Digital certificates are digitally encrypted storage vehicles for transporting personal information, especially digital signatures, over the Internet. They are appended as attachments to electronic communications in order to verify the identity of the sender and provide the tools necessary for the recipient to encode a response. The thrust of the technology is to provide individuals engaging in online transactions with authentic digital credentials for use over the Internet, and to secure those credentials in the transaction over multiple servers.
The appeal of digital certificates in e-commerce is obvious. They greatly enhance the security and speed of online transactions, making the Internet's instantaneous sales and communications possibilities more viable. In the early 2000s, digital certificates were a primary means for the advancement of Web-based commerce. They validate the user at the point of purchase, streamlining the transaction process by eliminating the need for third-party validation. The information contained in the certificate includes the user's name and e-mail address, expiration data, a serial number, and the name of the certificate authority that issued the certificate.
Certificates are granted upon successful application to a certificate authority, and are sent via electronic communication, usually e-mail. Issuers generally devise a certification practice statement to clarify the conditions upon which the authority authenticates the individual. Upon receiving the certificate, the user has the information verified by a notary, after which the certificate can be used officially for electronic transactions, acting as a legally binding electronic signature. Public-key infrastructure encryption methods are used to electronically mask signatures during transmission, simultaneously providing the recipient with a method for decrypting the signature and encrypting a reply.
Digital certificates were developed by Salt Lake City-based Zions First National Bank in conjunction with the American Bankers Association. The organizations launched a pilot program with the U. S. Social Security Administration in the late 1990s in which hundreds of companies filed their Social Security reports online using digital certificates. The tremendous success of the program opened the door for wider interest and application. In summer 2000, President Bill Clinton signed into law, using a digital certificate, the Electronic Signatures in Global & National Commerce Act. This legislation heralded a turning point, particularly for online banking, which had been forestalled by concerns over the security and authentication of online financial transactions. By making these digital signatures legally binding and secure, Web-based banking was expected to finally begin fulfilling its tremendous promise.
The early 2000s witnessed a flurry of new technologies aimed at facilitating the wider application and integration of digital certificates, such as Web forms designed to accept certificates. Other developments included storage space for digital certificates in secure central directories. Traditionally, digital certificates requiring desktop software didn't transfer easily between different kinds of computers or browsers. The process for utilizing digital certificates across different operating systems or browsers was cumbersome, generally involving a separate cryptography tool kit installed on a desktop. Downloading and storing certificates allows users to access their certificates from any remote location via the Internet. Security vendors such as RSA Security, Arcot Systems, Entrust Technologies, and VeriSign all rolled out versions of remote Web-based certificate storage and access in the early 2000s, according to Internetweek.
Digital certificates generally are stored as files on personal computer Web browsers and are protected by personal identification numbers (PINs), thereby verifying that communications come from particular users. However, some imperfections are implicit. For instance, a digital certificate essentially authenticates the computer, and not the individual using it. While users of digital certificates typically safeguard their machines with layers of personal verification for use, in addition to the PIN, certificates stored on computers are nonetheless susceptible to hackers. One highly touted solution to this difficulty was the augmenting of digital certificates with biometric technology, which verifies identity via personal characteristics such as fingerprints, retina, or voice.
Alternatively, certificates can be embedded on smart cards or similar devices. The latter method was becoming more common as computers were manufactured with built-in smart-card readers. This method affords the additional benefit of allowing users to employ the digital certificate both at their computer and, once the infrastructure is widely in place, in physical-world settings like automatic teller machines (ATMs) for credit and debit transactions.
Bielski, Lauren. "Digital Certificates Get Mobilized by 'E-Sign Act."' ABA Banking Journal. September, 2000.
Connolly, P. J. "Digital Certificates are Gaining Ground in Business." InfoWorld. October 16, 2000.
Hammell, Benjamin. "Are Digital Certificates Secure?" Communications News. December, 2000.
Harrison, Ann. "Digital Certificates." Computerworld. August 14, 2000.
Koller, Mike, and Rutrell Yasin. "Security Gets Some Legs: Digital ID Systems No Longer Hold Users Captive to a Single Browser, PC or Location." Internetweek. December 11, 2000.
O'Donnell, Anthony. "Security on the Internet: Who Goes There?" Insurance & Technology. January, 2001.
Streeter, Bill. "Will Banks Have a Role in e-Commerce? It's a 'Cert'ainty." ABA Banking Journal. September, 2000.
SEE ALSO: Banking, Online; Biometrics; Cryptography, Public and Private Key; Digital Certificate Authority; DigitalSignature; Digital Signature Legislation; Encryption