A data message, such as an email, being sent from a sender device can pass through many gateways, computer systems, servers, routers or any other such node en route to a recipient device. The sender often has no control over the gateways, computer systems, servers, routers or other nodes through which his or her data message passes, and is often not even aware of the path that the data message follows in being sent to the recipient device.
As a result, the data message may easily be intercepted, read or even altered at any one of these nodes by a third party, meaning that the integrity, confidentiality and/or validity of the data message and the contents thereof may be questionable should it finally reach the intended recipient device.
There have been many developments over the years which purport to address the problem of data message integrity, confidentiality and/or validity.
One such solution which has gained some degree of traction involves the use of public-key cryptography to digitally sign data messages at the sender device to produce a ‘digital signature’. The digital signature may ensure that the data message cannot be read or altered at an intermediary node, meaning that the data message received at the recipient device may be authenticated as being unaltered and unread during transmission.
Public-key cryptography refers to a cryptographic system typically requiring two separate keys, one of which is ‘private’ and the other ‘public’. The public key may be used to encrypt data or verify a digital signature while the private key may be used to decrypt the encrypted data or to create a digital signature. Neither key can perform both functions individually. Typically, a user's public key may be published while the corresponding private key should be kept secret.
For instance, when digitally signing a data message, the data message (or more typically a hash of the data message) may be encrypted at the sender device using the sender's private key. This digitally signed data message may then be transmitted to a recipient along with the original data message as well as the sender's public key. The recipient may then decrypt the digitally signed data message using the public key and compare the decrypted digitally signed data message with the original data message (or more typically hashes of both).
When encrypting a data message, the sender makes use of the recipient's public key to encrypt the data message. The encrypted data message is transmitted from the sender to the recipient. The recipient then uses the recipient's private key to decrypt the data message.
Digital certificates are typically issued by certificate authorities and may be used to bind a public key to an identity. They may also include information about the entity or individual to whom the certificate was issued and may also include information about the certificate authority that issued the digital certificate.
Current devices for storing digital certificates may lack required levels of security and thus digital certificates stored therein may be susceptible to attack or fraudulent use.