1. Field of Invention
The present invention relates to communications, and more particularly, to methods, apparatuses, media, signals and computer program products for facilitating secure communications between a first device and a second device:
2. Description of Related Art
It is often desirable to have secure communications between first and second devices. For example, the devices may include respective desktop, laptop or handheld computers, in communication with each other over a public network such as the Internet. It is frequently desirable to allow these devices to transmit sensitive information securely to one another over the Internet, without significant risk of interception by unauthorized eavesdroppers. In many instances, it is desirable to attempt to arrange secure communication between the first and second devices, even if the first and second devices have never previously communicated with each other before. For example, a patent attorney or other lawyer may wish to communicate sensitive secret client information to a new client over the Internet, but may wish to minimize the risk of unauthorized interception of such information. Or, as a further example, a purchaser may wish to transmit sensitive payment account information such as credit card information to a vendor over the Internet.
Numerous conventional secure communications methods exist. The methods that are most commonly used over the Internet at present (such as SSL) employ an infrastructure based upon asymmetric encryption. In asymmetric encryption, two keys are used: a private key that is kept secret or private, and a public key that is accessible by every computer on the Internet. However, the current asymmetric encryption methods (as do any other secure communications methods) have potential inherent security risks that may be exploitable. Such risks may be partly addressed by symmetrical encryption methods, wherein only a single symmetrical key (referred to herein as a private key) is used, and key distribution schemes are adopted to attempt to securely provide the private key to the parties that wish to communicate.
A number of key distribution schemes have been proposed to attempt to provide two users or clients with a private key for communication therebetween. However, these schemes tend to presume that both of the two clients already have pre-existing relationships with the same trusted intermediary server, and have previously exchanged mutual keys with the server to allow them to establish secure communications with the trusted intermediary server. Such schemes also tend to presume that each of the two users is also aware that both users have pre-existing relationships with the trusted intermediary, and that the trusted intermediary in question is therefore a suitable server to select for execution of the key distribution scheme. In many cases, however, particularly where two users are in communication with each other via a large public wide area network such as the Internet, neither of the two users will have any knowledge of the other's pre-existing relationships with key servers, and indeed, many unsophisticated computer users may not have any knowledge of their own pre-existing relationships with key servers. Thus, even if a trusted intermediary with pre-existing relationships with both users exists, the users may not be aware of this fact and may not know to select the trusted intermediary for this purpose. In addition, in many cases the group of key servers with which one user has pre-existing relationships will not include any of the key servers with which the other user has pre-existing relationships, with the result that a trusted intermediary is not available to participate in the key distribution scheme. These problems would tend to arise unless mutual keys had been pre-established at both a client-server level and a server-server level over all domains, which would not be practical for a large network such as the Internet that includes a very large number of domains.
Accordingly, there is a need for an improved secure communications method.