The present invention is related to digital certificates, and more particularly to deployment and payment of digital certificates.
In recent years e-commerce has become an important way of conducting business. However, there are still concerns among many internet users regarding how secure transactions conducted over the internet really are. One concern that users have is whether the website conducting business is a legitimate website. If a user conducts business on a website that is not legitimate, the user could easily end up being a victim of fraud, monetary theft, identity theft etc. In order for e-commerce to remain a viable alternative to traditional ways of conducting business, online transactions and connections need to be secure.
Digital certificates are used to help ensure the security of online transactions by providing a means for authenticating the identity of websites. Since websites having a digital certificate have been authenticated by a third party certification authority (CA), such as VeriSign®, a user visiting the website utilizing a digital certificate knows the website has undergone a rigid vetting process. X.509 certificates, also referred to as digital certificates, are used to authenticate websites.
Digital (X.509) certificates are defined by the Telecommunication Standardization Sector (ITU-T) of the International Telecommunication Union (ITU) as part of the Directory (X.500) series. Currently, digital certificates are issued to a subscriber (the subscriber is the owner of the website) after the subscriber requests the certificate, pays for the certificate and undergoes an authentication and verification process.
The issued digital certificates, as described by RFC 5280 (http://www.ietf.org/rfc/rfc5280.txt), contains the date at which the certificate becomes valid, and a later date at which the certificate expires. For example, a subscriber requesting an SSL certificate, from a CA, will pay the full amount up front and receive a digital certificate whose validity start date is set to the date on which the digital certificate was issued. The validity end date will typically be one, two, or three years after the validity start date.
Near the end of the validity period, the CA will notify the subscriber to renew the digital certificate, which involves the repetition of many of the same actions executed when the digital certificate was originally purchased. These actions include creating a Certificate Signing Request (CSR), submitting the CSR to the CA, giving the CA information about the technical, corporate, and billing contacts to be associated with the certificate, indicating what vendor's web server software will be used, sending payment information to the CA, waiting for the CA to authenticate and validate all the information presented to it, receiving the newly issued certificate, installing the digital certificate, and restarting the software to cause it to recognize the new digital certificate.
These actions, which are repeated every time a digital certificate is renewed, are strongly dependent on the end of the validity period because they all occur at the same time when the digital certificate renewal process occurs. FIG. 1 is a simplified time line showing an existing life cycle of a digital certificate from issuance to revocation.
FIG. 1 shows the life cycle of a digital certificate, which is valid for one year, starting from when the digital certificate is requested, issued and installed. The digital certificate is issued by the CA after an authentication and verification process and after payment is received by the CA. Before the end of the one-year validity period (for example 90 days before), a renewal process occurs that is identical to the process used in the previous year to issue the certificate. Similarly, before the end of the second one-year validity period (for example 90 days before), a second renewal process occurs that is again identical to the previous two renewal processes. Each time the digital certificate is renewed the same steps, which are time consuming, are repeated. The actions are repeated because all of the actions are dependent on the certificate's one-year validity period. The CA does not issue a long-lived certificate, which would allow the CA to skip the repeat of the authentication and verification processes, which are performed during the renewal process at each renewal. It is these processes that are performed during the renewal process which provides the user visiting the site the assurance the CA has done its job of authenticating and verifying the organization owning the site. These assurances allow users to trust the CA and therefore trust the information in the certificate signed by the CA.
Therefore, what is needed is a system and method for deploying, paying and renewing digital certificates that is easier and less time consuming than existing systems and methods while still enforcing the rigid authentication and verification processes necessary for issuing certificates.