The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Major Data Elements in an X.509 Certificate Version number of certificate format Serial number (unique number from CA) Certificate signature algorithm Issuer (name of CA) Valid-from/valid-to dates Subject (name of company or person certified) Subject's public key and algorithm Digital signature created with CA's private key
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- Photos: Legless artist trains camera on strangers
- Kevin Connolly's series of digital photos show strangers looking at him with expressions ranging from fear to confusion to sympathy. by CNET News.com
- Image galleries 2008-07-03
- A look at how the digital explosion is affecting your world
- Digital technologies have already had a dramatic impact on how we create and share information -- and we're just getting started. This chapter from Blown to Bits: Your Life, Liberty, and Happiness After the Digital Explosion offers a look at the risks and opportunities made possible by new technologies...
- Book chapters 2008-07-03
- Torrent admin is 'felony infringer'
- Torrent admin is 'felony infringer'Felony infringerYes, I would agree that this extends beyond fair use... Book'em Dano.RE: Torrent admin is 'felony infringer'I do not think it is right but if it is made out as such a major deal then what is it doing all over the internet Bittorrent...
- Discussion threads 2008-07-02
- Microsoft Equipt: student productivity rise likely?
- Probably not. But it's not a bad thing Microsoft have done, and it really shows that they're committed to this "student malarkey" we have going. Today, they announced that project "Albany", now called Microsoft Equipt, has been released into the wild, for the masses who want an all-round suite of...
- Blog posts 2008-07-02
- Nikon announces D700: Full-frame dSLR for $2,000 less than flagship D3
- If you're looking for a full-frame, pro-quality digital SLR, but don't want to spend the money or lug around the heft of the big guns like the Nikon D3 or Canon EOS-1Ds Mark III, the new Nikon D700 may be just the fit for you. by Janice Chen
- Blog posts 2008-07-02
- What MP3 player and mobile phone sound the best to you?
- I enjoy listening to music during my commute, while working out, and at other times throughout the day and most often use whatever mobile phone I happen to have to listen to those tunes. I also use dedicated MP3 players from time to time and Steve Laser recently approached me...
- Blog posts 2008-07-02
- Researcher claims thousands of identities stolen during Social Engineering pentests
- Kelly Jackson Higgins of Dark Reading, reported on research conducted by Joshua Perrymon, hacking director for PacketFocus Security Solutions and CEO of RedFlag Security, who has been performing social engineering exploits for numerous clients in the past year and has apparently stolen thousands of identities with a 100 percent success rate. ...
- Blog posts 2008-07-01
- Panasonic Viera TH-50PZ850U
- Ever since we gave the Panasonic TH-50PZ800U an Editors' Choice award as our favorite plasma HDTV so far, we've been bombarded by variations of the same question: "Is the more expensive TH-50PZ850U better?" After finally getting the chance to review the 850U, our answer is "no." The TH-50PZ850U is the...
- Product reviews 2008-07-01
- Samsung BD-P1500
- The most important question for any standalone Blu-ray player is whether it's better than the Sony PlayStation 3. Let's answer that one right off the bat: Samsung's new BD-P1500 is not. They both cost the same ($400 list), but the PS3 has better image quality, currently supports both Blu-ray Profile...
- Product reviews 2008-07-01
- A boon to the Webtop: Adobe makes indexing Flash in search easier
- A boon to the Webtop: Adobe makes indexing Flash in search easierWow!This is a really big deal for Flash developers. We've been waiting a long time for this. No more alternate content solutions and having SEO dweebs trying scab your clients over this issue.Now, all we need is Flash on...
- Discussion threads 2008-07-01
- Simple Solver (exe)
- Simple Solver provides four separate functions: Synthesis, Boolean, Permutation, and Random Number. The Synthesis function performs automatic design and simulation of digital logic circuits from truth table or waveform inputs for all circuit types: Combinational, Sequential, Synchronous and Asynchronous. The Boolean function provides minimization and truth tables for one or...
- Software downloads 2008-07-01
- CellNet 360 Rotating Banner Tool (exe)
- Create beautiful 360 degree rotating banners and panoramas with a digital camera. Add the banners and panoramas to a Web page or desktop Can be made in minutes with no programming 40 projects to choose from,10 different sizes Create a screen saver. Installer and uninstaller included . Projects can be...
- Software downloads 2008-07-01
- Autonomy CEO: Web 2.0 'under all the hype, there is something there...'
- An intriguing article by 'meaning based computing' company Autonomy's CEO Mike Lynch in today's Financial Times: Embracing the friend, taming the beast – Web 2.0 in the enterprise. Autonomy are mature and stable (with a 4 billion market capitalisation), rapidly becoming the second largest pure software company...
- Blog posts 2008-06-30
- Conferences as conversation starters
- Ten years ago Comdex - the gigantic Las Vegas hi tech conference and show - was reaching its high point. In that pre broadband internet era of CD ROM's, beige boxes and Windows 95, tens of thousands would converge on Vegas, stay in massively marked up hotel rooms and walk...
- Blog posts 2008-06-30
- (Photos: Top 10 reviews of the week)
- (Photos: Top 10 reviews of the week)Infinity ?You give a good rating to the Infinity M45X ?The Chrysler 300 has a hard drive based navigation system with traffic reporting, a great stereo with digital music options, MyGig interactive voice prompt system, adaptive Cruise control, leather seats, is super quiet, has...
- Discussion threads 2008-06-30
- The Steve Jobs Standard
- Ever since the black turtlenecked one appeared at the Worldwide Developers Conference, there has been no shortage of discussion about the health of Steve Jobs, the worry that he is mortal and who might succeed him.There's the photo by photo rundown of the increasingly thin Jobs. There's the discussion...
- Blog posts 2008-06-30
- Tele Atlas, Google in map pact
- Tele Atlas, a Netherlands-based digital map provider, said Monday that Google has signed a five year licensing agreement to broaden the search giant's map services. Specifically, Google gets Tele Atlas' content in more than 200 countries. The deal covers Google's "current and future map-based services and navigation...
- Blog posts 2008-06-30
- HSBC sites vulnerable to XSS flaws, could aid phishing attacks
- What would the perfect phishing attack from a social engineering perspective? The one that compared to using typosquatted domains impersonating the bank's web application directory structure is in fact using the bank's legitimate domain names as redirectors due to XSS flaws within. It's even more interesting to measure the average...
- Blog posts 2008-06-29
- Digital Experience! NYC 2008, in photos
- Digital Experience! NYC 2008, in photosD40x and CS3 used to make a photo essayAnd don't do even a basic color correction? Thats pretty bad, You know CS3 can be used for more than transferring photos, right?
- Discussion threads 2008-06-28
- Nokia 6301 (T-Mobile)
- Photo gallery:Nokia 6301T-Mobile's HotSpot @Home is a unique and convenient service that allows T-Mobile customers to ditch their landline service completely. The premise is so simple that we're surprised more carriers haven't adopted it. With just a Wi-Fi-enabled phone you can use most hot spots to make VOIP calls that...
- Product reviews 2008-06-27
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Learn how collaboration fuels success with this FREE Economist report
-
According to a new study from the Economist, future success belongs to those who collaborate effectively. Learn how successful collaboration can improve profits, problem-solving, and competitive differentiation.
- Visit Cisco's Collaboration Resource Center today!
- Which solar technology will survive?
-
At the Cleantech Forum in San Francisco, Todd Glass of Heller Ehrman moderates a discussion, among tech execs, on the various solar technologies making a difference in the green movement.
- Watch the video >>
- New entries posted to Know Issues, Best Practices and Workarounds Wiki
-
Latest Topics: Running virtual machines and DHCP can cause Intel® AMT to be inaccessible; Wildcard certificates are currently not supported for remote; Dell 755 returns a duplicate UUID during activation configuration.
- See the latest entries on the Intel Wiki >>
- BNET Industries
- Check out BNET's newest resource for managers and executives. Need to do research on your competitors? Don't have time to read every trade pub? BNET Industries is the new source for daily news, insights, and research on 11 major industries and 9,000 public companies.
-
- The technology industry from a different angle
-
- See what's hot in the auto industry
-
- Stay on top of the energy industry
