This invention relates to secure messaging, and in particular to the confirming the validity of a certificate associated with a message sent over a network.
In recent years, the use of electronic communication has expanded at a tremendous rate. There is a growing use of electronic communication for transactions of many different types, including, for example, financial transactions. Many of these transactions require the use of verifiable means of identification. For example, if a transaction is to be conducted in a purely electronic manner, the parties to the transactions need to ensure that the other parties to the transaction are who they purport to be.
Approaches to the verification of identity have been developed that involve the use of signed messages, and the passing of digital certificates. A digital certificate is issued to a user once the user's identity has been verified. The certificate is based on trust, with the value of the trust being passed down a hierarchy of bodies from a certification authority. The certification authority certifies the certificates it issues. At each lower stage in the hierarchy, a valid certificate can only be issued if a body has been certified as able to issue certificates by a body at a higher level in the tree. Each certificate will identify the chain of certification from the certification authority down to the actual certificate.
A message including a certificate will be sent between parties as a signed message, the signing typically being effected using Public Key Encryption.
The obtaining and use of certificates can be summarized in, for example in the following.
In order to obtain a certificate, an originating party applies to a Certification Authority (CA) (or to another body certified directly or indirectly by the CA) for a digital certificate. The CA verifies the identity of the originating party and issues a certificate (assuming the originating party user checks as being OK). The CA also publishes the certificate by making it available in a public repository.
After the party has received the certificate, this can then be used in communications sent by the originating party. The use of the certificate can be summarized in the following steps:    1. The originating party digitally signs and sends an electronic message using the certificate to a recipient (often termed the relying party), who might be a merchant or a trading partner.    2. The relying party checks the originating party's certificate against the content of the public repository.    3. The repository checks, or validates, the originating party's certificate and responds to the relying party.    4. The relying party approves or declines service to the originating party based on the certificate validation results.
It can be seen that this approach provides a mechanism for verifying the identity of a user that is based on trust in the system. However, checking of the user's certificate with the repository requires a potential delay in acceptance of the message and typically there is a charge for checking the certificate with the repository.
An aim of the present invention is to provide for more efficient and cost effective certificate validation.