Digital certificates and trusted third parties

Symmetric encryption is not well suited to open networks with spontaneous communication. With the advent of public-key techniques, cryptography came in use for digital signatures that are of widespread interest as a means for electronically authenticating and signing commercial transactions, as well as ensuring that unauthorised changes or errors are detected. For a system using public key cryptography a certificate for demonstrating identity would as a minimum contain the public portion of the subjects public key and be signed by the issuer [Hal95]. Certification Authorities (CA) guarantee the authenticity of their clients. X.509 is becoming to be the internationally recognised standard form of digital certificates.

Key management is fundamental to the security afforded by any cryptography-based safeguard. Different key administration policies, such as hierarchical (PEM) and user-centered (PGP), have many implications on the required infrastructure for the overall system. VeriSign (spin-off of RSA Data Security) and COST are commercial companies that provides CA-services.

The "key escrow system" refers to a policy under which users of encryption systems give copies of their encryption keys either to their government or to a third party that the government trusts.

If the person, who has used digital signature at a certain time, wants to prove it to someone else, a digital notary is needed. The notary can time-stamp the signatures with a unique "digital fingerprint". This service can be used for example to time-stamp research data and papers, witness fraud, and form non-forgeable digital agreements. Surety Technologies is an example of a commercial digital notary service.

[Next] [Prev] [Contents]

mtu@cs.hut.fi - 04 DEC 95