1. Field of the Invention
The invention relates generally to the area of communications network security and specifically to the assignment of digital certificates to parties using the communications network.
2. Description of the Related Art
Establishing and maintaining trusted, secure communications between two or more individuals or entities in a public network such as the Internet can be a valuable and/or necessary business tool. Many reputable business entities develop a portion or their entire customer base by sending unsolicited electronic messages over the Internet to potential customers that they have identified by any one of a number of well known techniques. These unsolicited messages may include information concerning a product or service offering and may also include a request for certain customer information, such as their electronic address, contact information or other private and sensitive customer information. Unfortunately, a large number of such electronic solicitations are illicit attempts to gather information from customers. This activity is known as “phishing” and any information gathered by such methods may then be used in activities not approved by the customer. In the event that the potential customer is able to authenticate the source of the unsolicited electronic message, they may be motivated to respond to the solicitation. In this case, the authentication process may be simply looking up the businesses name in a phone book and contacting them to ask some pertinent questions, the process may include contacting associates and asking them to verify the identification of the solicitor or any one or a number of other authentication activities. However, in most cases, unsolicited electronic messages are never accepted or examined by the potential customers and so this form of business development tends to be very inefficient.
One method that is employed to establish a trusted relationship between two parties is to assign a digital certificate (also called a public key certificate) to each of the parties. The digital certificate is a binding between a specific identity and a public key and optionally a private key. An exchange of digital certificates allows the parties to verify the identity of the other and confirm that they have valid public keys to use for secure communication and transactions.
Another method that is employed to establish a trusted relationship between two parties is for a trusted third party to assign a digital certificate to each of the first two parties. The trusted third party can be referred to as a certificate authority (CA). The certificate authority is essentially a well known service that supplies digital certificates upon request to parties whose identification can be verified. Once a party receives the digital certificate from the CA, they can then communicate in a secure manner with others who have received a digital certificate from the same CA. In effect, each party receiving a digital certificate from the same CA can expect that communications received from the other parties are secure and authentic. That is, that the communications are sent by the party identified by the digital certificate. This sort of secure relationship is referred to as third-party trust.
Establishing trusted relationships either directly or by third-party trust is typically suitable for interpersonal communication or for communication among a controlled group of individuals or entities. However, the prior art method employed in establishing a secure relationship between a supplier of goods or services and a base of customers does not scale well when the desired customer base grows into the thousands and when at least a portion of the potential or targeted customers are not interested in the goods or services being offered by the supplier.