The approaches described in this section could be pursued, but are not necessarily approaches that previously have been conceived or pursued. Therefore, unless otherwise indicated herein, the approaches described in this section are not prior art to the claims in this application and are not admitted to be prior art by inclusion in this section.
When communicating confidential or sensitive information between two devices, such as two computers connected to a network, such information may be encrypted prior to transmission through an insecure carrier so that only those who possess the means to decrypt the encrypted information will be able to understand or use the information.
To this end, Whitfield Diffie and Martin Hellman invented public key cryptography in 1976. Using public key cryptography, an information sender uses an information recipient's public key to encrypt information. The information recipient uses the information recipient's private key to decrypt the encrypted information. A particular private key can only decrypt information that has been encrypted with a corresponding public key. Determining the private key, based on the public key and the encrypted information, is impractical with typical computing resources. The information sender can only use the information recipient's public key to encrypt a message that is to be decrypted by the information recipient. Thus, the information recipient's public key may be viewed as a “cryptographic identity” of the information recipient.
Thus, for two devices to communicate information securely between each other, the two devices initially exchange cryptographic identities. For example, a user of a first device (the “first user”) may call a user of a second device (the “second user”) using the telephone. The first user may speak the first user's cryptographic identity to the second user. If the second user recognizes the first user's voice, or is otherwise able to verify that the cryptographic identity actually did originate from the first user, then the second user is assured that only the first user will be able to decrypt information that the second user encrypts with the cryptographic identity. Without such verification, the second user might unknowingly encrypt messages with a cryptographic identity that purports to be, but is not actually, the cryptographic identity of the first user. Therefore, secure communication depends on such verification.
In this age of electronic commerce, a user might want to introduce two parties so that the two parties can exchange information relating to the user directly and securely. For example, if a bank's device stores the user's bank account, and if a bookstore's device stores the user's purchase orders, then the user might want to introduce the bank and the bookstore so that the bookstore's device can automatically charge the user's bank account without the user's intervention whenever the user submits a purchase order to the bookstore's device. To ensure that such information will not be intercepted by those for whom it was unintended, the user might want to provide the cryptographic identity of the each party to the other party's device.
Typically, each of the two parties will have some way of verifying the user. For example, the two parties' devices may store passwords that only the user can supply. However, if the two parties are being introduced, then the two parties' devices have no established way of verifying each other. While a trust relationship exists between the user and each of the two parties separately, no trust relationship exists between the two parties directly.
Cryptographic identities, such as public keys and symmetric keys, can be long, complex, and difficult to communicate manually or vocally. As a result, a user may make mistakes when trying to communicate the cryptographic identity of one party to another party's device. Furthermore, many less sophisticated users know little or nothing about cryptography or the significance, meaning, or use of a cryptographic identity. For such users, establishing a secure association between two other parties can be a mysterious, complicated, and bewildering task.
Based on the foregoing, there is a clear need for a method of securely exchanging cryptographic identities through a mutually trusted intermediary without requiring a user to manually or vocally communicate the cryptographic identities.