Privacy and security are concepts that are more critical than ever in today’s electronic business
environment.
Every business professional needs to be concerned about security over open communication
networks, such as the Internet. It is not enough to have a secure Web site; you also need to have
secure communication between Web sites, communication that cannot be monitored by outside
parties. Both you and your users need to be confident that you have a secure environment in
which to conduct your business.
That kind of secure communication requires encryption, and encryption is what the Secure
Sockets Layer (SSL) provides: security for the connection over which you can communicate.
SSL was developed jointly by Netscape Communications and RSA Data Security. Many
companies worldwide have adopted SSL as their communication protocol of choice. In fact,
many financial transactions on the Internet, including online banking, are now conducted using
SSL.
Because digital certificates are an important component of SSL.
What is Digital certificate
Digital certificates allow unique identification of an entity; they are, in essence, electronic ID
cards issued by trusted parties. Digital certificates allow a user to verify to whom a certificate is
issued as well as the issuer of the certificate.
Digital certificates are the vehicle that SSL uses for public-key cryptography. Public-key
cryptography uses two different cryptographic keys: a private key and a public key. Public-key
cryptography is also known as asymmetric cryptography, because you can encrypt information
with one key and decrypt it with the complement key from a given public-private key pair.
Public-private key pairs are simply long strings of data that act as keys to a user's encryption
scheme. The user keeps the private key in a secure place (for example, encrypted on a computer's
hard drive) and provides the public key to anyone with whom the user wants to communicate.
The private key is used to digitally sign all secure communications sent from the user; the public
key is used by the recipient to verify the sender's signature.
Public-key cryptography is built on trust; the recipient of a public key needs to have confidence
that the key really belongs to the sender and not to an impostor. Digital certificates provide that
confidence.
A digital certificate serves two purposes: it establishes the owner’s identity, and it makes the
owner's public key available. A digital certificate is issued by a trusted authority—a certificate
authority (CA)—and it is issued only for a limited time. When its expiration date passes, the
digital certificate must be replaced.
Format of digital certificates
The digital certificate contains specific pieces of information about the identity of the certificate
owner and about the certificate authority:
_ Owner's distinguished name. A distinguished name is the combination of the owner's
common name and its context (position) in the directory tree. In the simple directory tree
shown in Figure 1, for example, LaurenA is the owner's common name, and the context
is OU=Engnring.O=XYZCorp; therefore, the distinguished name is:
.CN=LaurenA.OU=Engnring.O=XYZCorp
_ Owner's public key.
_ Date the digital certificate was issued.
_ Date the digital certificate expires.
_ Issuer's distinguished name. This is the distinguished name of the CA.
_ Issuer's digital signature.
No comments:
Post a Comment