In many computer scenarios, a first computer-type entity is in substantive communication with a second computer-type entity to exchange some sort of information. As may be appreciated, each of the first and second entities may be a hardware or software entity, such as a computer program or executable, a computer storage device, a computer data server, or the like. Likewise, the information may be raw data, a file with the raw data therein in some organized fashion, some other resource, or the like.
Especially in the case where the information is of especial value or is to be handled in accordance with pre-defined rules, it may be the case that one of the entities such as the second entity will not enter into such substantive communication with the other of the entities such as the first entity unless the first entity can establish to the satisfaction of the second entity that the second entity should trust the first entity. For example, if a server at a banking institution (the second entity) is providing a security key (the information) to a banking program at a user's computer (the first entity) by which the user can conduct banking transactions at the computer, the server may demand to have some assurance that the banking program can be trusted to employ the security key in a manner amenable to the bank.
That is, the server wants an attestation from either the banking program itself or an attestor on behalf of the banking program that the banking program is to be trusted. Such attestation may for example be based on the banking program being of a certain type, running in a certain environment based on certain variables, and/or the like. Thus, the server in fact provides the security key to the banking program only after such an attestation has been proffered by or on behalf of the banking program and only after such proffered attestation has been authenticated or otherwise reviewed and approved. Of particular importance, the server in authenticating the banking program based on the attestation therefor wishes to ensure that the banking program has not been altered in a way such as for example to misuse the security key, and also wishes to ensure that the banking program is not operating in an environment where the security key can be diverted to or read by a questionable entity such as a thief.
A need exists, then, for a method and mechanism by which a first computer-type entity can provide such an attestation to a second computer-type entity. In particular, a need exists for such a method and mechanism whereby the first entity can make the attestation even if the first entity has no prior knowledge of the second entity and whereby the second entity can receive and rely upon the attestation even if the second entity has no prior knowledge of the first entity.