You are in the: Small Business Computing Channel

» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet

www.ecommerce-guide.com/news/trends/article.php/126041

Back to Article

Electronic Keys For A Digital Tomorrow By Mark Merkow, CCP, CISSP May 21, 1998 The anonymous nature of the public Internet is appealing in that it frees us to roam about without concern of someone peeking over our shoulders, watching our every move. This anonymity, however instills high levels of distrust, especially where the transmission of private, sensitive, or confidential information occurs. Early efforts to add levels of trust included the uses of secured access via IDs and passwords. Over the years, secured access sites proliferated, forcing the Internet community to collect -- and remember -- dozens of different IDs and passwords to instill the security that everyone demands. Besides the problems of remembering them, IDs and passwords are generally easy to guess or crack, with a resultant loss in their appeal of safety. Add to that the general lack of trust when weUre not certain that the parties with whom we communicate are who they claim to be. Today, the lack of a complete Internet security solution jeopardizes its very existence. Enter Digital Certificates Digital certificates, or Digital IDs behave in the online world the same way drivers licenses, passports, and other trusted documents behave in the off-line world. Using basic public-private key (PPK) cryptography principles, digital certificates offer the security that people are demanding for private communications and electronic commerce. The digital certificate standard, X.509, governs how certificates are constructed and used between communicating parties. In 1988, X.509 became an International Telecommunications Union (ITU) recommended standard and has since become a de facto industry standard for user authentication on open systems, such as the Internet. X.509 certificates are similar to notary seals in that they bind a personUs identity to pair of cryptographic keys. When used in signing electronic messages (creating digital signatures), the private key associated with the public key that''s contained in the digital certificate creates an unforgable fingerprint for the message. This fingerprint proves to the recipient that the message could only have originated with the believed sender, and prove that the message was not altered while en route. For PPK''s successful operation, the principles dictate that public-private key pairs are obtained in a manner that''s impervious to attack. The primary assumption is that a person''s private key will always remain private. Digital certificates implement this principle.

Go to page: 1  2  3  4  Next