Digital Certificates

In the ‘real world’ passports and ID cards identify people; crests or symbols identify institutions like the police or a hospital, for example; and a seal or stamp authenticates a document. In the Digital World, we use digital certificates to do the same thing.

In the ‘digital world’ the digital certificate is used to identify the person, authority, device, website, software and/or electronic file and it is a CA that issues these digital certificates. The purpose of the CA is to provide digital identities of users, devices or files. The CA is configured and installed in accordance with the customer’s requirements and these requirements are documented in the Certificate Policy [CP] for the CA.

Every request for a digital certificate is validated and approved, or rejected, by the Registration Authority [RA]. A trained Administrator, again in accordance with the CP, can manually operate the RA or this function can be automated depending on the CA you choose. Every digital certificate issued is unique and is delivered according to the CP.

Any network where information is stored electronically needs to be secured. Up to now, the most common way of protecting such data has been through the use of usernames and passwords. This is no longer considered ‘secure’.

A single unsecured transaction could result in significant losses to an organisation. This alone makes a strong argument for using digital certificates. Digital certificates remove this risk completely.

However, the digital certificate is only as good as the security processes and procedures that surround the issuing of that certificate to the individual, or device. This is where the validations process, and its importance, must be understood thoroughly. If it is easy for one person to assume the identity of another and subsequently, as a result of poor policies and procedures, successfully apply for and receive another person’s certificate, then the value of that digital identification is effectively useless. On the contrary, a correctly managed Certificate Authority, can bring endless value and cost savings to countless digital and physical environments.

Even more compelling business arguments in favour of using digital certificates would include the reduction or removal of paper forms and workflow from an organisation. Paper business processes can be computerized and digital signatures replace handwritten signatures. The savings to organisations as a result of using this technology are well documented.

Two-factor authentication, Machine Readable Travel Documents [MRTD], secure email national ID cards, digital rights management, web access control, device-to-device authentication and many other business processes can benefit from significant savings by using technology smartly. Integral to all of these processes, is the requirement for digital authentication, digital identification, digital encryption, digital stamping and digital signing and being able to support these transactions with a legally binding infrastructure. This is what Digi-CA™ provides to your organisation.