Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
Microsoft details 'Windows on ARM' program
March debut of 'iPad 3' a sure bet, says analyst
FBI unbolts Steve Jobs 1991 investigation file
Cisco boosted profit, sales in Q2 while cutting costs
Macs take on the enterprise
Four crazy tech ideas from Google's Solve for X project
Obama 2012 campaign playlist revealed courtesy of Spotify
Oracle buying Taleo for US$1.9 billion in direct hit at SAP
Amazon attacks Apple: You get 3 Kindle products for price of iPad 2
Pre-rendered pages highlight latest Google Chrome release
Microsoft exec: Lync-Skype integration a 'compelling opportunity'
The future of hypervisors


Enterprise Networks / Product tests/info /
Send to a friend Feedback

PKI enables digital signatures

Related linksToday's breaking news
Send to a friendFeedback

By SVEN HAMMAR
Network World, 10/30/00

With the recent Senate approval of the E-Signing Law, consumers and businesses can sign contracts online and know that their e-signature is just as legally binding as one in ink. By creating greater consumer confidence in online business transactions, people will sign mortgages, open brokerage accounts, or sign insurance contracts over the Internet.

How it works
Subscribe to the Tech Update newsletter
  Here is a weekly newsletter to help you stay abreast of new networking standards and technologies by providing down-to-earth explanations of how they work.

Public-key infrastructure (PKI) is the technology that has emerged as an industry standard for e-business security. PKI enables users of the Internet to securely and privately exchange data and money.

PKI: foundation for e-business security

PKI involves the use of two cryptographic keys, one private and one public. Information encrypted with one key in the pair can only be decrypted with the other key. Private keys are generally stored on the user's hard drive. The publicly available key is embedded in a certificate with personal details about the user. The key is easily distributed through a Web browser.

Certificates are issued by trusted third parties called certificate authorities, and provide the validation function by linking a particular public key to a particular user in order to identify individuals and organizations. As part of the certificate validation, the server checks a certificate revocation list to make sure the administrator has not revoked the certificate.

Thus, PKI provides the essential services for managing certificates and encryption keys for the people, programs and systems that use public-key cryptography.

Furthermore, certificates don't just provide security. Certificates will most likely also be issued by companies as a means of building customer loyalty on the Internet.

The aspect of PKI that is expected to have the largest impact on the e-business marketplace is creating and validating digital signatures for nonrepudiate transactions. A nonrepudiate transaction is a secure transaction that carries full legal weight. Digital signatures use PKI technology to create legally binding proof of signature for online transactions or contracts. A digital signature is based on a mathematical transformation that combines the private key with the data to be signed in such a way that:

Only someone possessing the private key can create the digital signature, providing authentication of the signing party.

Anyone with access to the corresponding public key can verify the digital signature, enabling a nonrepudiate transaction.

Any modification of the signed data invalidates the digital signature, providing integrity proof for the parties involved.

How it works

  1. Using special digital signature software, a customer creates a message hash (a unique numerical representation) of the transaction, uniquely identifying the data to be signed.

  2. The customer uses his private key to encrypt the hash.

  3. The encrypted hash becomes the digital signature of the message.

  4. The sender's certificate, digital signature and data are sent to the receiver.

  5. If the involved parties aren't already using a secure connection, the sender can optionally choose to encrypt the data using the recipient's public key.

When the message is received:

  1. The recipient runs the data through the same data hashing function used by the sender. If the data was encrypted, it is first decrypted using the recipient's private key.

  2. The recipient uses the customer's public key to decrypt the signature and the hash.

  3. If the hashes match, the integrity of the data is validated.

  4. To verify the customer's identity, the recipient checks the status of the customer's certificate against a certificate revocation list or Online Certificate Status Protocol.


Related Links

Hammar, sven@celocom.com, is CEO of Celo Communications, which provides digital signatures for e-business.

Newsletter: PKI baby steps
Network World Fusion's exclusive free e-mail newsletter on virtual private networks, featuring tips and news.
Network World, 05/15/00.

The ABCs of PKI
Decrypting the complex task of setting up a public-key infrastructure.
Network World, 01/17/00.

Tech Update: Simplify PKI with Hybrid Auth, XAuth
Two new protocols - Hybrid Auth and XAuth - are being developed by the Internet Engineering Task Force, enabling companies to employ a more manageable, phased approach to PKI deployment.
Network World, 08/28/00.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.