The use of certificates, or other data structures for purposes of information security is well known. For example, in public key infrastructures, public key certificates are issued by trusted root certification authorities (CA's) to allow users to confirm that public encryption keys and public verification keys have not expired for other users of the system so that information may be suitably encrypted or a digital signature may be verified based on a certificate issued by, and maintained by, a certification authority. As known in the art, web certificates are typically different from public key certificates since web certificates are typically not managed by a trusted certification authority.
For example, different suppliers of web browsers may incorporate root CA certificates issued by many different sources. Each of these sources may issue a certificate with differing expiration dates. Management of the root CA certificates by a trusted authority is typically not used. Accordingly, a problem arises when different versions of web browsers are used by different users. For example, an older version of a web browser may have root CA certificates that expire sooner than root CA certificate that may be embedded in newer versions of web browsers. Accordingly, various certificate issuing entities may serve as different root CA's and issue certificates having differing expiry periods. When a root CA certificate expires, all servers which have web certificates that were issued by that CA will no longer trust any browser which contains only the expired certificate for that CA.
For a conventional web model, there is typically no way to detect the expiration of a web certificate prior to a request for a session with a web server. For example, web certificates that are preinstalled with web browsers from different issuers are typically not continually checked by the web browser to insure that they have not expired. Typically, a user will only be informed of a problem when the web browser attempts to set up a secure session with a web server. If the web certificate has expired, the session is not granted. One proposed solution has been to require a user to manually update a web browser that has prestored web certificates that expire at later dates. Typically, web servers will detect old web browser versions through, for example, web identification tags embedded in headers and identify a link (e.g., URL) to the site that may contain a new version of a web browser. The user then typically clicks on a URL to connect to the site containing the new software version and downloads the new web browser containing web certificates with expiry periods later than those on previous web browser versions.
Alternatively, other solutions have included automatically detecting the version of the web browser based on the ID tag in the HTTP headers prior to setting up a secure session and identifying a site for a user to connect with to install the new root CA certificate in their browser. In addition, it is generally known to provide automatic software upgrades based on internal timers that a software application may have embedded therein, to notify the user to perform a manual update.
However, a problem arises with such techniques since, inter alia, a user typically is denied a secure session and is additionally required to manually obtain an updated version of a web browser. Accordingly, when a user installs a new version of a web browser it is typically not possible for a web site to known that the web browser has the new root CA certificate without establishing an SSL connection or other suitable secure session that requires the use of a new root CA certificate. This problem can be overcome by issuing a cookie to the user's browser. The next time the user visits the site, the server can check for the cookie. If the cookie exists, the server knows that the user has installed the new root CA certificate. However, other sites that also require the new root CA certificate cannot read that cookie. As such, each different server in a different domain may not be able to identify that the user has already installed the new root CA certificate.
Consequently, there exists a need for a method and system that facilitates the updating of data, such as web certificates, or other data, and allows a user to install or update the data and have the update recognized by differing server domains that participate in the system.