This invention relates to the field of secure communications, and in particular to a method of establishing communication in a digital communications network comprising a hierarchical arrangement of digital certificate servers.
In asymmetric encryption technology, each user generates a pair of keys known as a public key and a private key. The public key is widely disseminated and used by others to encrypt communications intended for the owner of the pubic key. Once the message has been encrypted with the public key, it can only be decrypted with the corresponding private key. This is the basis of public key encryption.
The problem with this technology is that the sender needs to have a way of guaranteeing that the public key used for encryption does indeed belong to the recipient. Otherwise, the sender could unintentionally encrypt a message that could only be decrypted by some mischievous third party. A way was therefore needed for users to be able to have a high degree of assurance that the owner of a public key was indeed the intended recipient.
Digital certificates were invented to solve this problem. A recognized certificate authority issues a certificate binding the public key of a subscriber to his real world identity. The certificate is digitally signed by the recognized issuing authority. A message is digitally signed in effect by encrypting it with a private key. The message can then only be decrypted with the corresponding public key, and provided the user has a high degree of trust in the certifying authority, he will then have assurance that the public key contained in the certificate does indeed belong to the user to whom it is bound.
Digital certificates generally follow the X.509 standard, developed by the International Standards Organization (ISO) and the Comité Consultatif Internatinale Telegraphique et Telephonique (CCITT). These certificates create a binding between an entity's public key and its real world identity. Real world identities are values that have meaning to general applications that use certificates and include identifiers such as email addresses, first and last names, social insurance numbers, telephone numbers, URL's, or IP addresses. In X.509 certificates, only the identity of the issuer of the certificate and the holder of the certificate are included in the certificate body.
In order to allow a distributed arrangement of certifying authorities, they are arranged in a hierarchical fashion. Referring to FIG. 1, a root authority 1 certifies subordinate authorities 2, 3, 4 and so on in a chain down to an end user 5. However, the identities of the issuer's certificate issuer 3 and other higher level entities 1, 2 are not mentioned and must be gathered independently to reconstruct the certificate chain.
Also, certificates containing real world identities for both the certificate holder and the certificate issuer and are published in public directories. While application servers may want their real world identities known to many, application users may want some degree of anonymity or pseudonymity that a real world identity cannot provide.