Making the Internet a Safer Place

An SSLX Directory Service is an independent third party that manages trust between Web servers and Web browsers as part of the Circle of Trust.

Any open network architecture, like the Internet, allows free access to anyone. This works wonderfully until two parties unknown to each other wish to be certain they are who they say they are. They need a way to negotiate introductions to each other. This is done by a “trusted third party” who can vouch for the veracity of one party to the other. In the current Internet architecture, these third parties are called Certificate Authorities (CA).

The name is a technical term based on the underlying technology used to provide the authentication of the parties. In SSL, each participant who wants to be able to provide proof of who they are, is issued a certificate by one of these Authorities (hence, the term Certificate Authority). These certificates are bound mathematically to the keys that are presented within the technology by each party. In the current SSL there are two major issues associated with this third party mechanism:

• Certificates – type, cost, acquisition method, provider, performance
• Trust – validation, verification, revocation

There are different types of certificates (root, subordinate, extended) provided with varying cost structures, through non-standard acquisition methods, by any number of certificate providers, and they require extensive computing power to deal with. And how do you check them, when do you check them, who checks those providing the checks, and how do you take back a certificate that someone already has?

SSLX changes the way that keys are bound to those who present them and does away with all of these issues. SSLX uses a private key system where the server, and optionally the browser, performs a multi-channel request/verification to set up a trusted relationship with the third party. This process is called a Verified Setup (VSU) and the third parties are the Directory Services. Directory Services are public entities that operate under the guidelines and procedures of the SSLX Public Administrator (PA).

With SSLX the problems with certificates have been removed:

• There is no cost – public trust is provided as a public service
• There are three understandable levels of VSU: high, medium and low
• The VSU methodology is identical for all Directory Services
• There are only a limited number of Directory Services authorized by the SSLX Public Administrator
• The key method for binding trust is up to 100 times faster than traditional certificate computations

SSLX has also solved the trust problems because all of the above items can be checked by the browser in real-time, every time. Right on any DS Web site (and the DS site can be checked at the Public Administrator site). Every trust validation and verification is performed in real-time through the DS; it is not the static mathematic binding of traditional certificates. And should that trust need to be revoked, a DS can do it instantaneously – no single user suffers any undue consequences.

A Directory Service provides the mechanism for performing verified setups with Web servers (mandatory) and browsers (optional). The trust established after a verified setup is then brokered in real time to other Internet parties wishing to authenticate each other. Directory Services are an integral part of providing a better trust model on the Internet.