1. Field of the Invention
The present invention generally relates to computer security. More specifically, the present invention relates to a method and an apparatus that facilitates establishing a secure connection on a communication channel.
2. Related Art
The TLS protocol is widely used to provide security on communication channels. The term “security” in this context refers to the fact that the TLS protocol provides both privacy and authentication. Privacy is provided by encryption of the communication channel, so that eavesdroppers cannot decipher the data that is flowing through the communication channel. Authentication is provided through public key cryptography, which allows a participant in a secured communication to be reasonably sure that they are in fact talking to who they think they are talking to. For example, public key cryptography can be used to ensure that if you think you're giving your credit card number to amazon.com, you in fact are securely communicating with amazon.com and not with an impostor.
Although the TLS protocol, is widely used (for example, every web browser has an implementation of client-side TLS, or at least of TLS's predecessor, SSL), TLS is rather cumbersome to administer for servers. A significant administrative difficulty arises from certificate management. Normally, TLS servers have a certificate which is signed by a Certificate Authority (CA) such as Verisign™. TLS clients, such as web browsers, contain a built-in list of CAs which they trust. Hence, if a TLS server wants to be recognized as trustworthy by such a client, the server must first obtain a digital certificate (such as an X.509 certificate) from one of the widely-known CAs. This process of obtaining a digital certificate from a widely-known CA is not a trivial matter; it takes time, paperwork, and money.
Hence, what is needed is a method and an apparatus for establishing a secure connection without the above-described difficulties involved in managing digital certificates.