As the amount of commerce continues to increase over networks, such as the Internet, security becomes a much larger issue. Unfortunately, the protocols underlying the Internet, such as TCP/IP (Transmission Control Protocol/Internet Protocol), were not designed to provide secure data transmission. The Internet was originally designed with the academic and scientific communities in mind, and it was assumed that the users of the network would be working in non-adversarial, cooperative manners. As the Internet began to expand into a public network, usage outside these communities was relatively limited, with most of the new users located in large corporations. These corporations had the computing facilities to protect their user's data with various security procedures, such as firewalls, that did not require security to be built into the Internet itself. In the past several years, however, Internet usage has skyrocketed. Millions of people now use the Internet and the Web on a regular basis. (Hereinafter, the terms “Internet” and “Web” are used synonymously unless otherwise indicated.) These users perform a wide variety of tasks, from exchanging electronic mail messages to searching for information to performing business transactions. These users may be accessing the Internet from home, from their cellular phone, or from a number of other environments where security procedures are not commonly available.
To support the growth of business on the Internet, often referred to as “electronic commerce” or simply “e-commerce,” easily-accessible and inexpensive security procedures had to be developed. A first commonly used security measure involves a Public Key Infrastructure (hereinafter “PKI”). PKI utilizes certificates as a basis for a security infrastructure. Certificates utilize public keys and third party verification entities to allow servers to decode client transmissions and authenticate the client's identity. In operation, a first node in a network can encrypt a message with its own private key. The message can be read by a second node with the first node's public key. A public key can only be used to decrypt messages created by the private key and cannot be used to encrypt messages. Thus, the first node is free to distribute their public key. One way in which public keys are distributed is by including them in certificates. There are a number of standards for certificates including the X0.509 standard, which defines a standard format for certificates. X0.509 is an ITU Recommendation and International Standard that defines a framework for providing authentication. (See “ITU Recommendation X0.509 (1997) Information Technology—Open Systems Interconnection—The Directory: “Authentication Framework”, dated November 1993. This information is also published in International Standard ISDO/IEC 9594-8 (1995).) A certificate format is defined in this standard. Certificates created according to this international standard, in the defined format, are referred to as “X0.509 certificates.”