Digital Certificates and Secure Internet Access

出典: くみこみックス

Introduction

This report describes the use of Digital Certificates as a mechanism for strongly authenticating customers to net web sites exactly where identity info is needed. Ahead of the advent of digital certificates the only option for authenticating users to a website was to assign a username and password. Digital certificates on the other hand give for significantly much more robust access handle and have a quantity of rewards over username and password.

Username and password authentication

Employing username and password the process is usually as follows: every time a user wishes to ssl certificate domain access a net service the user navigates to the site and authenticate themselves to the application employing unique username and password. This information is passed to the server (hopefully in an encrypted form), the application looks up the username and the password (or a representation of the password) in some form of access control list and provided the details matches the user is granted access.

This technique has some clear limitations:

* The username and password are passed more than the net (encrypted or unencrypted) with the typical security concerns of interception.

* The systems administrator commonly has unrestricted access to all usernames and passwords with related security and liability issues for the service provider (especially with confidential information)

* The user demands to remember as a lot of usernames and passwords as are needed by their applications top to inevitable support problems to recover lost access data

Digital Certificate Authentication

The typical digital certificate web access process is:

The user navigates to the site. Ahead of allowing access it checks the certificate against the access database. The user enters the password locally to confirming their access proper to the certificate and is allowed to the website.

Benefits of certificates more than username and password:

* General security is enhanced: the user demands both the certificate itself and the password to the certificate to gain access.

* The password is by no means passed more than the net, not even during account set-up.

* At no stage do systems administrators have access to user passwords.

* The certificate can electronically sign data on the site with the benefit of non-repudiation.

* The user utilizes 1 digital identity with one particular password to access a range of applications (reduces passwords to keep in mind).

Implementing Digital Certificates

All key web servers support client authentication via certificates. An SSL certificate on the web server (to assistance https) enables configuration of client authentication and only demands specification of the access rights for each and every directory served by the net server. Amend the web multi domain ssl certificate application to support client authentication by certificates. If any code was created to manage user name and password, then the certificate credentials can be looked up in an access manage list in just the same way. Client certificates are issued by means of a Public Key Infrastructure (PKI) You can select implement your own or use the services of a Managed Service Provider such as Diginus Ltd.

Wider Use

When customers certificate management or employees have digital certificates, the exact same certificates can be utilized to digitally sign e-mail, PDF and internet forms and Microsoft Word documents. With a handful of little actions a corporate site can be transformed into the centre of a effective net services infrastructure, with single sign on to several web applications, signed e mail and forms data exchange, all the time realizing precisely who is accessing the resources and data.

表示