Digital certificatesPowerPoint PresentationSlide 3Slide 4Slide 5Slide 6Slide 7Slide 8Slide 9Slide 10Slide 11Slide 12Slide 13Slide 14Slide 15Slide 16Slide 17Slide 18Slide 19Slide 20Slide 21Slide 22Slide 23Slide 24Slide 25Slide 26Slide 27Slide 28Slide 29Slide 30Slide 31Slide 32Slide 33Slide 34Slide 35Slide 36Slide 37Slide 38Slide 39Slide 40Slide 41Slide 42Slide 43Slide 44Slide 45Slide 46Digital certificatesWe have previously considered topics such as user authentication, document integrity checks, and encryption. The introduction of solutions to each of these topics serves to improve the reliability of networked resources and increase our confidence in on-line transactions.While these innovations are helpful, they are not sufficient to replicate the sort of user authentication we would have in face-to-face encounters, nor would they irrefutably connect a person or business to a particular document or transaction, something quite necessary when financial transactions are involved or legally binding contracts are established.in-person authentication process ultimately relies on the existence and reliability of government-issued identification such as a driver’s license or passport; the government in this way serves as an authority that certifies identity. These government-issued documents are issued based upon yet other documents supplied during the application processThus there is a hierarchy of certification that reinforces the notion that a driver’s license is an acceptable form of identification.“in-person” verification can be done in a matter of seconds, and becomes a routine affair. However, replicating this procedure on-line is more difficult. The on-line version can’t visually compare your face to your ID, nor compare your signature to the previously approved government-sanctioned version of your signature.So what is needed is an on-line mechanism that provides a similar sort of assurance from an authority that can say, essentially “you don’t know this guy, but I do, and he’s okay by me”.That authority in the on-line environment is known as a “certificate authority” (CA), an agency whose integrity must be beyond reproach.A certificate authority establishes protocols to ascertain the identity of registrants, and supports on-line verification that the identity has been proven to the CA. The Certificate Authority essentially says “I checked this person out, and verified that he is who he says he is, you have my word on it”.To acquire a digital certificate, an individual or organization registers with a certificate authority and presents proof of identity. The CA requests specific information of the registrant, investigates it, and then issues a digital certificate that confirms that the CA has verified the information independently.The certificate would typically include the following information:- The registrant’s name- Additional personal information such as an e-mail address for a person or a URL for a web server- A unique registration number- The name of the certificate authority- The public key of the registrant- Dates that reflect certificate validity (start and expiration dates)- A digital signature “seal” from the CA that verifies authenticity of the certificateThe exchange of digital certificates is a facility embedded into web browser functionality, such that the existence of certificates is easily detected and the certificates are automatically exchanged and verified with little or no intervention on the part of the user.By including the public key of the holder in the certificate, secure communications can be established even with unknown parties. The certificate authority includes its own digital signature such that any modifications to the certificate, such as changing the expiration date or personal data of the holder, are readily detected and would thereby invalidate the certificate.You can readily view a web site’s digital certificate through the browser whenever the “lock” icon located in the lower portion of the browser window is in the “closed” position. This would signify that the link has been encrypted using the Secure Sockets Layer (SSL) encryption strategy. A graphic image of the digital certificate used to help establish the SSL connection can be viewed by clicking on the lock icon.There are three generally accepted levels of authentication associated with the certification process.Level 1 – The combination of a user ID and password is usually described as “level one” security. As noted in the section on user authentication, a user ID and password are not sufficiently secure as they don’t really authenticate users at all.- Applications that rely on Level 1 security are therefore subject to higher levels of risk and increased incidence of fraud. It is possible for someone to obtain a Level 1 digital certificate, but the certificate would attest to little more than the fact that the person paid a fee and has an e-mail account.- Level 2 – The Certificate Authority performs a more thorough confirmation of the identity of the applicant, typically through arrangements with a trusted third party such as a financial institution, and in this way can confirm through such accounts and cross-references that the individual is who they claim to be, and can then issue a Level 2 digital certificate.- Level 3 – Attests that the holder physically appeared in person, and presented official government-issued identification (thus attaining the same degree of authentication as in the bank teller example). Level 3 validation may also include biometric identification.One of the most important and most frequent uses of digital certificates is to confirm that a particular public key belongs to a specific individual or web server, thus inhibiting potential misrepresentation or “spoofing” activities.A second major use of digital certificates is in the verification of “digital signatures” Digital signatures are used to satisfy the on-line requirements for the functions served by traditional physical signatures.A popular misconception about digital signatures is that they are simply the “scanned” version of a physical signature. This notion is