More and more Certification Authority (CA) services are cropping up to address the growth of commerce and business on the Web by issuing digital certificates - effectively e-passports - that confirm a Web site or individual`s authenticity. They help bring trust to the Internet by enabling secure online transactions.
"However, not all CA services are alike, and the technology and business practices behind a Certification Authority can significantly impact the level of trust inherent in their certification services," explains Michael Horn, GM of AST Security Management, a business unit of the AST Group.
Entrust.net, distributed locally by AST Security Management, provides end users and organisations using web server certificates enhanced protection from the misuse of digital certificates. This is achieved through the use of industry standard policies and innovative technology such as its patented Certificate Revocation List Distribution Point (CRL Distribution Points) technology, a feature that can be activated in more than 75% of all Web browsers in use.
The Role of Digital Certificates
A digital certificate provides a means for securing transactions between an e-business and a user who connects to its Web site. Digital certificates are crucial for enabling transactions across the Internet because they can be used to help verify the authenticity of a Web site. For Web site owners, digital certificates provide a means of giving site visitors confidence that they are buying products or downloading electronic media from the organization identified in the digital certificate.
CRL Distribution Points Protect Users from Sites Using Revoked Certificates
A digital certificate can be revoked because the private key has been lost or stolen, the password that protects the private key has been compromised, the contents of the certificate are no longer valid (for example, the company has changed its name), or the certificate is being misused.
Digital certificates that are obtained through fraud can be revoked after the fraud has been detected and reported to the issuing Certification Authority. Revocation of a certificate occurs when the Certification Authority posts the certificate serial number in a certificate revocation list (CRL).
Browsers that use Microsoft`s Auto CRL checking and Entrust`s CRL Distribution Points technology (US patent 5,699,431) will automatically check a certificate against the revocation list and warn the user that has activated this feature that the certificate is not trustworthy. The browser may also refuse further access to the offending site.
Automatic CRL is supported in all the Web server certificates issued by Entrust.net. In addition, Entrust`s CRL Distribution Points technology can be obtained by other vendors royalty free. If a Certificate Authority does not support Auto CRL and CRL Distribution Points-and a number of CAs do not-users will not automatically know that a certificate should not be trusted. Therefore, the support of these two key security features should be important checklist items when evaluating a CA.
"By taking these added measures, Entrust.net continues to provide users greater confidence when they are using the Internet," concludes Horn.
Share
AST Group
AST provides comprehensive and integrated ICT-based solutions to an increasing range of global corporate clients. AST`s best-of-breed software, excellent service delivery capabilities and our solution focus make us your ideal strategic partner.
AST focuses on industries such as mining, financial services, manufacturing, telecommunications and government. We have specialists in management and IT Consulting, IT Communications, Enterprise Systems Management, IT services, ERP Solutions, Outsourcing, Technology Rentals and Training.