1. Field of the Invention
Embodiments of the present invention generally relate to cryptography, and in particular, to providing shared trust in a public network. More specifically, the present invention relates to a method and apparatus for securely distributing multiple trusts.
2. Description of the Related Art
In communicating, e.g., over the Internet, there will be instances where different users will want to communicate with each other for a variety of reasons. It is not uncommon for these users, however, to employ many different kinds of computers or other like communication devices. More specifically, there are instances where the devices used for communication by the different users vary in type or are associated with differing certificate hierarchies. For example, there are various devices originally deployed in closed and isolated environments that later need to be transferred to a generic, open, and shared network. Those devices that are fielded along with different trust chains and identities need to communicate with each other and with other entities on the Internet in real time. In order to securely communicate with each other, each device needs to be able to verify the identity of the device that it is communicating with. For instance, if digital content is to be transferred, the receiving device would need to obtain a root certificate of the sending device's issuer (i.e., root certificate authority). However, obtaining various root certificates over an expansive network in a secure manner (i.e., acquiring certificates with a high confidence that they are not changed, replaced, modified, etc.) is not without its problems. Namely it is difficult to authenticate the identity of users who are not certified by a common certificate authority.
Thus, there is a need in the art for an effective method and apparatus for securely distributing certificates.