Printer Friendly
The Free Dictionary
1,074,447,412 visitors served.
?
Dictionary/
thesaurus
Medical
dictionary
Legal
dictionary
Financial
dictionary
Acronyms
 
Idioms
Encyclopedia
Wikipedia
encyclopedia
?

digital certificate

   Also found in: Medical, Acronyms, Wikipedia, Hutchinson 0.06 sec.

digital certificate

Electronic credit card intended for on-line business transactions and authentications on the Internet. Digital certificates are issued by certification authorities (e.g., VeriSign). They typically contain identification information about the holder, including the person's public key (used for encrypting and decrypting messages), along with the authority's digital signature, so that the recipient can verify with the authority that the certificate is authentic. Web sites may also have digital certificates, to enable a person intending to buy its products to confirm that it is an authenticated e-commerce site.

The digital equivalent of an ID card used in conjunction with a public key encryption system. Also called a "digital ID," "digital identity certificate," "identity certificate" and "public key certificate," digital certificates are issued by a trusted third party known as a "certification authority" (CA) such as VeriSign (www.verisign.com) and Thawte (www.thawte.com).

The CA verifies that a public key belongs to a specific company or individual (the "subject"), and the validation process it goes through to determine if the subject is who it claims to be depends on the level of certification and the CA itself.

Creating the Certificate
After the validation process is completed, the CA creates an X.509 certificate that contains CA and subject information, including the subject's public key (details below). The CA signs the certificate by creating a digest (a hash) of all the fields in the certificate and encrypting the hash value with its private key. The encrypted digest is called a "digital signature," and when placed into the X.509 certificate, the certificate is said to be "signed."

The CA keeps its private key very secure, because if ever discovered, false certificates could be created. See HSM.

Verifying the Certificate
The process of verifying the "signed certificate" is done by the recipient's software, which is typically the Web browser. The browser maintains an internal list of popular CAs and their public keys and uses the appropriate public key to decrypt the signature back into the digest. It then recomputes its own digest from the plain text in the certificate and compares the two. If both digests match, the integrity of the certificate is verified (it was not tampered with), and the public key in the certificate is assumed to be the valid public key of the subject.

Then What...
At this point, the subject's identity and the certificate's integrity (no tampering) have been verified. The certificate is typically combined with a signed message or signed executable file, and the public key is used to verify the signatures (see digital signature and code signing). The subject's public key may also be used to provide a secure key exchange in order to have an encrypted two-way communications session (see SSL). See PKI.

 Major Data Elements in an X.509 Certificate

 Version number of certificate format
 Serial number (unique number from CA)
 Certificate signature algorithm
 Issuer (name of CA)
 Valid-from/valid-to dates
 Subject (name of company or person certified)
 Subject's public key and algorithm
 Digital signature created with CA's private key


Signing and Verifying a Digital Certificate
The signed certificate is used to verify the identity of a person or organization.

(communications, security)digital certificate - An attachment to an electronic mail message used for security purposes, e.g. to verify that a user sending a message is who he or she claims to be, and to provide the receiver with the means to encode a reply.

An individual wishing to send an encrypted message applies for a digital certificate from a certificate authority (CA). The CA issues an encrypted digital certificate containing the applicant's public key and a variety of other identification information. The CA makes its own public key readily available on the Internet.

The recipient of an encrypted message uses the CA's public key to decode the digital certificate attached to the message, verifies it as issued by the CA and then obtains the sender's public key and identification information held within the certificate.


How to thank TFD for its existence? Tell a friend about us, add a link to this page, add the site to iGoogle, or visit webmaster's page for free fun content.
?Page tools
Printer friendly
Cite / link
 Email
Feedback
? Mentioned in ? References in periodicals archive
 
3 million in smart card and digital certificate management software and engineering services as a core technology provider to the General Dynamics C4 Systems KMI Team on a Department of Defense (DoD) contract to implement the secure Key Management Infrastructure (KMI), a significant element of the DoD's long-term roadmap for an in-depth information assurance strategy.
CONTRACT AWARD: SSP-LITRONIC WINS $2.3 MILLION INITIAL CONTRACT FOR ... by EDP Weekly's IT Monitor
The government will eventually roll out the smart cards to millions of Federal employees and contractors, and FIPS 201 requires that each card must contain a unique credential number, a digital certificate and an expiration date.
Tumbleweed Validation Authority Secures FIPS 201 Certification by Business Wire
Under a pact announced earlier this month, Novell will integrate VeriSign's digital certificate services into Novell's new digitalme service.
VERISIGN, NOVELL PARTNER TO BUILD TRUSTED INTERNET COMMUNITIES by EDP Weekly's IT Monitor
More results
 
Encyclopedia browser? ? Full browser
 
 
Encyclopedia
?

Disclaimer | Privacy policy | Feedback | Copyright © 2008 Farlex, Inc.
All content on this website, including dictionary, thesaurus, literature, geography, and other reference data is for informational purposes only. This information should not be considered complete, up to date, and is not intended to be used in place of a visit, consultation, or advice of a legal, medical, or any other professional.. Terms of Use.