In the complicated business environment and an era of digitalization, it is very common that various messages may be transferred sequentially through multiple layers to achieve a business purpose. The prolonged chain with multiple parties causes two concerns: 1) the mutual parties may not trust each other; 2) the longer the chain is, the more likely that a malicious attacker will pretend to be one of the parties and bring trouble.
To address the concerns, all the messages may be transferred under a “https” like protocol AND a third CA institution is required to issue a certificate to each device. However, one disadvantage may be that paying the certificate fee for so many devices is not economic, and another disadvantage may be that the “https” like protocol requires several rounds of communication which is time consuming.
In some scenarios, the transmission and authentication should be automatically performed. Therefore, a signature may be verified in each node of the multilayer system and each node may hold a private key in cleartext for verifying the signature. That is, each time a node receives a message, the node will verify the signature of the sender. After verifying, the node may sign its own message and dispatch the message to the next node. One disadvantage of this kind of solution may be that a cleartext private key, stored at the node which uses the private key, makes the node vulnerable to attack. It is because a hacker can easily get the private key of each node and may change the content of all the messages and sign the changed messages with the hacked private key. However, if the cleartext private key were not stored at the node for executing the signing process, the process could not be executed automatically.
Therefore, how to enhance user authentication experience in the multi-layer system, such as how to achieve automation while ensuring security, is a challenge in modern days.