The IT Law Wiki
Register
m (Changed protection level for "Digital certificate": Excessive vandalism (‎[edit=autoconfirmed] (indefinite) ‎[move=autoconfirmed] (indefinite)))
No edit summary
Line 3: Line 3:
 
A '''digital certificate''' is
 
A '''digital certificate''' is
   
{{Quote|[a] [[digital signature|digitally signed]] statement that binds the [[identifying information]] of a [[user]], [[computer]], or service to a public/private [[key pair]]. A digital certificate is commonly used in the process of [[authentication]] and for [[securing]] [[information]] on [[network]]s.<ref>[[Privacy Technology Focus Group Final Report]], App. B, at 53.</ref>}}
+
{{Quote|[a] [[digital signature|digitally signed]] statement that binds the [[identifying information]] of a [[user]], [[computer]], or [[service]] to a public/private [[key pair]]. A digital certificate is commonly used in the [[process]] of [[authentication]] and for [[securing]] [[information]] on [[network]]s.<ref>[[Privacy Technology Focus Group Final Report]], App. B, at 53.</ref>}}
   
 
== Overview ==
 
== Overview ==
   
The most common use of digital certificates is to [[verify]] that a user sending a [[message]] is who he or she claims to be and to provide the receiver with a means to [[encode]] a reply. Certificates can be issued to [[computer]] equipment and processes as well as to individuals.
+
The most common use of digital certificates is to [[verify]] that a [[user]] sending a [[message]] is who he or she claims to be and to provide the receiver with a means to [[encode]] a reply. Certificates can be issued to [[computer]] [[equipment]] and [[process]]es as well as to individuals.
   
For example, companies that do business over the [[Internet]] can obtain digital certificates for their [[computer server]]s. These certificates are used to [[authenticate]] the [[server]]s to potential customers, who can then rely on the [[server]]s to support the secure exchange of [[encrypt]]ed [[information]], such as [[password]]s and credit card numbers.
+
For example, companies that do business over the [[Internet]] can obtain digital certificates for their [[computer server]]s. These certificates are used to [[authenticate]] the [[server]]s to potential customers, who can then rely on the [[server]]s to support the secure exchange of [[encrypt]]ed [[information]], such as [[password]]s and [[credit card]] numbers.
   
Digital certificates address the need to link an individual to his or her [[public key]]. A digital certificate is created by placing the individual’s name, the individual’s [[public key]], and certain other identifying information in a small electronic document that is stored in a [[directory]] or other [[database]]. [[Directories]] may be publicly available repositories kept on [[server]]s that act like telephone books in which [[user]]s can look up others’ [[public key]]s.
+
Digital certificates address the need to link an individual to his or her [[public key]]. A digital certificate is created by placing the individual's name, the individual's [[public key]], and certain other [[identifying information]] in a small [[electronic document]] that is [[stored]] in a [[directory]] or other [[database]]. [[Directories]] may be publicly available [[repositories]] kept on [[server]]s that act like telephone books in which [[user]]s can look up others' [[public key]]s.
   
The digital certificate itself is created by a [[trusted third party]] called a [[certification authority]], which digitally signs the certificate, thus providing assurance that the [[public key]] contained in the certificate does indeed belong to the individual named in the certificate. [[Certification authorities]] are a main component of a [[PKI]], which uses cryptographic techniques to generate and manage digital certificates.
+
The digital certificate itself is created by a [[trusted third party]] called a [[certification authority]], which [[digital signature|digitally signs]] the certificate, thus providing [[assurance]] that the [[public key]] contained in the certificate does indeed belong to the individual named in the certificate. [[Certification authorities]] are a main component of a [[PKI]], which uses [[cryptographic]] techniques to generate and manage digital certificates.
 
 
By linking an individual to his or her [[public key]], digital certificates help to provide assurance that digital signatures are used effectively. However, digital certificates are only as secure as the [[public key infrastructure]] that they are based on. For example, if an [[unauthorized user]] is able to obtain a [[private key]], the digital certificate could then be [[compromise]]d. In addition, [[user]]s of certificates are dependent on [[certification authorities]] to verify the digital certificates. If a valid [[certification authority]] is not used, or a [[certification authority]] makes a mistake or is the victim of a [[cyber attack]], a digital certificate may be ineffective. The [[PKI software]] in the [[user]]’s [[computer]] can [[verify]] that the certificate is [[valid]] by first [[verify]]ing that the certificate has not [[expire]]d and then by assuring that it has not been [[revoke]]d or [[suspend]]ed.
+
By linking an individual to his or her [[public key]], digital certificates help to provide [[assurance]] that [[digital signature]]s are used effectively. However, digital certificates are only as [[secure]] as the [[public key infrastructure]] that they are based on. For example, if an [[unauthorized user]] is able to obtain a [[private key]], the digital certificate could then be [[compromise]]d. In addition, [[user]]s of certificates are dependent on [[certification authorities]] to [[verify]] the digital certificates. If a [[valid]] [[certification authority]] is not used, or a [[certification authority]] makes a mistake or is the victim of a [[cyber attack]], a digital certificate may be ineffective. The [[PKI software]] in the [[user]]'s [[computer]] can [[verify]] that the certificate is [[valid]] by first [[verify]]ing that the certificate has not expired and then by assuring that it has not been [[revoke]]d or suspended.
   
 
== References ==
 
== References ==

Revision as of 21:51, 10 April 2013

Definition

A digital certificate is

[a] digitally signed statement that binds the identifying information of a user, computer, or service to a public/private key pair. A digital certificate is commonly used in the process of authentication and for securing information on networks.[1]

Overview

The most common use of digital certificates is to verify that a user sending a message is who he or she claims to be and to provide the receiver with a means to encode a reply. Certificates can be issued to computer equipment and processes as well as to individuals.

For example, companies that do business over the Internet can obtain digital certificates for their computer servers. These certificates are used to authenticate the servers to potential customers, who can then rely on the servers to support the secure exchange of encrypted information, such as passwords and credit card numbers.

Digital certificates address the need to link an individual to his or her public key. A digital certificate is created by placing the individual's name, the individual's public key, and certain other identifying information in a small electronic document that is stored in a directory or other database. Directories may be publicly available repositories kept on servers that act like telephone books in which users can look up others' public keys.

The digital certificate itself is created by a trusted third party called a certification authority, which digitally signs the certificate, thus providing assurance that the public key contained in the certificate does indeed belong to the individual named in the certificate. Certification authorities are a main component of a PKI, which uses cryptographic techniques to generate and manage digital certificates.

By linking an individual to his or her public key, digital certificates help to provide assurance that digital signatures are used effectively. However, digital certificates are only as secure as the public key infrastructure that they are based on. For example, if an unauthorized user is able to obtain a private key, the digital certificate could then be compromised. In addition, users of certificates are dependent on certification authorities to verify the digital certificates. If a valid certification authority is not used, or a certification authority makes a mistake or is the victim of a cyber attack, a digital certificate may be ineffective. The PKI software in the user's computer can verify that the certificate is valid by first verifying that the certificate has not expired and then by assuring that it has not been revoked or suspended.

References