|
What
is a digital certificate?
|
| Digital
Certificate is an electronic credential that vouches for the holder's identity,
a digital certificate has characteristics similar to those of a passport
- it has identifying information, is forgery-proof, and is issued by a trusted
third party. It serves as your digital identity. |
|
| Why
is the digital Certificate required? |
|
They are required to meet the Security Challenges as listed below. They
are popularly know as the five pillars of e-commerce.
- Confidentiality
- Authentication
- Integrity
- Non-repudiation
- Interoperability / Universality
|
| |
Confidentiality
|
| |
You
want to be sure the information you are sending, such as credit card
information when purchasing goods online, or sensitive business information
in e-mail can't be read by anyone other than the intended recipient.
|
| |
|
| |
Integrity |
| |
You
want to make sure no one has intercepted information and changed it
in any way. So tampering of the information by anybody should be difficult
and evident. |
| |
|
| |
Authentication |
| |
You
want to be able to check on the identity of users. For example, you
wouldn't want a competitor to download your company information from
an Extranet, or in the case of a very large financial transaction,
you want to feel certain of who placed the order. As a user, you also
want to be certain if you are buying goods from an online store, that
the store is legitimate, that you'll actually get the goods you are
paying for - -you're not just providing a credit card number with
which someone can go on a shopping spree. |
| |
|
| |
Non-repudiation |
| |
In
the real world, a contract with a written signature is generally binding.
There is no real equivalent on the Internet. Someone might buy some
stock over the Internet, the price falls, and then they say they never
placed the order. There isn't a way to sign a contract electronically
except with a certificate. |
| |
|
| |
Interoperability |
| |
Finally,
whatever solution you have needs to be interoperable and universal,
because the benefits of this model is that everyone can work together
and share information across the network transparently. The adoption
of standards by Internet vendors has provided this interoperability. |
| |
 |
|
| Only
digital certificates can provide all of the above |
| |
PKI |
Passwords |
| Authentication |
Yes |
Yes |
| Confidentiality |
Yes |
No |
| Integrity |
Yes |
No |
| Non-repudication |
Yes |
No |
| Enabled
in standard apps |
Yes |
Yes |
| Proven
technology |
Yes |
Yes |
| Standards-based |
Yes |
Yes |
| Shared
identity across apps |
Yes |
No |
|
|
| Where
can the Digital Certificate be used? |
|
Your digital certificate depending on the class it belongs to could be
used for following:
- Allow you to access membership-based web sites automatically without
entering a user name and password.
- Digitally sign email messages to assure recipients that the email
really was sent by you.
- Encrypt email contents and attachments, protecting them from being
read by online intruders. Only your intended recipient can decrypt them.
- Allow others to verify your "signed" e-mail or other electronic
documents, assuring your intended reader(s) that you are the genuine
author of the documents, and that the content has not been tampered.
|
|
| What
is a digital signature? |
Not to be confused with
a digitized signature (a scan of a hand-written signature), a digital signature
can be used with either encrypted or unencrypted messages to confirm the
sender's identity and ensure the recipient that the message content has
not been changed in transmission. Digital signatures incorporate the characteristics
of hand-written signatures in that they can only be generated by the signer,
are verifiable, and cannot easily be imitated or repudiated.
Are there any categories within the offering of Digital Certificates?
Yes, depending on the class of offering, the trust is established which
is ensured based on the check done before issuance eg: the personal certificates
offered under VTN hierarchy:
Class 1: Here the certificate is issued to an individual on the basis
of a valid email id. These certificates do not hold any legal validity as
the validation process is based only on a valid email id and no direct verification.
These are usually called as personal email certificates.
Class 2: Here, the identity of a person is verified against a trusted,
pre-verified database. For example, the HR database of an organization,
etc
Class 3: This is the highest level where the person needs to present
himself or herself in front of a RA and prove his / her identity |
|
