Digital Certificate Operation in a Complex Environment
Sections in this document:search
PKI Primer and Project Background
6. Authentication via digital certificates
To everyone's relief, the mathematical arena of - putting messages and data into virtually unbreakable codes - has come to our rescue. It is possible to send data over a network and for the encryption to be strong enough to be secure. Therefore, the server - or your correspondent - will be happy that the proof that you show (possibly with your digital certificate) is actually genuine if your code can be .
After reading a few web pages and going to the right places, anyone can create a digital certificate. However, for that certificate to be trusted, it needs either to have been issued by or endorsed by a trusted, and reliable, authority.
Again, 'trust' is becoming an enormous subject in its own right (see the appendix for ). However, trust is a basic element of the use of digital certificates with a public key infrastructure ( ). We will talk about public key infrastructure more in the next section, but in short, you can have your certificate endorsed by an authority that most people will trust.
A parallel for this concept was mentioned on the previous page by a person using her driving licence, national passport and gym membership card as means of . Staff at the gym may be happy with the latter, but it is unlikely that staff at the bank will trust this form of authentication, thinking that it could be easier to forge or that it may be easier to 'fool' staff at the gym into giving you a card with someone else's name on it. The authority of the issuer of the document must be trusted. One advantage of using digital certificates within a public key infrastructure is that many bodies can generate certificates but they must gain the approval of a trusted authority and that authority verifies - for the rest of the world - that the certificates are believable.
So, what we need for this system to work is:
The last point is really about 'infrastructure', as are the previous points to a greater or lesser degree, both in terms of human management and machines. All of these points show why 'public key infrastructure' (which we still haven't defined yet) is both a technology and an administration system.