There are many forms of credentials. Many entities, such as companies, organizations, associations, or individuals, can claim to have certain credentials without any recourse for someone to verify if the aforementioned credentials are legitimate. Credentialing programs, policies, or arrangements, often have a logo that is permitted for use by authorized entities according to predetermined rules and regulations. These logos are increasingly being abused by being placed on websites in an effort to falsely legitimize an entity that is not authorized to use the logos.
An example of such misuse is the display of a Better Business Bureau (BBB) logo on a website when the website owner is not a member of the “BBB” nor is the website owner authorized to use or display the logo. Another example is a website claiming “ISO 9000” certification when the entity represented is not certified.
Credentials allow an entity to gain the trust of people or potential customers that view their website. Generally, for an entity to gain a specific type of credential, such as, a certification of expertise or an educational degree, time and money is invested. When illegitimate use of a credential happens, the value of the credential is then lessened as public perception of its meaning is diluted due to misuse.
Consider a case where someone has a website claiming that they are a registered patent agent. If a potential customer of the patent agent does not check with the USPTO website to verify the claim, there is a risk of the person's idea being stolen by an unscrupulous imposter patent agent that is not authorized by the appropriate entity. Those being scammed in the example may then have a negative opinion of patent agents and in the future may refrain from seeking out the services of patent agents, therefore legitimate patent agents suffer by losing business.
When encountering a claim by a website on the Internet, such as, being an official reseller of merchandise from Apple® Computers, Inc., the only way to know for sure that the website is a legitimate reseller is to go to the website of Apple Computer, Inc. and then try to find a list of authorized resellers, if such a list even exists. This is a complex and tedious process as not all websites readily make available lists of entities that they've entered into a relationship with or bestowed credentials upon for purposes specific to their business or industry.
Consider the case of someone claiming to be a patent attorney. If someone hires a patent attorney, they would generally need to check multiple sources to verify the claims of various credentials. The USTPO would have to be queried to verify that the attorney is properly registered and authorized. Additionally, the appropriate state bar would have to be queried to verify that the attorney is still in good standing. The problem with this scenario is that one can't necessarily or easily verify that someone really is a lawyer at all, as not all state bars provide mechanisms for researching members and verifying their credentials, and not all persons are knowledgeable about such verifications procedures.
Credentials exist in many forms and in many industries. Doctors have credentials issued by medical establishments so that they may practice medicine. Educational institutions have credentials issued by commissions and various organizations in order to be officially recognized. Corporations have credentials issued by governments so that they may conduct business according to specific laws.
The concept of authenticating identity (that you are who you say you are) in today's virtual Internet-based society is increasingly difficult to substantiate. For example, once an identity has been supposedly authenticated, the entity can then make any claim imaginable. For example, a government issued identification card doesn't establish that a person is really a doctor. Authenticated identity on the Internet suffers the same limitations. A company with an Extended Validation Certificate (EV) certificate may have a robust identity established, but that identity can then make unsubstantiated claims, such as, being medically certified, which may end up being falsely seen as legitimate due to the extended verification SSL certificate.
Current methods for protecting credentials include, among others, legal proceedings when fraud is identified. This is problematic when the infringing entity is in another country. This is very costly and time consuming and only addresses problems or abuse of credentials that have been discovered. A current method for highlighting credentials bestowed on others is currently limited to the credential issuer making credential information available, or, by providing a link to the credentialed entities to put on their websites so that someone may click the link to go to the credential issuer's website for verification. Such embedded links or graphics can be easily spoofed with current technologies, such as, but not limited to, modern implementations of the ECMA-262 specification, commonly known as JavaScript. The current methods of protecting and promoting credentials on the Internet are costly or impractical, especially for small businesses.