Regardless, the responder 14 as shown obtains the third party's signature in order to authenticate itself to the initiator 12. In particular, the responder 14 retrieves “signed” data 22S, i.e., data that is signed by the third party 18. The responder 14 may do so for instance by transmitting unsigned data 22 to the third party 18, e.g., within a request for the third party 18 to sign the provided data 22 and return the resulting signed data 22S. No matter how the responder 14 retrieves the signed data 22S, the responder 14 then transmits a response 24 to the initiator's message 20 over the secure communication channel 16. The response 24 includes the retrieved signed data 22S. The initiator 12 correspondingly determines whether or not the responder 14 is authenticated, by determining whether or not the response 24 includes data 22S that is signed by the third party 18.

In some embodiments, the initiator's acceptance of the third party's signature for authentication of the responder 14 is inherently founded on its trust of the third party 18. In this case, the initiator 12 trusts that the third party 18 will not sign any data for a responder that the third party 18 itself does not trust or has not authenticated itself. If the third party 18 trusts or authenticates a responder and as a result signs data for that responder, then the initiator 12 is configured to likewise authenticate the responder.