Why Digital Certificates are needed
Every time a user sends an email it travels across the internet or world wide web. It is called the world wide web because the internet is made up of thousands of servers or a ‘web of servers’. Each and every communication visits a minimum of 8 and a maximum of 32 servers before it reaches its intended destination. Each of these points of contact represents a security risk. Scripts, viruses, hackers and other devices can intercept the data at any time and can copy or alter it unnoticed.
Device-to-device authentication, two factor authentication, transaction signing and the inherent ‘digital identity’ within the Digital Certificate means that you know who and what you’re communicating with.
Encrypting information is only one aspect of security. The other is knowing the identity of the person. If two people choose to communicate by email, how can they be sure that any of the communications were transmitted without being tampered with? Equally, if a website owner wants to be sure that only a specific user gains access to secured information, how can this assurance be provided?
The simple answer is that Digital Certificates are the digital equivalent of a passport or signature.
By opening a user’s Digital Certificate much of the information that would be available in a passport or drivers license can be viewed in the Certificate. The person’s name, the organization that they work for (or the organization that issued the Certificate) and other information is clearly legible. A Digital Certificate cannot be compromised or ‘cracked’, this provides the assurance necessary to assure the recipient that the person is genuinely who they claim to be.
Digital Certificates can be used to identify a person or a device. Once identification is established, the Certificate is most frequently used to prove one person’s, or device’s, identity to another person or device. Because of the RSA system, they both know each other. The Digital Certificate can now be used for signing and/or encrypting email or for providing two-factor strong authentication.
