The explosive growth of the World Wide Web ("web") significantly increased the number of organizations using the Internet for business purposes. Unfortunately with this growth, the potential for theft of data, programs, and other electronic information significantly increased. Currently, users desiring secure communication use traditional userid/password logon processes and access secure web servers over an encrypted link.
Some web browsers provide a secured link by utilizing a security protocol, such as the Secure Sockets Layer ("SSL") developed by Netscape Communication Corporation in Mountain View, Calif. With version 3 of this protocol, a user ("client") identifies itself using a form of strong authentication, for example a public key. The server processes requests for information only after successful authentication. Then the server grants access to specific resources, invokes server extensions, or invokes other applications. However, these safe guards fail to provide enough security. In particular, secure web servers generally assume that the server administrators, application developers, and computer operators can all be trusted. Additional safeguards are needed to reduce the possibility of an attack either due to fraudulent or mis-use of confidential information or by forgoing or altering a transaction.
Therefore, an improved level of security and trust is needed for organizations to take advantage of distributed information networks in conducting business electronically, particularly in processing sensitive customer information over the Internet or when processing transactions of significant financial or other fiduciary value.