One way to control threats from active content is to use digital certificates. A digital certificate is an attachment to an e-mail message or a program embedded in a Web page that verifies that the sender or web site is who or what it claims to be. In addition, the digital certificate contains a means to send an encrypted message (encoded so other can’t read it) to the entity that sent the original web page or e-mail message. In a case of a downloaded program containing a digital certificate, the encrypted message identifies the software publisher and indicates whether the certificate has expired or is still valid. The digital certificate is a signed message or code. Signed code or messages provide proof that the holder is the person identified by the certificate. The idea behind certificates is like that if the user trusts the software developer, signed software can be trusted because, as proven by the certificate, it came from that trusted developer.
Digital certificates are used for many different types of online transactions, including e-commerce, e-mail, and e-funds transfers. A digital ID verifies a Web site to shopper and optionally, identifies a shopper to a Web site. Web browsers or e-mail programs exchange digital certificates automatically and invisibly when requested to validate the identity of each party involved in a transaction.
Digital certificate for software is an assurance that the software was created by a specific company. Digital certificates are issued by a certification authority (C.A). A CA can issue digital certificates to organizations or individuals. A Ca requires entities applying for digital certificates to supply appropriate proof of identity. Once the CA is satisfied, it issues a certificate.
Certificates are classified as low, medium, or high assurance, based largely on the identification requirements imposed on the certificate seekers. The fees charged by CAs vary with the level of assurance provided; higher levels of assurance are more expensive.
Two of the most commonly used CAs are Thawte and VeriSign, but other companies such as Entrust and Equifax secure also offer CA services. The digital certificate for Amozon.com was issued by VeriSign.
VeriSign is an American company based in Mountain View, California that operates a diverse array of network infrastructure, including two of the Internet’s thirteen root nameservers, the generic top-level domains for .com and .net, one of the largest SS7 signaling networks in North America, and the RFID directory for EPCGlobal. VeriSign also provides a variety of security and telecom services ranging from digital certificates, payments processing, and managed firewalls to mobile call roaming, toll-free call database queries and downloadable digital content for mobile devices. The company groups all of these functions under the banner of 'intelligent infrastructure' services.
The company's former payment processing service was sold to eBay in 2005.
3 comments:
Good structures.. gambateh, got spaces to improve..
thank giving the comment.
I completely agree with you. A digital certificate is the best way to control threats and to secure information.
digital certificate
Post a Comment