With the ever expanding use of the Internet for a wide variety of economic and personal usages, there is an increasing need for improved and streamlined security techniques. That is, when a user or business conducts a transaction over the Internet by receiving or sending a message, the users and the businesses desire some assurances that the senders and recipients of the message are legitimate and who they purport to be.
For example, an individual may receive an email that purports to be from a friend or business associate when in fact the message may be a harmful virus, which if opened within the email system of the individual may cause significant harm to the individual's computing resources. To alleviate the concern, very profitable businesses have emerged on the Internet that offer services for purposes of authenticating or validating message senders or domains associated with those senders.
These services are often referred to as Certificate Authorities (CA's). A CA supplies a digital certificate for a domain or a sender for a fee. So, if an employee of a business receives an email message from a particular domain, the domain in question can be vouched for as being authenticated by consulting the CA. The CA supplies a certificate that the employee or the World-Wide Web (WWW) browser of the employee can use for subsequent interactions with the domain in question, and if the supplied certificate matches a certificate supplied with an email message, then this is an indication that the email message is legitimate.
One problem with the above-described scenario is that although owners of whole domains (e.g., Novell® owns Novell.com, etc.) often purchase and use domain certificates through a CA for their domains, those same owners do not typically purchase and use individual certificates for every employee or user included within their domains. This is so, because administering individual user-based certificates can be challenging and because the CA will charge for each issued certificate such that the cost can quickly become prohibitive for many enterprises and their users. Thus, generally enterprises will purchase and manage only a few domain-based certificates from a CA and will not attempt to purchase and manage individual certificates for each employee or user of the enterprises' domains.
Therefore, there is a need for techniques that permit the authenticity or trust of authors to be resolved without being required to have a CA-based or third-party based issued certificate for each user of a domain.