Database Reference
In-Depth Information
•
A digital signature is computed for the data that are signed. So a particular
digital signature cannot be alleged to be for some other data.
•
A signed piece of information cannot be changed. Otherwise, the digital sig-
nature will not apply to the piece of information any longer.
Parts of some digital signatures are generated by using message digest algorithms.
Digital Certificates
These refer to another security mechanism. A recognized
Certificate Authority (CA) issues digital certificates.
Let us say that Mary wants to send a secure electronic message to Bob. She
applies to the CA for a digital certificate. The CA issues an encrypted digital cer-
tificate containing Mary's public key and additional identification information. The
CA's own public key is widely known through printed documents or on the Inter-
net. Mary sends the digital certificate as an attachment to the electronic message to
Bob. In this arrangement, the recipient of a message confirms the proper receipt of
the message by means of a response.
What happens next?
Bob receives the message and the digital certificate. He uses the CA's public key,
decodes the digital certificate, verifies that it was really issued by the CA, and gets
the sender's public key and identification encrypted in the certificate. Bob can send
back an encrypted response to Mary. In effect, Bob is able to verify that the message
that appeared to have been sent by Mary really was from her.
Digital certificates have their application in monetary transactions such as large
fund transfers. In this security scheme, you must have noted that the CA plays a key
role acting as an intermediary between the sender and the recipient of a message.
What if a fraudulent person tries to forge or pose as someone else or tries to bribe
the CA? Other additional restrictions exist to thwart the deceptive schemes of the
cleverest imposter.
Kerberos
In passing, let us note the use of Kerberos in security administration.
Kerberos is a secured server keeping user names and password in strictest confi-
dentiality. It provides one central security server for all data and network resources.
In a sense, Kerberos provides a function similar to that of the Certificate Author-
ity—authenticate a user. Incidentally, the term Kerberos refers to a three-headed
monster in Greek mythology that guards the gate of Hell.
SET and SST
Have you ever provided your credit card information on the Internet? The Secure
Electronic Transactions (SET) protocol governs the processing of credit card trans-
actions over the Internet. It is an open, interoperable standard created jointly by
Visa, MasterCard, Microsoft, and a few other organizations. The protocol ensures
security for credit card transactions and keeps these simple.
To ensure privacy requirements, the actions in a transaction are split in such a
way that neither the merchant nor the credit card company has all the pieces of the
information about the transaction. SET uses digital certificates for certifying a credit
cardholder as well as for confirming the relationship between the merchant and the
credit card company.
Search WWH ::
Custom Search