The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.
Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."
The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.
Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.
Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.
Major Data Elements in an X.509 Certificate Version number of certificate format Serial number (unique number from CA) Certificate signature algorithm Issuer (name of CA) Valid-from/valid-to dates Subject (name of company or person certified) Subject's public key and algorithm Digital signature created with CA's private key
Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.
 | Reproduced with permission from Computer Desktop Encyclopedia. Copyright (c) 1981-2008 The Computer Language Company Inc. All rights reserved. |
Additional Resources
- How do we address the have-nots?
- I attended a leadership summit on Monday (it was actually pretty good stuff, with concrete plans, goals, and generally more than you get out of your average bit of professional development) and, not surprisingly, a serious focus was on technology. I think people are finally realizing that, while technology...
- Blog posts 2008-08-27
- The role of media in the Internet age
- Jon Stewart, host of "The Daily Show" on Comedy Central, a fake news show that has acquired a huge following a group among whom I include myself, is attending the Democratic National Convention in Denver this week. As a result, he had the chance to meet with members of...
- Blog posts 2008-08-27
- Keeping the brand - and verb - alive
- photoshop (v.) "to edit an image using a computer program," 1992, originally in ref. to Photoshop, a bitmap graphics editor trademarked and published by Adobe, released in 1990. --- Dictionary.com There aren't many brand names that can take on verb status but Photoshop, a pioneer in digital imagery manipulation,...
- Blog posts 2008-08-27
- Has Firefox already matched IE privacy features?
- Perspectives, hatched at Carnegie Mellon, thwarts so-called "Man in the Middle" attacks on SSH secure sites by creating a virtual notary that can check the validity of an unsigned security certificate. by Dana Blankenhorn
- Blog posts 2008-08-27
- US digital camera market to reach 40 mln in 2008, 2.5 mln of them to be SLRs
- According to InfoTrends, 40 mln digital cameras will be sold in the United States in 2008, up from 37 mln in 2007. Of those, 2.5 mln will be SLRs, up from 2 mln in 2007. by AM
- Blog posts 2008-08-26
- Malware detected at the International Space Station
- Malware is reaching new heights, and going into Space through a removable media carrying the W32.Gammima.AG password stealing malware to the International Space Station. According to SpaceRef.com : "W32.Gammima.AG worm is a level 0 gaming virus intended to gather personal information. Virus was never a threat to any of...
- Blog posts 2008-08-26
- Top video sites in UK in March 2008
- Property Videos, 000 Share of Videos Total Internet 3,500,627 100.0 Google Sites 1,681,887 48.0 BBC Sites 42,417 1.2 Fox Interactive Media 29,748 0.9 Microsoft Sites 25,287 0.7 Yahoo! Sites 19,975 0.6 DAILYMOTION.COM 15,590 0.4 ...
- Blog posts 2008-08-26
- News to know: IE 8; Code name of the day; Facebook security; Office 2.0
- Here are today's notable headlines. You can get News To Know via email alert and RSS daily: Mary Jo Foley: A Microsoft Codename a day: Rouge Dancho Danchev: Hundreds of Dutch web sites hacked by Islamic hackers Twitter's "me too" anti-spam...
- Blog posts 2008-08-26
- Democratic National Convention site requires Silverlight and Move
- Democratic National Convention site requires Silverlight and MoveWow, just wowSo, a party supposed to govern USA can be bought out by Microsoft to support a flash wannabe plugin.I am speechless. Will they make Windows only policy in Govt. agencies too? Perhaps they should use "OOXML" instead of PDF too?What???The liberals...
- Discussion threads 2008-08-25
- Does Big Brother know where you've been surfing?
- If you think no one will ever know about the Web sites you were surfing last night, guess again. It may not be your spouse, your boss or a cop - but there's growing interest in what sort of data your Internet Service Provider is collecting about your viewing habits....
- Blog posts 2008-08-25
- X-Box (and Cell Phone) Nation: Election Rests In Digital Hands
- X-Box and Cell Phone Nation: Election Rests In Digital HandsGood for MSI read about this last Thursday on cnet http://news.cnet.com/8301-13772_3-10021981-52.html And I'll share the same opionion. I think it would be awesome if they could do electronic voting on xbox live.Considering the text message fiascoThe use of high-tech tools remains...
- Discussion threads 2008-08-25
- X-Box (and Cell Phone) Nation: Election Rests In Digital Hands
- The Democratic convention gets started tonight and in the constant quest for the unconventional technological means of getting out the youth vote, the X-Box is today's "in" device. By itself, this may not be a big deal. There are about 12 million X-Box members around...
- Blog posts 2008-08-25
- AMD slims down, sells digital TV business to Broadcom
- AMD slims down, sells digital TV business to BroadcomDigital TV products...So, does this mean there won't be any AMD TV Wonder/HDTV Wonder and All-in-Wonder products anymore that usees those chips?Slimmer? leaner?Nope, this isn't 'slimmer' or 'leaner', it is all about, "we need some cash, and we need it urgently'. I...
- Discussion threads 2008-08-25
- Mandatory email
- Mandatory emailWe need better emailFrankly, email is currently broken - spam and scams and phishing make it a mess to wade through, even with the best spam blocking stuff.Problem is, we decided to use "adaptive filtering" statistical junk rather than solid encryption and digital signatures. What do the spammers do?...
- Discussion threads 2008-08-25
- AMD slims down, sells digital TV business to Broadcom
- Broadcom said Monday that it has acquired AMD's digital TV business for $192.8 million in cash in a move that's a win-win for both parties. For AMD, the sale offloads a business that wasn't a priority and allows the chipmaker to save capital expenses while raising some...
- Blog posts 2008-08-25
- iRecordMax Sound Recorder (exe)
- All-in-one solution for all your audio needs. iRecordMax Sound Recorder - Digital perfection for all recordings with the most-sold music-restoration software in the world. iRecordMax is your universal recorder for any medium; transfer your favorite records, tapes, and all other audio media quickly and in perfect quality. One click, and...
- Software downloads 2008-08-25
- Perspectives (xpi)
- This free Firefox extension contacts network notaries whenever your browser connects to an HTTPS Web site, providing two primary benefits: 1. If you connect to a Web site with an untrusted (e.g.,self-signed certificate*, Firefox will give you a very nasty security error and force you to manually install an exception....
- Software downloads 2008-08-25
- Google and Sirius XM: Build my "Dream" Handheld
- Google and Sirius XM: Build my "Dream" HandheldDigital radio is here today...But I never seem to hear that much about it. I have pretty much given up listening to music over AM/FM. I much prefer internet radio mostly because of fewer commercials but also the selection is greater. If you...
- Discussion threads 2008-08-24
- Google and Sirius XM: Build my "Dream" Handheld
- The current rumor-mongering seems to indicate that HTC's "Dream" will soon be making landfall in the US. Based on the initially leaked specs of this device, it still sounds like it doesn't do what I really would want it to do in order to replace by Blackberry 8820. ...
- Blog posts 2008-08-24
- Olympus SP-570 UZ
- Photos and image samples:Olympus SP-570 UZOnce you mention the Olympus SP-570's 20x zoom lens, the rest of the camera's feature set seems almost superfluous; with an atypically wide-angle lens for any class of single-body cameras plus an exceptionally long telephoto view, the lens is the raison d'être for the camera....
- Product reviews 2008-08-22
Neighboring Terms
Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
- Intel IT Data Center Efficiency Initiative - Going Green
-
"See how Intel is consolidating down to 8 global data center hubs through the use of consolidation, virtualization and standardization. The initiative is expected to save Intel $1.8B by project completion.
- See how Intel plans to save $1.8 billion >>
-
-
Tasty Baking’s new LEED factory
0:57
Tasty Baking CIO: Brendan O’Malley
-
Balancing act: innovation vs. reliability
1:28
Facebook VP of technical operations: Jonathan Heiliger
-
Securing data at E-Loan
1:47
E-Loan CIO: Jay Shah
-
When crops are scarce
1:47
Del Monte Foods CIO: Marc Brown
- View all CIO Vision Series Videos »
