It is known to provide a variety of services that are delivered remotely to a customer. These services range from point solutions delivering specific service to more complex remote service instantiations supporting multiple services. These services have a number of things in common: they are generally a good idea; they provide a valuable service to a set of customers; and, they are generally isolated from one another.
Communication over secure communication channels between the customer and the remote resources can be established using digital certificates. That is, digital certificates are widely used over communication networks and in the field of electronic commerce for document and identity authentication purposes. In general, such digital certificates are used to certify the identity of an entity (e.g., a customer). For instance, the customer can present an associated digital certificate to a resource providing remotely delivered services for identification to establish a secure communication channel between the customer and the resource.
Typically, the digital certificate is stored in a location on the local network associated with the customer. In this case, the digital certificate is exposed within the local network. As such, any person or entity with access to the local network also has access to the digital certificate. This presents a potential security breach. Any unauthorized person or entity having control of the digital certificate could perform unauthorized transactions on the part of the customer. As such, it is desirable to find a solution for storing a digital certificate that does not expose the digital certificate within the local network.
Moreover, the digital certificate authenticates the customer to the remote resource that provides services. If the digital certificate has been compromised and revoked, the customer may not have any channel to communicate with the remote resource. That is, since the digital certificate is compromised, the remote resource is unable to determine if the holder of the digital certificate is the true customer or someone posing as the customer. In this case, the customer does not have a way of identifying himself to the remote resource in order to obtain another digital certificate from the remote resource. As such, communication between the customer and the remote resource breaks down. As a result, it is desirable to find a solution for generating and transmitting a new digital certificate to a customer that is associated with a compromised digital certificate.