The creation of Digital Ids has become lately a big need since a variety of electronic transaction including e-mail, electronic commerce, groupware and electronic funds transfer have made a part of everyone's life especially those that accessing the net makes the basis of their daily work where nothing can introduce them or identify them but a digital certificate that is authenticated for the server.
Thus, in order to prove your identity in electronic transactions, just as a driver license or a passport does in face-to-face interaction, came the need to create Digital Ids that are instrumental in establishing a secure channel for communicating any sensitive information back to the server.In this way, every document or data or information sent to friends, associations, firms... are authentic.In more words, Digital Ids are presented to show your right to access information or online services.
Digital Ids are also known as certificates. They are issued by certification authority (ca) such as Verisign, that provides besides issuing, revocation and renewing of the certificates. Therefor Digital Ids provide a more complete security solution.
A Digital Id typically contains the:
3- Expiration date of the public key.
4- Name of the issuer (the certification authority that issued the Id ex: Verisign).
5- The serial number of the Digital Id.
6- Digital signature of the issuer.
1- Personal Certificates: used to identify yourself to the server and to all users.
2- Server Certificates: designed to protect you and your visitors to your site, it's used by secure
servers who ensure the user that his affiliation is legitime.
a- Authenticate your site: A Digital certificate on your server automatically communicates your site's authenticity to visitor's web browsers, confirming that the visitor is actually communicating with you, and not with a fraudulent site stealing credit card numbers or any personal information.
b- keep private communication private: Digital Certificates encrypt the data visitors that exchange with your site to keep it safe from interception or tampering using SSL (Secure Socket Layer) technology, the industry-standard method for protecting web communications.
Virtually all web servers and leading browsers, including Netscape Communicator, are optimized and ready for SSL. To activate SSL sessions with visitors to your site, all you need is a Digital Certificate for your sever.
c- Identity visitors: If visitors to your site use personal Digital Certificates, your server can instantly recognize them, facilitating instant log-in ( and preventing later repudiation of the web transaction ).
d- Prevent tampering: SSL preserves the integrity of every transaction, generating a warning if so much as one character of information is changed between your server and your customer's browser.
e- Assure confidentiality: Users are assured that no unauthorized entity has intercepted data, like account numbers or credit card numbers, on the way to the intended destination.
a- Weakness in dealing with rescinded privileges.
b- Certificates generally issued with relatively long term validity.
c- Rescinded through Certificate Revocation Lists, but many environment failed to check.
d- Issuing and managing Certificates can be a complex task.
e- Not widely deployed in the library community.
f- Certificates reside on the work station :can be problematic for public use station and computers used by multiple users.
Why do we need Digital Certificates?
Thanks to the new technology all common places as virtual malls, electronic banking and other services, offer nowadays the convenience and flexibility to services right from home. However, privacy and security, in this respect, nay prevent you of taking advantages for your personal business. As it provides no proof of the sender's identity, encryption alone were not enough. Digital Ids, in conjunction with encryption, solve this problem by providing a secure solution, assuring the identity of all parties involved in a transaction. Besides, as long as Digital Ids are used for a validity of electronic transaction, including e-mail, electronic commerce, groupware and electronic funds transactions that consist on a server, similarly, a secure server should have its own Digital Id to assure users that affiliation is legitimate.
Digital Ids use asymmetric key encryption based on two related keys, one private and one public.The public key is made available to everyone who wants to correspond with he owner. It's used to verify the message encrypted with the private key.
In this way, the security of the message or the correspondence depends on the security of the private key that should be protected against unauthorized use.
The key pair is bound to the name of he user and other identifying personal information. Once being in a browser, Digital Id works as electronic credentials checked by sites which give them the ability to restrict access to particular users.
Once receiving digitally signed messages, you are able to verify that no forgery or false transaction has been made by knowing the sender's Digital Id. When you send a message, you can sign it and enclose your Digital Id just to assure the recipient that you are the real sender of the message.
By forming a hierarchical chain of Digital Ids, one id can testify the previous one's authentication. A top- level certification authority is found at the end of the chain whose public key is published.
Digital Ids are also used to identify yourself to secure servers such as membership biased web servers.
How do we get Digital Certificates?
A Digital Id can be required from Verisign using the online enrollment service to request the class of your Id. Your request is run automatically. In a moment, a new Digital Id will be yours.
Class 3 ids are not processed unless you send your online enrollment and a notarized copy of your application. And to be known, each secure application requires a separate Digital Id.
To complete the online enrollment process, you:
1- Specify the type of Digital Id you want: class1, class2, class3, or class4.
2- Enter the identification information that will be contained in your Digital Id along with the requested personal information so your identity can be verified.
3- If required, enter the billing information so the annual fee can be charged to your Visa or MasterCard.
4- Verify that the information is correct.
5- Accept the Digital Id Subscriber Agreement.
The following diagrams show how to enable your browser to either Digital Certificates as an automatic default, or to select the use of the particular transactions.
Normally, one year at most is the expiry date of a key and all documents signed with an expired key are not accepted. However, in some case, we are obliged to take a key as valid for more than 2 years, for example, contracts. If the contract is registered with a time stamp, it can be proved to be valid even if the key expires. Thus we can notice that a time stamp can prove the validity of a document at the time stated on it even if the key is not valid anymore.
What class of Digital Certificates do we need?
The level of assurance is the main concept Digital Ids are differentiated with. This level depends on how the verification of a person's identity is performed during the enrollment process. Verisign's class 1-4 Digital Ids are the standard levels accepted throughout the industry.Thus the level of assurance depends on your choice of how intend to use Digital Id and the level of identity assurance required. Verisign class 1-3 Digital Ids are for individual use. No assurance concerning the individual's affiliation or organization. Class 4 Digital Ids are for business use providing assurance of an individual's identity. It verifies and assures the relationship to a business or organization.
* A class 1 Digital Id provides you with an unambiguous name and an e-mail address. You can obtain it wherever you are living.
*A class 2 Digital Id provides identity assurance by requiring the verification of your name, your address and other personal information by a third party.
Verisign's authenticated enrollment system checks the information you provide.
Class 2 Ids are known to be used for business including most online purchases and online subscriptions.
*A class 3 Digital Id provides even a greater level of identity assurance, requiring your presence before a notary to authenticate your Digital Id request.
Besides, in order to submit an electronic application, you must mail a notarized copy to Verisign before the enrollment application is processed.
This level of security is expected to be used for electronic commerce application such as electronic banking and for fee-online services.
What does a Digital certificate cost?
A Verisign Certificate for a company located in the United States can be set for $ 349, with a $249 per year renewal ($449 & $ 349 respectively for international companies).While a Thawte Certificate can be obtained for $125 with renewal cost of $75 per year .Thus, a Certification's cost depend on the authenticator .
What is the difference between Digital Certificates and Digital Signatures?
Digital Signatures used for electronic documents work as does the handwritten signature for printed documents. It's an unforgeable data ensuring that a specific person wrote or agreed on the signed document. In facts, the signature provides a higher degree of security in a way that the recipient cannot only verify the message originated from the person who signed but also he can assure that the message has not been changed either by accident or intentionally. In addition, secure Digital Signature cannot be repudiated, which means that the signer cannot deny its signature by claiming it was forged. Thus Digital Signature enable authentication of Digital message by assuming both the Id of the sender and the integrity of the message.
So Digital Signatures need Digital Ids to assure what this later cannot.
Certificates, both for individual users or for server application can operate within special software.
- Microsoft Internet Explorer 3.02 (with Authenticode 2.0)
- Microsoft Internet Explorer 4.x
- Microsoft Internet Explorer 5.0
As human, we establish trust all the time in people we know or whose voice or face are recognizable, and depending on how much we know them, we decide whether to believe their information or not. In electronic life, unfortunately, this is not the case. As long as business is business, trust on the net cannot be performed unless by undergoing special rules and procedures which provide all possible required mean of security which certificates and Digital Signatures are two of them, providing more than an averaged secure tool, even in the presence of some problems.