Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
FBI warns of holiday cyber scams
U.S. Open used Web filtering to prevent online gambling
Google Earth used by terrorists in India attacks
Mumbai terrorist attacks don't deter technology companies
Google layoffs: 10,000 jobs being cut, report claims
Experts to Feds: Sign the DNS root ASAP
Cisco shutting down between holidays
Sprint completes Clearwire WiMAX deal
Mobile sales to beat economic gloom, forecasts Ovum
Start-ups starting to feel economic pain
Spam levels fluctuate as crooks try to revive botnets
Mozilla eyes extra beta for Firefox 3.1
Grim forecast for holiday e-commerce sales
Talking Web, memory assistants and solar-powered cell phones headed mainstream, IBM says
Massive botnet returns from the dead, starts spamming


Enterprise Networks / Product tests/info /
Send to a friend Feedback

PKI enables digital signatures

Related linksToday's breaking news
Send to a friendFeedback

By SVEN HAMMAR
Network World, 10/30/00

With the recent Senate approval of the E-Signing Law, consumers and businesses can sign contracts online and know that their e-signature is just as legally binding as one in ink. By creating greater consumer confidence in online business transactions, people will sign mortgages, open brokerage accounts, or sign insurance contracts over the Internet.

How it works
Subscribe to the Tech Update newsletter
  Here is a weekly newsletter to help you stay abreast of new networking standards and technologies by providing down-to-earth explanations of how they work.

Public-key infrastructure (PKI) is the technology that has emerged as an industry standard for e-business security. PKI enables users of the Internet to securely and privately exchange data and money.

PKI: foundation for e-business security

PKI involves the use of two cryptographic keys, one private and one public. Information encrypted with one key in the pair can only be decrypted with the other key. Private keys are generally stored on the user's hard drive. The publicly available key is embedded in a certificate with personal details about the user. The key is easily distributed through a Web browser.

Certificates are issued by trusted third parties called certificate authorities, and provide the validation function by linking a particular public key to a particular user in order to identify individuals and organizations. As part of the certificate validation, the server checks a certificate revocation list to make sure the administrator has not revoked the certificate.

Thus, PKI provides the essential services for managing certificates and encryption keys for the people, programs and systems that use public-key cryptography.

Furthermore, certificates don't just provide security. Certificates will most likely also be issued by companies as a means of building customer loyalty on the Internet.

The aspect of PKI that is expected to have the largest impact on the e-business marketplace is creating and validating digital signatures for nonrepudiate transactions. A nonrepudiate transaction is a secure transaction that carries full legal weight. Digital signatures use PKI technology to create legally binding proof of signature for online transactions or contracts. A digital signature is based on a mathematical transformation that combines the private key with the data to be signed in such a way that:

Only someone possessing the private key can create the digital signature, providing authentication of the signing party.

Anyone with access to the corresponding public key can verify the digital signature, enabling a nonrepudiate transaction.

Any modification of the signed data invalidates the digital signature, providing integrity proof for the parties involved.

How it works

  1. Using special digital signature software, a customer creates a message hash (a unique numerical representation) of the transaction, uniquely identifying the data to be signed.

  2. The customer uses his private key to encrypt the hash.

  3. The encrypted hash becomes the digital signature of the message.

  4. The sender's certificate, digital signature and data are sent to the receiver.

  5. If the involved parties aren't already using a secure connection, the sender can optionally choose to encrypt the data using the recipient's public key.

When the message is received:

  1. The recipient runs the data through the same data hashing function used by the sender. If the data was encrypted, it is first decrypted using the recipient's private key.

  2. The recipient uses the customer's public key to decrypt the signature and the hash.

  3. If the hashes match, the integrity of the data is validated.

  4. To verify the customer's identity, the recipient checks the status of the customer's certificate against a certificate revocation list or Online Certificate Status Protocol.


Related Links

Hammar, sven@celocom.com, is CEO of Celo Communications, which provides digital signatures for e-business.

Newsletter: PKI baby steps
Network World Fusion's exclusive free e-mail newsletter on virtual private networks, featuring tips and news.
Network World, 05/15/00.

The ABCs of PKI
Decrypting the complex task of setting up a public-key infrastructure.
Network World, 01/17/00.

Tech Update: Simplify PKI with Hybrid Auth, XAuth
Two new protocols - Hybrid Auth and XAuth - are being developed by the Internet Engineering Task Force, enabling companies to employ a more manageable, phased approach to PKI deployment.
Network World, 08/28/00.

Apply for your free subscription to Network World. Click here. Or get Network World delivered in PDF each week.

Get Copyright Clearance
Request a reprint or permission to use this article.


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.