In a computer network such as the Internet, it is common for a plurality of entities to be hosted on a single server computer. For example, several entities may wish to have their Websites hosted on a single computer to save costs associated with purchasing and maintaining a server computer. This is called a shared hosting environment. It is common for these entities to wish to have their Websites authenticated by a trusted third party. An example of such a trusted third party is a certification authority such as VeriSign, Inc. of Mountain View, Calif. The authentication establishes that the entity is legitimate and gives assurance to others, such as potential customers of the entity, that they may safely conduct business with the entity. The authentication may take the form of a digital certificate using public key cryptography. Authentication and encryption can be combined in a protocol such as SSL (Secure Sockets Layer). Alternatively, non-cryptographic authentication may be used, such as a seal or a plug-in software module containing evidence of authentication by the trusted third party.
In a shared hosting environment, the trusted third party typically issues a digital certificate to the owner or operator of the server computer, e.g., an Internet service provider (ISP), but does not issue individual digital certificates to the entities, due to limitations in the HTTP (hypertext transfer protocol) and SSL protocols. Therefore, Internet service providers using SSL in a shared hosting environment typically use a shared SSL digital certificate that has been authenticated and issued to the Internet service provider but not to the individual entities. This is referred to as “shared SSL” and is popular in lower-end Websites and entry-level hosting plans. In shared SSL, the Website automatically redirects from the entity's site (e.g., http://www.entity.com) to a secure page hosted by the Internet service provider (e.g., https://secured.isp.com or https://*.isp.com, where the wildcard character * can represent any hostname, such as the name of the entity). In HTTPS, the “S” stands for “secure.” If a customer of the entity attempts to obtain more information about the entity by means of clicking on the security padlock icon displayed by his or her browser, the customer will obtain information about the Internet service provider, since the ISP is the certificate holder. The customer will not be able to have the assurance that a trusted third party has performed due diligence on the entity itself.
In shared SSL, the ISP may be tempted to allow the entities hosted by the ISP to use the ISP's certificate as issued by the trusted third party. This may constitute a violation of the agreement between the ISP and the trusted third party, especially when the ISP charges for such a service.
The present invention provides a means for a trusted third party to provide authentication of individual entities in a shared hosting environment, without needing to change the HTTP and SSL protocols.