2. What are Digital Certificates?What are Digital Certificates?
A digital certificate (DC) is a digital fileA digital certificate (DC) is a digital file
that certifies the identity of an individual orthat certifies the identity of an individual or
institution, or even a router seekinginstitution, or even a router seeking
access to computer- based information. Itaccess to computer- based information. It
is issued by a Certification Authority (is issued by a Certification Authority (CACA),),
and serves the same purpose as a driver’sand serves the same purpose as a driver’s
license or a passport.license or a passport.
3. What are CertificationWhat are Certification
Authorities?Authorities?
Certification Authorities are the digital world’sCertification Authorities are the digital world’s
equivalent to passport offices. They issue digitalequivalent to passport offices. They issue digital
certificates and validate holders’ identity andcertificates and validate holders’ identity and
authority.authority.
They embed an individual or institution’s publicThey embed an individual or institution’s public
key along with other identifying information intokey along with other identifying information into
each digital certificate and theneach digital certificate and then
cryptographically sign it as a tamper-proof sealcryptographically sign it as a tamper-proof seal
verifying the integrity of the data within it, andverifying the integrity of the data within it, and
validating its use.validating its use.
4. What is the Process of obtaining aWhat is the Process of obtaining a
certificate?certificate?
1.Subscriber (sender) generates a publicprivate key pair. Applies to
CA for digital certificate with the public key.
2.CA verifies subscriber's identity and issues digital certificate
containing the public key.
3.CA publishes certificate to public, on-line repository.
4.Subscriber signs message with private key and sends message to
second party.
5.Receiving party verifies digital signature with sender's public key
and requests verification of sender's digital certificate from CA's
public repository.
6.Repository reports status of subscriber's certificate.
5. Bob’s
public
key
Bob’s
identifying
information
CA
private
key
KB
+
certificate for
Bob’s public key,
signed by CA
Digital
signature
(encrypt)
KB
+
KCA
-
Bob’s
public
key
Bob’s
identifying
information
CA
private
key
KB
+
certificate for
Bob’s public key,
signed by CA
Digital
signature
(encrypt)
KB
+
KCA
What is the Process in obtaining aWhat is the Process in obtaining a
certificate?certificate?
6. Types of Digital CertificatesTypes of Digital Certificates
There are four main types of digitalThere are four main types of digital
certificates :-certificates :-
Server CertificatesServer Certificates
Personal CertificatesPersonal Certificates
Organization CertificatesOrganization Certificates
Developer CertificatesDeveloper Certificates
7. Server CertificatesServer Certificates
Allows visitors to exchange personalAllows visitors to exchange personal
information such as credit card numbers,information such as credit card numbers,
free from the threat of interception orfree from the threat of interception or
tampering.tampering.
Server Certificates are a must for buildingServer Certificates are a must for building
and designing e-commerce sites asand designing e-commerce sites as
confidential information is shared betweenconfidential information is shared between
clients, customers and vendors.clients, customers and vendors.
8. Personal CertificatesPersonal Certificates
Personal Certificates allow one to authenticate aPersonal Certificates allow one to authenticate a
visitor’s identity and restrict access to specifiedvisitor’s identity and restrict access to specified
content to particular visitors.content to particular visitors.
Personal Certificates are perfect for business toPersonal Certificates are perfect for business to
business communications such as offeringbusiness communications such as offering
suppliers and partners controlled access tosuppliers and partners controlled access to
special web sites for updating productspecial web sites for updating product
availability, shipping dates and inventoryavailability, shipping dates and inventory
management.management.
9. Organization & DeveloperOrganization & Developer
CertificatesCertificates
Organization Certificates are used byOrganization Certificates are used by
corporate entities to identify employees forcorporate entities to identify employees for
secure e-mail and web-based transaction.secure e-mail and web-based transaction.
Developer Certificates prove authorshipDeveloper Certificates prove authorship
and retain integrity of distributed softwareand retain integrity of distributed software
programs e.g. installing a software on aprograms e.g. installing a software on a
computer system in most instancescomputer system in most instances
requires what is called a “serial key”requires what is called a “serial key”
10. What Does a Digital CertificateWhat Does a Digital Certificate
Contain?Contain?
It contains yourIt contains your namename, a, a serial numberserial number,,
expiration dateexpiration date,, a copy of the certificate-a copy of the certificate-
holder'sholder's public keypublic key (used for encrypting(used for encrypting
messages andmessages and digital signaturedigital signaturess), and), and thethe
digital signature of the certificate-issuingdigital signature of the certificate-issuing
authorityauthority so that a recipient can verify thatso that a recipient can verify that
the certificate is real. Some digitalthe certificate is real. Some digital
certificates conform to the X.509 standard.certificates conform to the X.509 standard.
11. Example of a Certificate:Example of a Certificate:
Serial number (unique to issuer)Serial number (unique to issuer)
info about certificate owner, including algorithminfo about certificate owner, including algorithm
and key value itself (not shown)and key value itself (not shown)
info about certificate issuerinfo about certificate issuer
valid datesvalid dates
digital signature by issuerdigital signature by issuer
12. Why are they Used?Why are they Used?
There are four(4) main uses:There are four(4) main uses:
1.1. Proving the Identity of the sender of a transactionProving the Identity of the sender of a transaction
2.2. Non Repudiation –Non Repudiation – the owner of the certificate cannot denythe owner of the certificate cannot deny
partaking in the transactionpartaking in the transaction
3.3. Encryption and checking the integrity of data -Encryption and checking the integrity of data - provideprovide
the receiver with the means to encode a reply.the receiver with the means to encode a reply.
4.4. Single Sign-On -Single Sign-On - It can be used to validate a user and logIt can be used to validate a user and log
them into various computer systems without having to use athem into various computer systems without having to use a
different password for each systemdifferent password for each system
13. Public & Private KeysPublic & Private Keys
Public and Private Key pairs comprise of twoPublic and Private Key pairs comprise of two
uniquely related cryptographic keys.uniquely related cryptographic keys.
Public key is made accessible to everyone,Public key is made accessible to everyone,
whereas Private key remains confidential to itswhereas Private key remains confidential to its
respective owner.respective owner.
Since both keys are mathematically related onlySince both keys are mathematically related only
the corresponding private key can decrypt theirthe corresponding private key can decrypt their
corresponding public key.corresponding public key.
14. How do You Obtain An Individual’sHow do You Obtain An Individual’s
Public Key?Public Key?
When Alice wants Bob’s public key:When Alice wants Bob’s public key:
• Alice gets Bob’s certificate (from Bob or elsewhere).Alice gets Bob’s certificate (from Bob or elsewhere).
• apply CA’s public key to Bob’s certificate, get Bob’s publicapply CA’s public key to Bob’s certificate, get Bob’s public
keykey
KB
+
digital
signature
(decrypt)
KB
+
CA
public
key
KCA
Bob’s
public
key
15. Where are Digital CertificatesWhere are Digital Certificates
Used?Used?
In a number of Internet applications
that include:
1.Secure Socket Layer (SSL) developed
by Netscape Communications Corporation
2. Secure Multipurpose Internet Mail
Extensions (S/MIME) Standard for
securing email and electronic data
interchange (EDI).
16. 3. Secure Electronic Transactions (SET)
protocol for securing electronic payments
4. Internet Protocol Secure Standard
(IPSec) for authenticating networking
devices
Where are Digital CertificatesWhere are Digital Certificates
Used?Used?
17. How Digital Certificates are UsedHow Digital Certificates are Used
for Message Encryptionfor Message Encryption
18. Why do I need a Digital Certificate?Why do I need a Digital Certificate?
Virtual malls, electronic banking and otherVirtual malls, electronic banking and other
electronic services are a commonplaceelectronic services are a commonplace
offering service from the luxury of one’soffering service from the luxury of one’s
home. One’s concern about privacy andhome. One’s concern about privacy and
security may prevent you from takingsecurity may prevent you from taking
advantage of the luxury; this is whereadvantage of the luxury; this is where
digital certificate comes in.digital certificate comes in.
19. Why do I need a Digital Certificate?Why do I need a Digital Certificate?
Encryption alone is not enough as itEncryption alone is not enough as it
provides no proof of the identity of theprovides no proof of the identity of the
sender of the encrypted information. Usedsender of the encrypted information. Used
in conjunction with Encryption, Digitalin conjunction with Encryption, Digital
Certificates provides a more completeCertificates provides a more complete
security solution, assuring the identity ofsecurity solution, assuring the identity of
all the parties involved in a transaction.all the parties involved in a transaction.
20. How do I view Digital CertificatesHow do I view Digital Certificates
on my PC?on my PC?
For MS Explorer Users:-For MS Explorer Users:-
Open your MS Internet ExplorerOpen your MS Internet Explorer
Click on the Tools MenuClick on the Tools Menu
From the drop down list, select InternetFrom the drop down list, select Internet
optionsoptions
Click the Content tabClick the Content tab
Click the certificates buttonClick the certificates button
21. Example of an MS ExplorerExample of an MS Explorer
Certificate.Certificate.
22. How do I view Digital CertificatesHow do I view Digital Certificates
on my PC?on my PC?
For Netscape users:-For Netscape users:-
Open your Netscape CommunicatorOpen your Netscape Communicator
Click on the Communicator MenuClick on the Communicator Menu
From the drop down list select the Tools andFrom the drop down list select the Tools and
then Security infothen Security info
Click on the Certificates link to view and learnClick on the Certificates link to view and learn
more about each certificate type stored bymore about each certificate type stored by
NetscapeNetscape
23. Example of a Netscape CertificateExample of a Netscape Certificate
24. Advantages of Digital CertificatesAdvantages of Digital Certificates
Decrease the number of passwords a user
has to remember to gain access to
different network domains.
They create an electronic audit trail that
allows companies to track down who
executed a transaction or accessed an
area.
25. Do Digital Certificates HaveDo Digital Certificates Have
Vulnerabilities?Vulnerabilities?
One problem with a digital certificate isOne problem with a digital certificate is
where it resides once it is obtained.where it resides once it is obtained.
The owner's certificate sits on hisThe owner's certificate sits on his
computer, and it is the sole responsibilitycomputer, and it is the sole responsibility
of the owner to protect it.of the owner to protect it.
If the owner walks away from hisIf the owner walks away from his
computer, others can gain access to it andcomputer, others can gain access to it and
use his digital certificate to executeuse his digital certificate to execute
unauthorized business.unauthorized business.
26. The best way to address the vulnerabilitiesThe best way to address the vulnerabilities
of digital certificates is by combining themof digital certificates is by combining them
with biometric technology, as that confirmswith biometric technology, as that confirms
the actual identity of the sender, ratherthe actual identity of the sender, rather
than the computer.than the computer.
Do Digital Certificates HaveDo Digital Certificates Have
Vulnerabilities?Vulnerabilities?
27. GlossaryGlossary
PKI – Public Key Infrastructure (PKI) provides aPKI – Public Key Infrastructure (PKI) provides a
framework for addressing the previouslyframework for addressing the previously
illustrated fundamentals of security listed above.illustrated fundamentals of security listed above.
Encryption- Encryption is converting of data intoEncryption- Encryption is converting of data into
seemingly random, incomprehensible data.seemingly random, incomprehensible data.
Decryption- Decryption is reversing encryption viaDecryption- Decryption is reversing encryption via
the use of Public and Private Keys.the use of Public and Private Keys.
28. In ConclusionIn Conclusion
Public Key Cryptography is used in
message authentication and key
distribution.
Key management is achieved by Digital
Certificates, which are a mechanism that
enables distribution of keys to participants
exchanging information. They ensure the
Confidentiality of these messages and the
Authentication of the participants.
29. The strength of Digital Certificates through
X.509 lies, inter alia, in the fact that they
have been standardized by the ITU-T.
This makes for security in investment and
training, as it is assured Digital Certificates
will be maintained in the future.
In ConclusionIn Conclusion
30. BibliographyBibliography
e-Business & e-Commerce: How to Program,e-Business & e-Commerce: How to Program,
1/e,1/e, by H.M. Deitel, P.J. Deitel and T.R, Nieto,by H.M. Deitel, P.J. Deitel and T.R, Nieto,
Prentice Hall, 2000Prentice Hall, 2000
Cryptography and Network SecurityCryptography and Network Security, 2/e, by, 2/e, by
William Stallings, Prentice Hall, 2000William Stallings, Prentice Hall, 2000
Electronic Commerce: A ManagerialElectronic Commerce: A Managerial
PerspectivePerspective, 1/e, by Efraim Turban, Jae Lee,, 1/e, by Efraim Turban, Jae Lee,
David King and H.Michael Chung, Prentice Hall,David King and H.Michael Chung, Prentice Hall,
20002000
31. http://gsa.gov/ACES
http://ec.fed.gov
http://smartcard.gov
E-commerce, business. technology. society. Second Edition
By: Kenneth C. Laudon, Carol Guercio Traver
Digital Certificates/Signatures in Electronic Commerce
By: Norman G. Litell ; Visa U.S.A. Risk Management
BibliographyBibliography
32. Digital Certificates by: Ann HarrisonDigital Certificates by: Ann Harrison
(Computorworld v34 no33 p58 Ag 14 2000)(Computorworld v34 no33 p58 Ag 14 2000)
Certificate authorities move in-house:Certificate authorities move in-house:
Group Telecom and PSINet track usersGroup Telecom and PSINet track users
with digital certificates by: Hanna Hurlreywith digital certificates by: Hanna Hurlrey
(Telephony v237 no11 p80 S 13 1999)(Telephony v237 no11 p80 S 13 1999)
BibliographyBibliography
33. DIGITAL CERTIFICATES: On goodDIGITAL CERTIFICATES: On good
authority by: Deryck Williamsauthority by: Deryck Williams
(CA Magazine v132 no9 p43-4 N 1999)(CA Magazine v132 no9 p43-4 N 1999)
Are digital certificates secure? by:Are digital certificates secure? by:
Benjamin HammelBenjamin Hammel
(Communications News 37 no12 D 2000)(Communications News 37 no12 D 2000)
BibliographyBibliography
34. PUBLIC KEY CRYPTOGRAPHY:DIGITAL
CERTIFICATES: Study on Attribute Certificates
by:Mwelwa Chibesakunda
(Computer Science Department University of Cape Town May 2002)
BibliographyBibliography