Intro
Internet, a virtual world online, is built actually on trust. When we are communicating or getting & sending information with other people online, we don’t actually see the people. But we trust that they are who they say they are. But trust is not enough when it comes to financial transaction or other important communication. But there are crackers and hackers, scammers & con artists in an around us. They are very much active to steal credit card number or our personal & financial information or business secrets information. On the other hand business needs to know that the person sending a data, that is really is who he says he is or an imposter who has managed to steal a data from some one.
Here DIGITAL CERTIFICATE comes to the picture. It is an attachment to an electronic message used to verify that the person sending information, accredit card number or anything over the internet really is who he claims to be. The certificates place on a person’s hard disk and using an encryption technology, create a unique digital certificate for each person. When some one sends email or goes to a site with a digital certificate, that certificate presented to the site or attached to the email and it validate that the user is who he claims to be.
Due to the use of powerful encryption technology this certificates are quite safe & secure. Probably it is much more safe & secure than the real life signature. In real life signature can be forged but in Internet digital certificate can’t be forges.
Certificate Authorities (CA)
Certificate authorities are an independent, recognized and mutually trusted third party who issued Digital Certificate and guaranteed that the person or site is who it claims to be.
The Digital Certificates contains:
Name of entity
Address of entity,
The certificate’s serial number,
Public Key,
Expiration Date, and
Digital Signature,
The information has been encrypted in such a way that it makes unique for each person. The most widely used standard for Digital Certificate is X.509 and most well known certificate authorities are VeriSign (www.verisign.com) and Thawte (www.thawte.com).
How to Creating the Certificate
Step 1: The certificate authorities verify that the public key belongs to a specific company or individual and the through details validation process it is determines that the company or individual is who it claims. It depends on the CA and on the level of certification.
Step 2: After completion of details validation CA creates an X.509 certificate that contains CA and subject information including the public key. The CA signs the certificate by creating a hash value and encrypting the hash value with its private key. The encrypted hash value is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed." Private Key is very important & CA keeps it very secure because if it is discovered, false certificate would be created.
Public key or Cryptography
Every packet of data sent over the Internet through many public networks, that means access to these packets is not private. So when highly confidential information such as corporate data or credit card numbers, which is transmitted across the Internet, are not save. So the Internet will never be a secure place to do business or send private data, unless there is some way to protect that kind of information.
To protect the confidential information software developers develop encryption & decryption that is information is altered in such a way that to any one other than the intended recipient it will look like meaningless garbage. Again the information is also turned back into the original message by the recipient and only by the recipient. Many complex cryptosystems have been created to allow for this kind of encryption & decryption.
The hearts of cryptosystems are the keys. Keys are secret values that computers use in concert with complex mathematical formulas called algorithms to encrypt and decrypt messages. The concept behind the keys is that if some one encrypts a message with a key, only some one with matching key will be able to decrypt the message.
There are two common encryption systems: secret-key-cryptography, i.e symmetric cryptography, and public-key-cryptography, i.e. asymmetric cryptography. The most common secret-key cryptography system is the Data Encryption Standard (DES).
How to verify the Certificate
Signed certificate is verified by the recipient’s software, which is mainly the recipient’s web browser. The list of CA’a and their public keys is maintained by the web browser. Web browser uses this appropriate public key decrypt the signature back into the digest. It recomputed own digest from the plain text in the certificate & compares the two. Certificate is verified if both the digest match & the public key in the certificate are assumed to be the valid public key.
VeriSign introduced the some new concept of classes of digital certificate
Class 1 - For Individual
Class 2 - For company or organizations-Identity proof required
Class 3 - For servers & software signing
Class 4 - For online business transactions between two companies
Class 5 - For private or governmental security
Digital ID is valid for one year & after that every software has to be resigned. To avoid this companies have introduced time stamping services. Once the software has been time stamped it is not required to resigning the software after Digital ID expires.
Below is picture if a user receives an unsigned component distributed via the Internet?
The following will occur
- If security settings are set on "High," the client application will not permit the unsigned code to load.
- If security settings are set on "Medium," the client application will display a warning like this screen:
Below is the picture if a user receives a signed component distributed via the Internet?