Computer networks have emerged as a principal medium for conducting electronic commerce and other types of electronic transactions. However, computer networks provide an environment which is fraught with security breaches that allow computer hackers or rogue programs to compromise the integrity and validity of digital data processing applications including electronic transactions. As a result, electronic transaction protocols and digital certificate technologies have emerged for entity authentication purposes.
For example, electronic commerce transaction protocols utilize message construction methods for encoding the messages. Typically, these methods are transparent to the operating environment and allow encoding of messages to occur uniformly without regard to the type of operating system within a particular computer system. One such method, known as Tag-Length-Value (TLV) encoding, is described in co-pending application Serial No. (1126P), entitled "Efficient Digital Data Encoding in a Data Processing System," filed Sep. 30, 1998, and assigned to the assignee of the present application.
Digital certificates are commonly used in digital data processing applications, including multi-party electronic transactions, as a mechanism for verifying the identity of entities which use them. Entities use their given identities in communicating with each other when participating in electronic transactions, including electronic commerce.
Digital certificate technology commonly uses a hierarchical organization of digital certificates in which a root certificate ranks at the top and other digital certificates rank below it. In this hierarchical organization, each digital certificate is signed by an issuer which ranks above it. The issuers certificate, in turn, is signed by its issuer who ranks above it. This mechanism goes up the chain of hierarchy to the root certificate which is a self-signed certificate. The signing of digital certificates is akin to authorization of the digital certificates. The root certificate is commonly trusted by all entities which use the certificate hierarchy that the root presides over.
Verifying a chain of digital certificates up to the root certificate is known as certificate chain verification. In a conventional digital certificate technology based system the certificate chain verification must be performed every time a digital certificate is received thereby. To verify digital certificates, conventional data processing environments utilizes significant amounts of memory space and consume numerous processor cycles. The more complex the digital certificate hierarchy is, the more resources the certificate chain verification consumes.
Hence, what is needed is a method and system for efficient digital certificate processing which overcomes the above-described deficiencies of conventional data processing systems. Moreover, a method and system is needed for efficient certificate processing which is safeguarded against attack by unauthorized participants and rogue programs. Furthermore, the system and method for efficient digital certificate processing needs to be easily implemented in a cost effective manner. These needs are addresses by the present invention as set forth herein below.