Important networked resources are being made accessible over computer networks in ever greater frequency. An increased effort to ensure secure connections follows as more data is exchanged via networks which are exposed to threats such as hacking schemes that comprise security. Access to less sensitive or valuable networked resources may be sufficiently controlled based on logon identities and passwords. However, other networked resources may require enhanced protection provided by more complex authentication methods and systems.
Certificate initiated authentication is significantly more secure than a password initiated authentication. Typically, a process of authenticating a client and a server requires a shared hierarchical structure that enables both the client and the server to verify the authenticity of one another's certificates. In some instances, the client may have received a certificate directly from the server, such as when a server host issues the client a smartcard that includes the certificate. Today, if an entity wants to use a certificate initiated authentication, such as public key infrastructure (PKI) identity, for its customers, the entity has to act as a certificate authority (CA) and issue a new identity for the customer.
The process of issuing the new identity and configuring the secure connection with the certificate does not scale well for either the entity or the customer. Certificates are expensive, require hierarchy trust chain, and take time and resources to configure.