Advertisment

Digital Certificates: Good Bye, online fraud

author-image
DQW Bureau
New Update



Advertisment

While 98 percent of companies use passwords for authentication today, in two years' time, more than 60 percent expect to be using digital certificates in India. Also digital certificates and their certification authorities will define the future of electronic commerce. Digital certificates and their certification authorities are expected to be two of the linchpins of electronic commerce when it eventually takes off.

On February 6, 2002 when Pramod Mahajan received India's first Digital Signature Certificate from SafeScrypt, country's first Certifying Authority (CA) for Digital Signatures, it has given a boost to the savvy e-shoppers who are always worried about their online transactions.

Lawfully speaking, The Section 3(2) of the Indian IT act 2000 has provided that the authentication of the electronic record shall be effected by the use of asymmetric crypto system and hash function which envelop and transform the initial electronic record into another electronic record.

Advertisment

In other countries, digital certificates have not yet caught fire in the e-commerce, but the technology is finding uses in other corners of the business world. Digital certificates are gaining prominence as security vehicles within Intranets, extranets, VPNs and other internal or closed networks.

Issue of Certificates 

The CA will have the power to issue and suspend digital signature certificate. The CA can also revoke a Digital Signature issued by it when the subscriber or any other person authorized by him makes a request to that effect. There are also other conditions in the IT act 2000 to revoke the certificate.

To look after the working of CA's the government has appointed a Controller of Certifying Authorities (CCA), which will provide the licenses to CA's. Also there is no restriction on the number of players applying for a license to become a CA. The CCA may give recognition to foreign certifying authorities. 

Advertisment

There are different levels of certificates and different identities are required for different certificates. Since there is huge cost involved in setting up infrastructure for these certificates, the applicants will have to pay the fee for the certificate they require, which could range between Rs 600 to Rs 10,000.

Te operational approach

Digital certificates are based on public or private key technology-the same technology used to protect nuclear missile sites. Each key is like a unique encryption device. No two keys are ever identical, which is why a key can be used to identify its owner. 

Keys always work in pairs, one called the private key, and the other called the public key. What a public key encrypts, only the corresponding private key can decrypt, and vice versa. Public keys are distributed freely to anyone who wants to exchange secure information with anybody. The private key is never copied or distributed and remains secure on computer or server. 

Advertisment

Digital certificates automate the process of distributing public keys and exchanging secure information. When anyone installs a digital certificate on computer or server, the private key automatically installs in computer or web site key. Its matching public key is freely available as part of your digital certificate posted on your computer or website. 

When another computer wants to exchange information with your computer, it accesses your digital certificate, which contains your public key. The other computer uses your public key to validate your identity and to encrypt the information it wants to share with you using Secure Sockets Layer (SSL) technology. Only your private key can decrypt this information, so it remains secure from interception or tampering while traveling across the Internet. 

Digital Certificates

Digital certificates are electronic files that act like a kind of online passport. A trusted third party, a certificate authority, which verifies the identity of the certificate's holder, issues them. They are tamper-proof and cannot be forged. Digital certificates do two things. They authenticate that their holders-people, websites, and even network resources such as routers. These also protect data exchanged online from theft or tampering. 

Advertisment

There are two types of digital certificates that are important when building secure websites-server certificates and personal certificates. Server Certificates let visitors to your web site exchange personal information, such as credit card numbers, free from the threat of interception or tampering. 

Server certificates also let visitors to your site authenticate your identity so they can feel secure that they are communicating with you and not with a rogue site impersonating you. Server certificates are a must for anyone building an e-commerce site or a site designed to exchange confidential information with clients, customers, or vendors while Personal Certificates let authenticate a visitor's identity and restrict access to specified content to particular visitors. 

These certificates are perfect for business-to-business communications such as offering your suppliers and partners controlled access to special websites for updating product availability, shipping dates, and inventory management.

Advertisment

Rahul Gupta  (CNS)

Advertisment