Abstract: In general, peer-to-peer techniques are described for providing secure communications using digital certificates assigned to secure communication servers (SCSs). The secure communication techniques allows enterprise users to communicate data securely between on another without requiring a centralized system. The SCS provides the secure communication services, such as certification authentication, usually provided by the centralized system. The non-centralized secure communication services provide high fault-tolerance, so that the failure of any system, communication link or other infrastructure will only affect the communication sessions directly associated with the infrastructure experiencing failure.

Abstract: The invention provides techniques for validating security credentials locally within an enterprise. For example, a trust server within the enterprise intercepts a validation request from a secure electronic email service being used by a client within the enterprise. The trust server accesses security credential information, which may be maintained in a directory, to answer for the validation request. When the trust server is unable to answer the validation request, the trust server queries a bridge service provider, which associates the trust server with trust servers maintained by other enterprises, for the security credential information necessary for validation. The bridge service provider forwards the query to the appropriate one the trust servers of another enterprise. The trust server of the other enterprise returns the necessary security credential information, which the bridge service provider relays to the querying trust server for validation.

Abstract: Techniques are described for constructing and maintaining secure communities over a computer network, such as the Internet. In particular, the techniques allow security to be integrated and managed in a “directory-centric” fashion. In other words, the techniques described herein allow a community of trusted members to easily be managed via one or more online directories rather than hierarchical certification authorities. A system includes, for example, a server having a directory of members of a network community, wherein the directory stores data defining digital identities of the members for securely exchanging information with the members. A software application executing on a network device coupled to the server accesses the directory and exchanges the information between the members in accordance with the digital identities of the members.