific manner in which each of these requests is handled byregistration authority118 is discussed in more detail below.
• Upon receipt of an[0049]SCEP request212,registration authority118 converts the request into an appropriate format forcertificate authority116. The converted request is then digitally signed byregistration authority118 and the signedrequest214 is transmitted tocertificate authority116.Certificate authority116, receiving a request in its own protocol (using PKCS #7 and PKCS #10), responds to the request and issues aCA response216.Registration authority118 receives theresponse216, converts the response to the appropriate SCEP format forrouter210, and transmits anSCEP response218 torouter210. Alternatively, for somerequests registration authority118 may generate theresponse218 without forwarding a signedrequest214 tocertificate authority116.
• [0050]Registration authority118 includes aprotocol converter220.Protocol converter220 receives messages fromrouter210 and converts them as necessary to the proper protocol forcertificate authority116, and similarly receives messages fromcertificate authority116 and converts them to the proper protocol forrouter210. The manner in whichprotocol converter220 operates is dependent on the particular protocols being used byrouter210 andcertificate authority116.
• In one implementation,[0051]registration authority118 operates in accordance with the Internet X.509 Public Key Infrastructure Certificate and CRL Profile (Network Working Group Request for Comments 2459, January 1999). Alternatively, other implementations may operate in accordance with other standards.
• [0052]Registration authority118 also includes a transaction ID table222, a request hash table224, and a password table226. Tables222-226 are used byregistration authority118 to maintaininformation regarding requests212 andresponses216 in order to conform with the protocols ofrouter210 andcertificate authority116.
• FIG. 4 shows an exemplary transaction ID table in accordance with certain embodiments of the invention. Transaction ID table[0053]222 maintains a mapping ofrouter transaction IDs228 toCA request IDs230. Arouter transaction ID228 is received byregistration authority118 fromrouter210 as part of each router enrollment message. Similarly, whencertificate authority116 returns a pending response toregistration authority118, the pending response includes a CA request ID230 (also referred to as a “token”). Transaction ID table222 allowsregistration authority118 to querycertificate authority116 for the correct certificate in response to subsequent requests fromrouter210 for the certificate the pending response was issued for, as discussed in more detail below.
• Each entry in transaction ID table[0054]222 is removed from table222 after a period of time. In one implementation, each entry in table222 is kept in table222 for one week and then removed. This period of time can optionally be configurable by a user or administrator.
• FIG. 5 shows an exemplary request hash table in accordance with certain embodiments of the invention. Request hash table[0055]224 maintains a mapping of certificateauthority request IDs232 to hash values of therequests234. The hash value of a request is generated using any of a variety of conventional hashing functions, such as MD5 (Message Digest 5). A hash function is a mathematical function that, given input data (e.g., the request) generates a unique output hash value based on the input data. Thus, the hash value uniquely identifies a request but requires less storage space than maintaining all of the request. Alternatively, table224 could maintain the actual request rather than hash values of the request.
• Request hash table[0056]224 allowsregistration authority118 to “remember” router requests. For example, a pending response may be issued byregistration authority118 torouter210, as discussed in more detail below. If a failure or problem occurs during the transmission (e.g., a network failure), then the pending response may not be received byrouter210. Ifrouter210 never receives the response,router210 will re-issue the same request. By maintaining table224,registration authority118 can determine when a received request is a re-issued request, and need not submit another request for another new certificate tocertificate authority116.
• Each entry in request hash table[0057]224 is removed from table224 after a period of time. In one implementation, each entry in table224 is kept in table224 for twenty minutes and then removed. This period of time can optionally be configurable by a user or administrator.
• FIG. 6 shows an exemplary password table in accordance with certain embodiments of the invention. Password table[0058]226 maintainspasswords236 that are issued torouter210 in a secure manner. Such passwords can subsequently be used byrouter210 to obtain a certificate, providing verification of the identity ofrouter210.
• Each password in password table[0059]226 is removed from table226 after a period of time. In one implementation, each password in table226 is kept in table226 for sixty minutes and then removed. This period of time can optionally be configurable by an administrator.
• Returning to FIG. 3, in the illustrated[0060]example registration authority118 is a dynamically linked library (DLL) referred to as the “MSCEP” DLL. Alternatively,registration authority118 may include a DLL referred to as the “MSCEP” DLL.Registration authority118 includes aresponse module238 that generates responses for certain requests fromrouter210 that do not require forwarding tocertificate authority116. The operation ofresponse module238 is discussed in more detail below.
• [0061]Registration authority118 further hosts aweb site240. Alternatively,registration authority118 may have a secure communication link to a server hostingweb site240, thereby allowing data to be securely passed between the server andregistration authority118, orregistration authority118 may be software and/or firmware being executed by a server that also hostsweb site240.Web site240 allows passwords to be securely issued torouter210 and stored in password table226, as discussed in more detail below.
• Router Enrollment Request[0062]
• FIGS. 7[0063]aand7bare a flowchart illustrating an exemplary process for handling a router enrollment request in accordance with certain embodiments of the invention. Acts on the left-hand side of FIGS. 7aand7bare implemented byregistration authority118 of FIG. 3, while acts on the right-hand side are implemented bycertificate authority116. The process of FIGS. 7aand7bmay be performed in software, firmware, hardware, or a combination thereof. FIGS. 7aand7bare described with additional reference to components in FIG. 3.
• To participate in a VPN,[0064]router210 enrolls for a certificate fromcertificate authority116.Router210 enrolls for a certificate by sending, asSCEP request212, a router enrollment message (e.g., a SCEP PKCSReq message) toregistration authority118. The router enrollment message includes a certificate enrollment request in accordance with the Public-Key Cryptography Standards (PKCS) #10 standard. The certificate enrollment request is further encrypted (e.g., using the public key of registration authority118) and then digitally signed byrouter210 in accordance with the Public-Key Cryptography Standards (PKCS) #7 standard. Additional information regarding PKCS #7 and PKCS #10 is available from RSA Data Security, Inc. of Bedford, Mass. It should be noted that, although requests fromrouter210 use PKCS #7 and PKCS #10, certain information needed bycertificate authority116 is not included in the requests.Registration authority118 resolves this problem, adding information when necessary.
• [0065]Registration authority118 receives, as the router enrollment message, this encrypted and digitally signed request (act242). Upon receipt of the enrollment message,registration authority118 verifies the signature of the router enrollment message (act244). If the signature is not verified then the message is ignored (act246). Alternatively, an indication of failure could be returned torouter210.
• If the signature is verified, then[0066]registration authority118 decrypts the router enrollment message (e.g., using the private key of registration authority118) and extracts the certificate enrollment request from the message (act248).Registration authority118 uses the certificate enrollment request to generate a request to the CA for an enrollment certificate in a format expected by certificate authority116 (act250).
• [0067]Router210 needs a certificate with a subject alternative names extension (SubjectAltName). However,router210 does not specifically request the SubjectAltName extension, andcertificate authority116 does not automatically add the extension.Registration authority118 resolves this issue by adding, to the message it transmits tocertificate authority116, the SubjectAltName extension in the request.
• The PKCS #7 message, including both the subject alternative names extension and the certificate enrollment request extracted from the router enrollment message, is digitally signed by registration authority[0068]118 (act252). This signed message is then transmitted tocertificate authority116 as a CA request (act254). Note that the CA request thus includes a PKCS #7 message that is signed byregistration authority118, which in turn includes a certificate enrollment request that is signed byrouter210.
• [0069]Certificate authority116 receives the CA request from registration authority118 (act256) and determines, based on the content of the CA request, whether to issue the requested certificate (act258). The manner in whichcertificate authority116 determines whether to issue the requested certificate can vary. In one implementation,certificate authority116 determines whether to issue a certificate based on whether the certificate of theregistration authority118 can be validated up to a trusted valid root and whether the certificate ofregistration authority118 includes an extended key usage indicating thatregistration authority118 can be a registration authority (and thus operate as an enrollment agent). If both of these conditions are satisfied, then a certificate is issued. Otherwise, the certificate is not issued. Additionally,certificate authority116 may require that the certificate ofregistration authority118 have been issued directly by a certificate authority (that is, no intermediate certificates in the chain from the registration authority certificate to the certificate authority certificate).
• If[0070]certificate authority116 determines it will not issue a certificate, thencertificate authority116 generates a CA response indicating failure (act260). However, ifcertificate authority116 determines it will issue a certificate, thencertificate authority116 generates the requested certificate (act262) and then generates a CA response including the generated certificate (act264).
• The CA response generated by[0071]certificate authority116 has no message content and is referred to as a “degenerated PKCS #7”. The PKCS #7 message, however, allows multiple certificates to be included in a degenerated PKCS #7 message.Certificate authority116 returns the newly generated certificate as part of the degenerated PKCS #7 message. Additionally, the entire certificate chain from the generated certificate up to a root certificate may optionally be included in the degenerated PKCS #7 message.
• [0072]Certificate authority116 then transmits the CA response (indicating either failure or with the generated certificate) to registration authority118 (act266).Registration authority118 receives the CA response (act268) and checks whether the CA response includes a certificate (act270). If no certificate is included, thenregistration authority118 generates an SCEP response message indicating failure (act272). However, if such a certificate is included, thenregistration authority118 extracts the certificate (act274) and generates an SCEP response including the certificate (act276). In the illustrated example,registration authority118 extracts only the certificate generated bycertificate authority116; the additional certificate chain (if included) is not used byregistration authority118. Alternatively, the entire certificate chain could be included ifrouter210 desired (or at least could handle) the chain.
• [0073]Registration authority118 then encrypts the SCEP response (act278) and digitally signs the encrypted response (act280). The encrypted and signed response is then transmitted to router210 (act282), which in turn can verify the signature and decrypt the response to extract the certificate generated bycertificate authority116.
• Pending Response Handling[0074]
• In some situations,[0075]certificate authority116 may not immediately issue a CA response with either a certificate or an indication that no certificate will be issued. For example,certificate authority116 may wait for an administrator to approve the issuing of the certificate. In such situations,certificate authority116 issues a CA pending response fromcertificate authority116.
• FIG. 8 is a flowchart illustrating an exemplary process for handling pending responses in accordance with certain embodiments of the invention. The process of FIG. 8 is implemented by[0076]registration authority118 of FIG. 3, and may be performed in software, firmware, hardware, or a combination thereof. FIG. 8 is described with additional reference to components in FIGS. 3-7b.
• [0077]Registration authority118 receives the CA pending response from certificate authority116 (act302). Upon receipt of the CA pending response,registration authority118 adds entries to its transaction ID table222 (act304) and its request hash table224 (act306).Registration authority118 also generates an encrypted and digitally signed SCEP pending response message (act308) and transmits the encrypted and signed message to router210 (act310).
• Typically, in response to an SCEP pending response message,[0078]router210 will re-issue its request for a certificate (e.g., via a GetCertInitial message).Registration authority118 waits until it receives an additional SCEP request for the certificate from the router210 (act312). Once the additional request is received,registration authority118 accesses transaction ID table222 to determine the appropriate CA request ID (act314).Registration authority118 uses the CA request ID from table222 to generate a CA request for a certificate corresponding to the CA request ID and digitally signs the CA request (act316). The signed CA request is then transmitted to certificate authority116 (act318).
• Upon receiving the CA request,[0079]certificate authority116 may issue another pending response toregistration authority118 or alternatively determine whether to issue the certificate (peract258 of FIG. 7adiscussed above). Upon receipt of a response fromcertificate authority116,registration authority118 determines whether the response is another pending response (act320). If the response is another pending response, theregistration authority118 returns to act308 and generates and encrypted and signed SCEP pending response message. However, if the response is not another pending response, thenregistration authority118 proceeds per acts268-282 of FIG. 7bto return an appropriate response torouter210.
• Use of request hash table[0080]224 further allowsregistration authority118 to gracefully recover in the event the SCEP pending response message is not received byrouter210. Ifrouter210 does not receive the pending response message, then it will resubmit its original request (e.g., an SCEP PKCSReq message). In order to avoid a duplicate request to certificate authority for the certificate,registration authority118 generates the hash value for SCEP PKCSReq messages it receives and compares the hash value to the entries in request hash table224. If the hash value matches an entry, thenregistration authority118 uses the CA request ID from table224 to generate a CA request for a certificate corresponding to the CA request ID (act316), rather than generating a CA request including a certificate enrollment request (act250 of FIG. 7a). Processing then continues as discussed above with reference to FIG. 8.
• Get Certificate Revocation List Request[0081]
• Returning to FIG. 3,[0082]router210 may also send a Get Certificate Revocation List (CRL) request asSCEP request212. The request identifies a serial number or similar identifier of a certificate for which the corresponding CRL should be retrieved. The CRL is a list identifying revoked certificates which is made available by the certificate authority (typically in a public repository). The CRL can be checked to determine whether a particular serial number (typically identified in the CRL by its serial number) has been revoked.Registration authority118 responds to such a request by obtaining the requested CRL and returning it torouter210.
• FIG. 9 is a flowchart illustrating an exemplary process for handling a Get Certificate Revocation List request in accordance with certain embodiments of the invention. The process of FIG. 9 is implemented by[0083]registration authority118 of FIG. 3, and may be performed in software, firmware, hardware, or a combination thereof. FIG. 9 is described with additional reference to components in FIG. 3.
• Initially,[0084]registration authority118 receives the Get CRL request (e.g., an SCEP GetCRL message) from router210 (act330).Registration authority118 decrypts the request (act332), verifies the signature of the decrypted request (act334), and proceeds based on whether the signature is verified (act336). If the signature cannot be successfully verified, then the message is dropped (act338);registration authority118 simply ignores the message. Alternatively,registration authority118 may return an indication torouter210 that the signature could not be verified.
• However, if the signature is successfully verified, then[0085]registration authority118 extracts the certificate serial number from the decrypted request (act340). This serial number can be extracted by obtaining the serial number of the certificate used byrouter210 to sign the Get CRL request.
• [0086]Registration authority118 then uses the extracted serial number to generate a Get Certificate by Serial Number request (act342). The Get Certificate by Serial Number request is then digitally signed and transmitted to certificate authority116 (act344), which in turn accesses its records to identify the certificate corresponding to the given serial number. This certificate is then returned bycertificate authority116 to registration authority118 (act346).
• The certificate returned by[0087]certificate authority116 includes a CRL distribution point, which is an identifier of a location (e.g., a uniform resource locator (URL)) at which the CRL corresponding to the certificate can be obtained. Upon receipt of the certificate,registration authority118 extracts the CRL distribution point from the certificate (act348).Registration authority118 then accesses (e.g., via HTTP) the identified location and retrieves the CRL located there (act350).
• Upon obtaining the CRL,[0088]registration authority118 generates an SCEP response message including the CRL (act352).Registration authority118 then encrypts and digitally signs the SCEP response message including the CRL, and returns the encrypted and signed SCEP response message to router210 (act354).
• Alternatively, the Get CRL request received from router[0089]210 (act330) may include the certificate for which the corresponding CRL is to be obtained. In this situation, the CRL distribution point can be extracted by accessing the included certificate, thereby alleviating the need to access certificate authority116 (acts340-346).
• Get Certificate Request[0090]
• Returning to FIG. 3,[0091]router210 may also send a Get Certificate request asSCEP request212. The request identifies a serial number of a certificate that the router would like returned to it.Router210 may make such a request, for example, in situations where it has kept the serial number of a certificate it needs but has not kept the actual certificate.Registration authority118 responds to such a request by obtaining the requested certificate and returning it torouter210.
• FIG. 10 is a flowchart illustrating an exemplary process for handling a Get Certificate request in accordance with certain embodiments of the invention. The process of FIG. 10 is implemented by[0092]registration authority118 of FIG. 3, and may be performed in software, firmware, hardware, or a combination thereof. FIG. 10 is described with additional reference to components in FIG. 3.
• Initially,[0093]registration authority118 receives the Get Certificate request (e.g., an SCEP GetCert message) from router210 (act362).Registration authority118 decrypts the request (act364), verifies the signature of the decrypted request (act366), and proceeds based on whether the signature is verified (act368). If the signature cannot be successfully verified, then the message is dropped (act370);registration authority118 simply ignores the message. Alternatively,registration authority118 may return an indication torouter210 that the signature could not be verified.
• However, if the signature is successfully verified, then[0094]registration authority118 extracts the certificate serial number from the decrypted request (act372). This serial number can be extracted by obtaining the serial number specified in the request (e.g., as the certificate serial number of the signing certificate of the request).
• [0095]Registration authority118 then uses the extracted serial number to generate a Get Certificate by Serial Number request (act374). The Get Certificate by Serial Number request is then digitally signed and transmitted to certificate authority116 (act376), which in turn accesses its records to identify the certificate corresponding to the given serial number. This certificate is then returned bycertificate authority116 to registration authority118 (act378).
• [0096]Registration authority118 then generates an SCEP response message including the certificate received in act378 (act380).Registration authority118 then encrypts and digitally signs the SCEP response message including the certificate, and returns the encrypted and signed SCEP response message to router210 (act382).
• Get CA Request[0097]
• Returning to FIG. 3,[0098]router210 may also send a Get CA request as SCEP11request212. The request is an HTTP Get call to a URL hosted byregistration authority118. The URL is made available torouter210 during setup or configuration ofrouter210.Registration authority118 responds to such a request by returning the requested certificates torouter210.
• FIG. 11 is a flowchart illustrating an exemplary process for handling a Get Certificate Authority Certificate request in accordance with certain embodiments of the invention. The process of FIG. 11 is implemented by[0099]registration authority118 of FIG. 3, and may be performed in software, firmware, hardware, or a combination thereof. FIG. 11 is described with additional reference to components in FIG. 3.
• Initially, a Get CA request is received by[0100]registration authority118 from router210 (act400). Upon receipt of the request,registration authority118 obtains a DLL name identified by the request (act402). In one implementation, an exemplary Get CA request fromrouter210 is in the following form:
• GET mscep.dll/cgi-bin/pkiclient.exe?operation=GetCACert&message=<Base64 encoded authority issuer identifier>[0101]
• In this implementation,[0102]registration authority118 is implemented as an IIS (Internet Information Server) ISAPI (Internet Server Application Programming Interface) DLL. Upon receipt of such a request, IIS parses the input through to identify the first DLL and attempts to load that DLL if necessary. Thus, the remainder of the request can be ignored byregistration authority118 in determining how to respond to the request.
• [0103]Registration authority118 is the identified DLL, which in the illustrated example is “mscep.dll”, and passes the request to response module238 (act404). In response to being passed the message (either in its entirety, or a part thereof),response module238 generates a degenerated PKCS #7 message including the signing certificate and the encryption certificate of registration authority118 (act406), and returns the degenerated PKCS #7 message to the router (act408). Thus,router210 requests the certificates for the certificate authority, but receives the certificates for the registration authority instead.
• Alternatively,[0104]registration authority118 may include a certificate chain in the message it generates inact408. By way of example, MSCEP DLL328 may send a certificate request tocertificate authority116, which returns the certificate ofcertificate authority116 and a certificate chain that extends up to its root certificate.
• Password Handling[0105]
• Returning to FIG. 3,[0106]router210 may also make use of a password to authenticate itself to certificate authority116 (actuallyregistration authority118, butrouter210 is not aware of this). The password allows registration authority118 (and thuscertificate authority116, which trusts registration authority118) to know that a particular request actually came from the router claiming to have sent it. The password may be used with one or more of the different types ofSCEP requests212 discussed above. By way of example, the password may be used with the router enrollment request.
• FIG. 12 is a flowchart illustrating an exemplary process for distributing and verifying passwords in accordance with certain embodiments of the invention. The process of FIG. 12 is implemented by[0107]registration authority118 of FIG. 3, and may be performed in software, firmware, hardware, or a combination thereof. FIG. 12 is described with additional reference to components in FIG. 3.
• Initially,[0108]registration authority118 receives a request for a password (act430). This request is received via a mechanism that allowsregistration authority118 to authenticate the requestor, such as by use of SSL (Secure Sockets Layer) to authenticate the requestor when accessingweb site240 of FIG. 3. The requestor could be a computer being operated by a router administrator, or alternativelyrouter210. Upon receipt of the request,registration authority118 attempts to authenticate the requester, such as the router administrator, (act432) and proceeds based on whether the authentication is successful (act434). If the requestor cannot be authenticated, then the request for a password is denied (act436). The request may simply be ignored, or alternatively an indication may be returned to the requestor that the request for a password is denied.
• However, if the router is authenticated, then[0109]registration authority118 proceeds to generate a password and add the newly generated password to password table226 (act438). The password can be generated byregistration authority118 in any of a wide variety of conventional manners, such as by generating a random (or pseudo-random) number and/or sequence of letters. The generated number may then be placed into a particular format if needed by eitherrouter210 orcertificate authority116, such as hexadecimal format, binary coded decimal format, etc.
• The password added to password table[0110]226 is removed from table226 after a period of time. In one implementation, each password in table226 is kept in table226 for sixty minutes and then removed. This period of time can optionally be configurable by an administrator.
• [0111]Registration authority118 then returns the newly generated password to requestor (act440). This return of the password is done in a secure manner, such as by use of SSL.
• Eventually, registration authority[0112]1118 receives a request fromrouter210 that includes a password that needs to be verified (act442). Upon receipt of such a request, registration authority1118 determines whether the received password is in password table226 (act444). If the received password is not in password table226, then the request is rejected (act446). The request can simply be ignored, or alternatively a rejection response can be returned to router210 (e.g., informingrouter210 that the password it provided was not valid).
• However, if the password is in password table[0113]226, then the request is processed by registration authority1118 (act448). Registration authority1118 may also optionally remove the password from password table226 (act450), thereby adding an additional level of security by allowing each password to be used only once.
CONCLUSION
• Thus, a VPN enrollment protocol gateway has been described. The protocol gateway is implemented as a registration authority that is trusted by the certificate authority, and operates as an intermediary between the router and the certificate authority. The protocol gateway advantageously allows routers operating in accordance with one protocol to obtain and maintain certificates for a VPN from a certificate authority operating in accordance with another protocol.[0114]
• Although the description above uses language that is specific to structural features and/or methodological acts, it is to be understood that the invention defined in the appended claims is not limited to the specific features or acts described. Rather, the specific features and acts are disclosed as exemplary forms of implementing the invention.[0115]

Claims (20)

1. A method comprising:

receiving a request, from a requester, for a password to be used by a device when communicating with a registration authority;

authenticating the requestor;

generating the password;

adding the password to a password table; and

returning the password to the requestor for use by the device.

2. A method as recited inclaim 1, wherein the device comprises a router.

3. A method as recited inclaim 1, wherein generating the password comprises generating a random number as the password.

4. A method as recited inclaim 1, wherein receiving, authenticating, and returning include using Secure Sockets Layer (SSL) to maintain secure communication with the device.

5. A method as recited inclaim 1, further comprising keeping the password active for a selected amount of time.

6. A method as recited inclaim 5, wherein keeping the password active for a selected amount of time comprises marking the password as invalid after the selected amount of time.

7. A method as recited inclaim 5, wherein keeping the password active for a selected amount of time comprises removing the password from the password table after the selected amount of time.

8. A method as recited inclaim 1, further comprising:

receiving a request from the device, the request including a request password;

checking whether the request password is included in the password table; and

processing the request if the request password is included in the password table, otherwise rejecting the request.

9. A method as recited inclaim 8, further comprising removing, if the request password is included in the password table, the request password from the password table.

10. One or more computer-readable media having stored thereon a plurality of instructions that, when executed by one or more processors, causes the one or more processors to perform acts comprising:

receiving a request, from a requester, for a password to be used by a device when communicating with a registration authority;

authenticating the requestor;

generating the password;

adding the password to a password table; and

returning the password to the requestor for use by the device.

11. One or more computer-readable media as recited inclaim 10, wherein the device comprises a router.

12. One or more computer-readable media as recited inclaim 10, wherein generating the password comprises generating a random number as the password.

13. One or more computer-readable media as recited inclaim 10, wherein receiving, authenticating, and returning include using Secure Sockets Layer (SSL) to maintain secure communication with the device.

14. One or more computer-readable media as recited inclaim 10, wherein the plurality of instructions further cause the one or more processors to perform acts comprising keeping the password active for a selected amount of time.

15. One or more computer-readable media as recited inclaim 14, wherein keeping the password active for a selected amount of time comprises marking the password as invalid after the selected amount of time.

16. One or more computer-readable media as recited inclaim 14, wherein keeping the password active for a selected amount of time comprises removing the password from the password table after the selected amount of time.

17. One or more computer-readable media as recited inclaim 10, wherein the plurality of instructions further cause the one or more processors to perform acts comprising:

receiving a request from the device, the request including a request password;

checking whether the request password is included in the password table; and

processing the request if the request password is included in the password table, otherwise rejecting the request.

18. One or more computer-readable media as recited inclaim 17, wherein the plurality of instructions further cause the one or more processors to perform acts comprising removing, if the request password is included in the password table, the request password from the password table.

19. A system comprising:

means for receiving a request, from a requester, for a password to be used by a device when communicating with a registration authority;

means for authenticating the requestor;

means for generating the password;

means for adding the password to a password table; and

means for returning the password to the requestor for use by the device.

20. A system as recited inclaim 19, wherein the device comprises a router.

Images