Unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
A variety of authentication mechanisms are available that may be used to determine the security state of intelligent devices. For example, authentication mechanisms may utilize symmetric, asymmetric and a combination of symmetric and asymmetric cryptographic mechanisms to authenticate one intelligent device to another over a network. In addition, a third party certificate authority may be used to verify the authenticity of the parties involved in secure communications with one another.
The certificate authority is generally responsible for generating digital certificates which provide a chain of trust which can ultimately be used to verify the authenticity of the parties. In addition, the use of a certificate authority may also be used to prevent unintended eavesdropping of confidential conversations between the parties.
However, without a certificate authority, an attacker may be able to surreptitiously insert him or herself between two parties in communications over a communications network even when the parties have attempted to use security measures for the communications. Attacks of this nature are commonly known as man-in-the-middle attacks. A successful man-in-the-middle allows the attacker to read, insert and modify at will, messages between two parties without either party knowing that their communications link has been compromised. Man-in-the-middle attacks become even more difficult to defend against when anonymous key agreement transactions are used without the ability to verify the parties involved in the communications.