SITE CERTIFICATE SYSTEM
The present invention relates to a site certificate system and, more particularly, to such system adapted for rapid and timely maintenance of authentication status of a site certificate adapted particularly for use on what is commonly known as the "Internet".
BACKGROUND The Internet may be described as a worldwide interconnection of computers all of which are adapted to communicate according to a common protocol currently the protocol is known as TCP/IP.
Communication between computers according to this protocol takes place across a multitude of communication channels including the public switch telephone network (PSTN) and also more restricted channels.
One problem with this form of communication system is that it can be difficult to ensure data integrity and confidentiality. Allied to this is the problem of identity of sources of data - that is how can a relying party be sure that the data it receives purporting to come from a particular computer site does, in fact, come from that site, come with the clear authority of the owner of the site, and, more particularly, that the owners of the site are who they purport to be .
A partial solution to this identity confirmation or authentication problem has come about by trusted third parties providing a secure electronic file which can be utilised to confirm site identity.
A problem with this arrangement is that the trusted third party which issues the site identification upon which other parties then rely may, itself, not always have up to date information as to the status and identity of the owners of the site in respect of which the site identification is issued.
It is an object of the present invention to address or alleviate this problem.
BRIEF DESCRIPTION OF INVENTION
The invention consists in a site certificate system for use on the Internet (as defined in the specification) , said system comprising a certificate authority adapted to issue site identifications characteristic of a predetermined organisation, said certificate authority also being adapted to communicate with a domain name server registry thereby to issue a revocation notification to the domain name server registry and update a revocation list for use by the domain name server registry so as to indicate to a relying party that said predetermined organisation does not satisfy certain selected parameters;
said selected parameters being under near continuous monitoring by said certificate authority.
BRIEF DESCRIPTION OF DRAWINGS
One embodiment of the invention will now be described with reference to the accompanying drawing wherein:
Fig. 1 is a block diagram of a site certificate system according to a first embodiment of the invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENT
With reference to Fig. 1 there is shown, in block diagram form, components of a site identification system adapted to co-operate in accordance with a first embodiment of the invention.
The site certificate system 10 includes a Certificate Authority (CA) 11, a domain name server (DNS) 12, a first organisation server 13 and a relying party 14. In this embodiment each of the sites 11, 12, 13, 14 is adapted to communicate over the Internet 15 by way of computer interface .
In use, a computer 16 of relying party 14 will place a query onto the Internet seeking the address of first organisation server 13. A domain name server 12 will match the name of the organisation 17 with an Internet address of
first organisation server 13 following which a data connection over Internet 15 will be established between
computer 16 of relying party 14 and first organisation server 13 of organisation 17.
As part of the establishment of the data connection the site identification 18 residing on first organisation server 13 will be interrogated by computer 16 for the purposes of : 1. Authenticating the identity of first organisation server 13 ; and
2. Providing an encryption key for the purposes of encrypting the data stream passing between computer 16 of relying party 14 and first organisation server 13 of organisation 17.
The site identification 18 is issued by certificate authority 11, the certificate authority 11 being a trusted third party.
Having interrogated the site identification 18 computer 16 of the relying party 14 may then proceed with data interchange over the Internet 15 between computer 16 and first organisation server 13 with a higher level of confidence than would otherwise be the case that: 1. First organisation server 13 is under the control and sponsorship of organisation 17; and
2. Data sent to and derived from first organisation 13
will not be able to be decoded by any other parties having access to the Internet 15.
In this embodiment certificate authority 11 maintains a near continuous monitoring of selected parameters pertaining to identity, ownership and financial status of organisation 17 whereby, should one or more of those parameters change m a way which would indicate that site identification 18 no longer reflects correctly the identity, ownership or financial status of organisation 17 then the certificate authority 11 lists the site identification 18 as no longer valid and takes steps to notify the domain name server 12 to re-route enquiries made over the Internet in relation to the domain name of first organisation server to a page which indicates that the site ID 18 of organisation 17 has been revoked. The revocation list 19 published by the certificate authority 11 resides on certificate authority 11. The domain name server may also redirect queries concerning organisation 17 to the computer upon which the revocation list 19 resides. In this matter relying party 14 can be confident to a higher level than heretofore that a communication with first organisation server 13 over Internet 15 is a communication with a site which has the sponsorship and approval of organisation 17 and that organisation 17 is m a position to provide the sponsorship and/or approval with reference to the selected parameters which, m this
instance, comprise identity, ownership and financial status .
The above describes only one embodiment of the present invention and modifications, obvious to those skilled in the art, can be made thereto without departing from the scope and spirit of the present invention.