|
Digital Certificate
A digital certificate attests to the validity of a public key of an individual, an organisation, a program, a computer, etc., and can thus verify that a specific public key does in fact belong to a particular individual. This verification prevents impersonation of public keys and ensures that an entity is who it says it is.
Digital certificates are integral to a Public Key Infrastructure (PKI), wherein a trusted third party, called a Certificate Authority, signs and issues a particular digital certificate after verifying the identity of the user. A certificate is invalid unless verified and signed by a CA. A signed certificate on the other hand is as valid a proof of identity as a driver's license. It can then be exchanged with another prior to transferring data over a network to provide for secure and effective authentication of end-users.
The concept of employing the services of a trusted third party is not new -- having a document notarized by a notary public is an excellent example. The recipient of a notarized document trusts the stamp of the notary public, and interprets it as proof that the person presenting the document has had his identification verified and has signed the document in the presence of the notary. When it comes to digital certificates, the role of the notary public is assumed by the Certificate Authority (CA), which employs a digital signature rather than a stamp.
The current proposed Internet standard for digital certificates is the X.509 certificate format.
Related terms:
Asymmetric encryption, CA, Encryption, IKE, PKI, X.509
|
|
