digital certificate
TRANSCRIPT
What are Digital Certificates?What are Digital Certificates?
A digital certificate (DC) is a digital file A digital certificate (DC) is a digital file that certifies the identity of an individual or that certifies the identity of an individual or institution, or even a router seeking access institution, or even a router seeking access to computer- based information. It is to computer- based information. It is issued by a Certification Authority (issued by a Certification Authority (CA), ), and serves the same purpose as a driver’s and serves the same purpose as a driver’s license or a passport. license or a passport.
What are Certification What are Certification Authorities?Authorities?
Certification Authorities are the digital world’s Certification Authorities are the digital world’s equivalent to passport offices. They issue digital equivalent to passport offices. They issue digital certificates and validate holders’ identity and certificates and validate holders’ identity and authority. authority.
They embed an individual or institution’s public They embed an individual or institution’s public key along with other identifying information into key along with other identifying information into each digital certificate and then each digital certificate and then cryptographically sign it as a tamper-proof seal cryptographically sign it as a tamper-proof seal verifying the integrity of the data within it, and verifying the integrity of the data within it, and validating its use. validating its use.
What is the Process of obtaining a What is the Process of obtaining a certificate?certificate?
1.Subscriber (sender) generates a public\private key pair. Applies to CA for digital certificate with the public key.
2.CA verifies subscriber's identity and issues digital certificate containing the public key.
3.CA publishes certificate to public, on-line repository.
4.Subscriber signs message with private key and sends message to second party.
5.Receiving party verifies digital signature with sender's public key and requests verification of sender's digital certificate from CA's public repository.
6.Repository reports status of subscriber's certificate.
Bob’s public
key
Bob’s identifying informatio
n
CA private
key
K B+
certificate for Bob’s public
key, signed by CA
Digital signature (encrypt)K B
+
K CA-
Bob’s public
key
Bob’s identifying informatio
n
CA private
key
K B+
certificate for Bob’s public
key, signed by CA
Digital signature (encrypt)K B
+
K CA
What is the Process in obtaining a What is the Process in obtaining a certificate?certificate?
Types of Digital CertificatesTypes of Digital Certificates
There are four main types of digital There are four main types of digital certificates :-certificates :- Server CertificatesServer Certificates Personal CertificatesPersonal Certificates Organization CertificatesOrganization Certificates Developer CertificatesDeveloper Certificates
Server CertificatesServer Certificates
Allows visitors to exchange personal Allows visitors to exchange personal information such as credit card numbers, information such as credit card numbers, free from the threat of interception or free from the threat of interception or tampering. tampering.
Server Certificates are a must for building Server Certificates are a must for building and designing e-commerce sites as and designing e-commerce sites as confidential information is shared between confidential information is shared between clients, customers and vendors. clients, customers and vendors.
Personal CertificatesPersonal Certificates Personal Certificates allow one to authenticate a Personal Certificates allow one to authenticate a
visitor’s identity and restrict access to specified visitor’s identity and restrict access to specified content to particular visitors. content to particular visitors.
Personal Certificates are perfect for business to Personal Certificates are perfect for business to business communications such as offering business communications such as offering suppliers and partners controlled access to suppliers and partners controlled access to special web sites for updating product special web sites for updating product availability, shipping dates and inventory availability, shipping dates and inventory management.management.
Organization & Developer Organization & Developer CertificatesCertificates
Organization Certificates are used by Organization Certificates are used by corporate entities to identify employees for corporate entities to identify employees for secure e-mail and web-based transaction.secure e-mail and web-based transaction.
Developer Certificates prove authorship Developer Certificates prove authorship and retain integrity of distributed software and retain integrity of distributed software programs e.g. installing a software on a programs e.g. installing a software on a computer system in most instances computer system in most instances requires what is called a “serial key”requires what is called a “serial key”
What Does a Digital Certificate What Does a Digital Certificate Contain?Contain?
It contains your It contains your namename, a , a serial numberserial number, , expiration dateexpiration date, , a copy of the certificate-a copy of the certificate-holder'sholder's public key (used for encrypting (used for encrypting messages and messages and digital signaturess), and ), and the the digital signature of the certificate-issuing digital signature of the certificate-issuing authorityauthority so that a recipient can verify that so that a recipient can verify that the certificate is real. Some digital the certificate is real. Some digital certificates conform to the X.509 standard. certificates conform to the X.509 standard.
Example of a Certificate:Example of a Certificate: Serial number (unique to issuer)Serial number (unique to issuer) info about certificate owner, including algorithm info about certificate owner, including algorithm
and key value itself (not shown)and key value itself (not shown) info about info about certificate certificate issuerissuer
valid datesvalid dates digital digital
signature signature by issuerby issuer
Why are they Used?Why are they Used?There are four(4) main uses:There are four(4) main uses:1.1. Proving the Identity of the sender of a transactionProving the Identity of the sender of a transaction
2.2. Non Repudiation –Non Repudiation – the owner of the certificate cannot deny the owner of the certificate cannot deny partaking in the transactionpartaking in the transaction
3.3. Encryption and checking the integrity of data - Encryption and checking the integrity of data - provide provide the receiver with the means to encode a reply.the receiver with the means to encode a reply.
4.4. Single Sign-On - Single Sign-On - It can be used to validate a user and log It can be used to validate a user and log them into various computer systems without having to use a them into various computer systems without having to use a different password for each systemdifferent password for each system
Public & Private KeysPublic & Private KeysPublic and Private Key pairs comprise of two Public and Private Key pairs comprise of two uniquely related cryptographic keys.uniquely related cryptographic keys.
Public key is made accessible to everyone, Public key is made accessible to everyone, whereas Private key remains confidential to its whereas Private key remains confidential to its respective owner.respective owner.
Since both keys are mathematically related only Since both keys are mathematically related only the corresponding private key can decrypt their the corresponding private key can decrypt their corresponding public key.corresponding public key.
How do You Obtain An Individual’s How do You Obtain An Individual’s Public Key?Public Key?
When Alice wants Bob’s public key:When Alice wants Bob’s public key:• Alice gets Bob’s certificate (from Bob or elsewhere).Alice gets Bob’s certificate (from Bob or elsewhere).• apply CA’s public key to Bob’s certificate, get Bob’s public apply CA’s public key to Bob’s certificate, get Bob’s public
keykey
K B+
digitalsignature(decrypt)
K B+
CA public
key K CA
Bob’s public
key
Where are Digital Certificates Where are Digital Certificates Used?Used?
In a number of Internet applications that include:
1.Secure Socket Layer (SSL) developed by Netscape Communications Corporation
2. Secure Multipurpose Internet Mail Extensions (S/MIME) Standard for securing email and electronic data interchange (EDI).
3. Secure Electronic Transactions (SET) protocol for securing electronic payments
4. Internet Protocol Secure Standard (IPSec) for authenticating networking devices
Where are Digital Certificates Where are Digital Certificates Used?Used?
How Digital Certificates are Used How Digital Certificates are Used for Message Encryptionfor Message Encryption
Why do I need a Digital Certificate?Why do I need a Digital Certificate?
Virtual malls, electronic banking and other Virtual malls, electronic banking and other electronic services are a commonplace electronic services are a commonplace offering service from the luxury of one’s offering service from the luxury of one’s home. One’s concern about privacy and home. One’s concern about privacy and security may prevent you from taking security may prevent you from taking advantage of the luxury; this is where advantage of the luxury; this is where digital certificate comes in.digital certificate comes in.
Why do I need a Digital Certificate?Why do I need a Digital Certificate?
Encryption alone is not enough as it Encryption alone is not enough as it provides no proof of the identity of the provides no proof of the identity of the sender of the encrypted information. Used sender of the encrypted information. Used in conjunction with Encryption, Digital in conjunction with Encryption, Digital Certificates provides a more complete Certificates provides a more complete security solution, assuring the identity of security solution, assuring the identity of all the parties involved in a transaction. all the parties involved in a transaction.
How do I view Digital Certificates How do I view Digital Certificates on my PC?on my PC?
For MS Explorer Users:-For MS Explorer Users:- Open your MS Internet Explorer Open your MS Internet Explorer Click on the Tools MenuClick on the Tools Menu From the drop down list, select Internet From the drop down list, select Internet
optionsoptions Click the Content tabClick the Content tab Click the certificates buttonClick the certificates button
Example of an MS Explorer Example of an MS Explorer Certificate.Certificate.
How do I view Digital Certificates How do I view Digital Certificates on my PC?on my PC?
For Netscape users:-For Netscape users:- Open your Netscape CommunicatorOpen your Netscape Communicator Click on the Communicator MenuClick on the Communicator Menu From the drop down list select the Tools and From the drop down list select the Tools and
then Security infothen Security info Click on the Certificates link to view and learn Click on the Certificates link to view and learn
more about each certificate type stored by more about each certificate type stored by NetscapeNetscape
Example of a Netscape CertificateExample of a Netscape Certificate
Advantages of Digital CertificatesAdvantages of Digital Certificates
Decrease the number of passwords a user has to remember to gain access to different network domains.
They create an electronic audit trail that allows companies to track down who executed a transaction or accessed an area.
Do Digital Certificates Have Do Digital Certificates Have Vulnerabilities?Vulnerabilities?
One problem with a digital certificate is where it One problem with a digital certificate is where it resides once it is obtained. resides once it is obtained.
The owner's certificate sits on his computer, and The owner's certificate sits on his computer, and it is the sole responsibility of the owner to protect it is the sole responsibility of the owner to protect it. it.
If the owner walks away from his computer, If the owner walks away from his computer, others can gain access to it and use his digital others can gain access to it and use his digital certificate to execute unauthorized business.certificate to execute unauthorized business.
The best way to address the vulnerabilities The best way to address the vulnerabilities of digital certificates is by combining them of digital certificates is by combining them with biometric technology, as that confirms with biometric technology, as that confirms the actual identity of the sender, rather the actual identity of the sender, rather than the computer. than the computer.
Do Digital Certificates Have Do Digital Certificates Have Vulnerabilities?Vulnerabilities?
Glossary Glossary
PKI – Public Key Infrastructure (PKI) provides a PKI – Public Key Infrastructure (PKI) provides a framework for addressing the previously framework for addressing the previously illustrated fundamentals of security listed above.illustrated fundamentals of security listed above.
Encryption- Encryption is converting of data into Encryption- Encryption is converting of data into seemingly random, incomprehensible data. seemingly random, incomprehensible data.
Decryption- Decryption is reversing encryption via Decryption- Decryption is reversing encryption via the use of Public and Private Keys. the use of Public and Private Keys.
In ConclusionIn Conclusion Public Key Cryptography is used in
message authentication and key distribution.
Key management is achieved by Digital Certificates, which are a mechanism that enables distribution of keys to participants exchanging information. They ensure the Confidentiality of these messages and the Authentication of the participants.
The strength of Digital Certificates through X.509 lies, inter alia, in the fact that they have been standardized by the ITU-T.
This makes for security in investment and training, as it is assured Digital Certificates will be maintained in the future.
In ConclusionIn Conclusion
BibliographyBibliography e-Business & e-Commerce: How to Program, e-Business & e-Commerce: How to Program,
1/e,1/e, by H.M. Deitel, P.J. Deitel and T.R, Nieto, by H.M. Deitel, P.J. Deitel and T.R, Nieto, Prentice Hall, 2000Prentice Hall, 2000
Cryptography and Network SecurityCryptography and Network Security, 2/e, by , 2/e, by William Stallings, Prentice Hall, 2000William Stallings, Prentice Hall, 2000
Electronic Commerce: A Managerial Electronic Commerce: A Managerial PerspectivePerspective, 1/e, by Efraim Turban, Jae Lee, , 1/e, by Efraim Turban, Jae Lee, David King and H.Michael Chung, Prentice Hall, David King and H.Michael Chung, Prentice Hall, 20002000
http://gsa.gov/ACES http://ec.fed.gov http://smartcard.gov E-commerce, business. technology. society. Second EditionBy: Kenneth C. Laudon, Carol Guercio Traver
Digital Certificates/Signatures in Electronic CommerceBy: Norman G. Litell ; Visa U.S.A. Risk Management
BibliographyBibliography
Digital Certificates by: Ann HarrisonDigital Certificates by: Ann Harrison(Computorworld v34 no33 p58 Ag 14 2000)(Computorworld v34 no33 p58 Ag 14 2000)
Certificate authorities move in-house: Certificate authorities move in-house: Group Telecom and PSINet track users Group Telecom and PSINet track users with digital certificates by: Hanna Hurlreywith digital certificates by: Hanna Hurlrey
(Telephony v237 no11 p80 S 13 1999)(Telephony v237 no11 p80 S 13 1999)
BibliographyBibliography
DIGITAL CERTIFICATES: On good DIGITAL CERTIFICATES: On good authority by: Deryck Williamsauthority by: Deryck Williams
(CA Magazine v132 no9 p43-4 N 1999)(CA Magazine v132 no9 p43-4 N 1999)
Are digital certificates secure? by: Are digital certificates secure? by: Benjamin HammelBenjamin Hammel
(Communications News 37 no12 D 2000)(Communications News 37 no12 D 2000)
BibliographyBibliography
PUBLIC KEY CRYPTOGRAPHY:DIGITAL CERTIFICATES: Study on Attribute Certificates by:Mwelwa Chibesakunda
(Computer Science Department University of Cape Town May 2002)
BibliographyBibliography