General
FAQs
A
trusted third-party organization or company that issues digital
certificates used to create digital signatures and public-private
key pairs. The role of the CA in this process is to guarantee that
the individual granted the unique certificate is, in fact, who he or
she claims to be. Usually, this means that the CA has an arrangement
with a financial institution, such as a credit card company, which
provides it with information to confirm an individual's claimed
identity. CAs are a critical component in data security and
electronic commerce because they guarantee that the two parties
exchanging information are really who they claim to be.
A
CA can be within the organization itself or outside organization depending
on the purpose of the certificates. A company may issue certificates to
its employees for reason that only its employees can access to the company
database but an internet user might request for a certificate from a
well-known and trusted CA in order for him to do on-line transaction
securely.
-
Do
I need to keep my certificate secret?
No! Your certificate can be as widely distributed as possible. It
should be available to anyone who wants to send encrypted email to
you. Your browser automatically sends your certificate whenever you
sign your email messages.
You must keep your private key, which is used to sign and decrypt your
email messages, a secret.
Your certificate does not contain any confidential information.
The
same reason you trust what is stated in a driver's license:
endorsement by the relevant authority (Department of Transport) in
the form of a difficult to forge signature or stamp of approval.
Digital certificates are endorsed in a similar manner by an
independent and trusted authority empowered by law to issue them,
appropriately known as the Certifying Authority or CA. The CA is
responsible for vetting all applications for digital certificates,
and once satisfied, "stamps" it’s difficult to forge
digital signature on all the digital certificates it issues,
attesting to their validity.
Three
uses are outlined here. Your digital certificate could be used to
allow you to access membership-based web sites automatically without
entering a user name and password. It can allow others to verify
your "signed" e-mail or other electronic documents,
assuring your intended reader(s) that you are the genuine author of
the documents, and that the content has not been corrupted or
tampered with in any way. Finally, digital certificates enable
others to send private messages to you: anyone else who gets his/her
hands on a message meant for you will not be able to read it.
Digital
certificates and the CA are just two elements of the Public Key
Infrastructure (PKI), an overall Internet security system. Once the
PKI is operational, everyone who has a digital certificate can be
traced and held accountable for their actions. Consequently, uses
for the Internet, which could not be fully realized before, will
finally take off: electronic banking and commerce (funds transfer,
buying and paying on-line), on-line transactions with government
agencies (applying for and renewing ICs, licenses, paying fines and
bills), and on-line transactions between businesses. The day when
the only way to do some of these transactions is through the
Internet may not be too far off. Everyone who wants to be part of it
will need digital certificates.
|
