Abstract: Techniques for handling a breach in security are disclosed. According to one technique, prior to the breach, a first party sends to a second party data that identifies a plurality of public keys, including a current public key that corresponds to a current private key. The second party uses the current public key and the first party uses the current private key to exchange electronic messages securely. Other keys, including a session key, may also be used to ensure the security of the exchange. According to one technique, digital signatures are attached to every outgoing message during the secure exchange, and verified on every incoming message. In response to a breach involving the current private key, (1) the first party invalidates the current private key, (2) the first party sends a message to the second party to instruct the second party to invalidate the current public key, and to establish another public key in the plurality of public keys as a new current public key.

Abstract: Mechanism are provided for a trusted intermediary partner to mange the encryption/decryption keys of trading partners in a trading community. As the trusted intermediary manages the public signature decryption keys for each potential sender, the recipient does not have to manage these keys. In one embodiment, a recipient receives a message from a sender via the trusted intermediary, knowing that the message originates from an authentic sender, but not from an imposter. The sender sends the message together with a digital signature of the sender, which is created from the private signature creation key of the sender, to the trusted intermediary. The trusted intermediary, having the public signature decryption key associated with the private signature creation key of the sender, uses this public signature decryption key to authenticate the sender, i.e., verifying that the message originates from a real sender, and not an imposter.