1. Field of the Invention
The present invention relates to methods of communication and to composite credentials.
2. Brief Description of the Related Art
In communication across a distributed electronic network such as the internet, particularly (but not exclusively) in a business to business communication, there may be many separate business to business communications required for a single action or transaction.
FIG. 1 of the drawings that follow illustrates such a known communication method and system. In FIG. 1 there is shown a first party 2 in communication with a set 4 of other enterprises comprising a second party 6, third party 8, fourth party 10, fifth party 12 and sixth party 14, respectively some of which are in communication with each other as indicated by the arrows in FIG. 1. Communication between the first party 2 and the set of other enterprises 4 is across the internet (indicated schematically at 16). Communication between the second to sixth parties 6-14, respectively may be across the internet, but could also be across a wide area network (WAN) or local area network (LAN). Typically, each party will be an enterprise such as a business.
If the first party 2 wishes to communicate reliably with the second party 6, for instance to carry out a financial transaction it is necessary for first party 2 to provide a credential 18 to the second party 6.
A credential is a data structure provided to the bearer for a purpose with some acknowledged way to verify the bearers right to use the credential.
In the digital environment a credential will generally be an electronic document which has a defined structure known to all involved parties. Credentials are issued by an authority (sometimes referred to as a trusted source). Typically the credential has additional data (i.e. a digital signature) that “ties” the document content to the issuer.
Typically a credential will comprise information concerning the bearer (perhaps identity details or financial records) and will be digitally signed by a trusted source. Verification is achieved by decryption of the digital signature. Generally a credential performs the functions of authentication and authorization.
The purpose of the credential is to identify the user and/or to validate a transaction between parties, which transaction may be the transfer of information which needs to be validated. However, for the second party 6 to complete the transaction it needs (in this example) to communicate with the third and fourth parties 8, 10 respectively. The third and fourth parties 8, 10 respectively each communicate separately with fifth party 12, which in turn communicates with sixth party 14. Each party 6-14 may require a different credential from first party 2 to validate its part of the transaction. In this example, third party 8 requires a second credential 20 from first party 2 and fifth party 12 requires a third credential 22 from first party 2. Thus, third party 8 and fifth party 12 need to communicate separately with a first party 2 to obtain the second and third credentials 20, 22 respectively. This, therefore, is a multi-layer communication. First party 2 will not necessarily be aware of the need at the beginning of the transaction for the third and fifth parties 8, 12 respectively to be involved so extra validation and credential transfer may be required.
To undertake such a transaction, data continuously has to be sent back and forth between the involved parties. This increases the possibility of an external attack. To minimize the risk of an attack, data has to be protected and verified by each party of a transaction at each step, which reduces the overall performance.
Moreover, such a method of communication requires many separate communications between the parties. Specifically, the first party is involved in several communications which is undesirable.
It is an aim of preferred embodiments of the present invention to improve performance in such communication environments.