PKI Certificates
Overview of Digital Certificates
Digital Certificates are used to authenticate a person’s identity in electronic transactions; similar to how a driver license or a passport is used in face-to-face transactions. Electronic Digital Certificates can be used to prove your identity and validate access to information or services online as, you can assure friends, business associates, and online services that the electronic information they receive from you are valid. Digital Certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. Digital Certificates can be used for electronic transactions such as e-mail, electronic commerce, groupware and electronic funds transfers, and are ideal for virtual malls, electronic banking and other operations of electronic services.
A Digital Certificate typically contains the owner’s public key and name, expiration date of the public key, issuer’s name (the certification authority that issued the Digital Certificate) and digital signature, and serial and version number of the Digital Certificate. The most widely accepted format for Digital Certificates is defined by the CCITT X.509 international standard, and digital certificates are valid for only a specific period of time.
Although Digital Certificates are electronic, they can be used on numerous devices including personal computers because they are standardized. Digital certificates can be used on handheld devices, on mobile phones, and on portable cards, called smart cards. Smart cards can be used with a variety of different devices and are usually ideal for use with Digital Certificates. Smart cards allow Digital Certificates to be as portable and usable as a traditional driver’s license or passport.
PKI Certificates and How They Work
The Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, store, distribute, and revoke digital certificates. PKI enables users of an unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. Public key cryptography is the most common method on the Internet for authenticating a message sender or encrypting a message. The PKI certificate is used to allow computer users to show that they do own the public keys they claim; it is a security mechanism for public keys.
A digital signature is required for the PKI certificate. A digital signature functions for electronic documents like a handwritten signature does for printed documents. The signature is data that asserts that a named person wrote or otherwise agreed to the document to which the signature is attached. The digital signature cannot be falsified as is much more secured than a handwritten signature. This signature is created by someone that is authorized to assign the certificate, the person whose identity is being confirmed, or an endorser of the public key. The recipient of a digitally signed message can verify both that the message originated from the person whose signature is attached and that the message has not been altered either intentionally or accidentally since it was signed. Secure digital signatures cannot be disowned by the signer.
The PKI certificate usually includes personal information such as name, employment status and company’s name, and how long the certificate is valid. The most popular standard for PKI certificates is ITU-T X.509.
