Computerworld - Digital certificates are issued by a trusted third party known as a certification authority (CA). The CA validates the identity of a certificate holder and "signs" the certificate to attest that it hasn't been forged or altered in any way.
 | | | New Uses For Digital Certificates
Digital certificates are now being used to provide security and validation for wireless connections, and hardware manufacturers are one of the latest groups to use them. Last month, VeriSign Inc. in Mountain View, Calif., announced its Cable Modem Authentication Services, which allow hardware manufacturers to embed digital certificates into cable modems to help prevent the pirating of broadband services through device cloning.
Using VeriSign software, hardware makers can generate cryptographic keys and corresponding digital certificates that manufacturers or cable service providers can use to automatically identify individual modems. "It appears that this is the very first time that certificates are being used at the point of manufacture in electronics products, where they are burned right into the read-only memory of [a] cable modem," says analyst Michael Harris, president of Kinetic Strategies Inc. in Phoenix.
According to VeriSign, the Data Over Cable System Interface Specification standard, which calls for the embedding of digital certificates in cable modems, sets the stage for next-generation broadband services such as pay-per-view, digital rights management and online software delivery and ensures interoperability among products from cable modem manufacturers and operators.
"This 'last-mile' authentication not only protects the value of existing content and services but also positions cable system operators to bring a broad new range of content, applications and value-added services to market," says Stratton Sclavos, president and CEO of VeriSign.
|
|
|||
When a certificate is digitally signed by a CA, its owner can use it as an electronic passport to prove his identity. It can be presented to Web sites, networks or individuals that require secure access.
Identifying information embedded in the certificate includes the holder's name and e-mail address, the name of the CA, a serial number and any activation or expiration data for the certificate. When a user's identity is verified by the CA, the certificate uses the holder's public encryption key to protect this data.
Public keys are also employed by certificates that a Web server uses to confirm the authenticity of a Web site for a user's browser. When a user wants to send confidential information to a Web server, such as a credit-card number for an online transaction, the browser will access the public key in the server's digital certificate to verify its identity.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
