Article | REF: H5510 V3

Electronic certification

Author: Gérard RIBIÈRE

Publication date: January 10, 2018

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


Overview

Français

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

  • Gérard RIBIÈRE: Computer scientist

 INTRODUCTION

Fears inspired by the dematerialization of documents

Any exchange or type of commerce on a computer network, and particularly on the Internet, requires a function that enables the parties involved to identify each other. Once identified, the parties will then want to participate in transactions, consisting of exchanges of orders, invoices, payments and documents in general.

Consider, for example, the case of buying shares over the Internet from a broker. The problem is for the broker and the buyer to identify each other, i.e. to be sure of the partner's identity. But this is not enough: the broker must be able to prove that the buyer has indeed ordered a given type and number of shares; and the buyer must be sure that his order has been taken into account by the broker.

In order to achieve the same level of trust in exchanges over a computer network as in real life, where physical documents are exchanged with a handwritten signature, it is necessary to reproduce electronically the mutual identification of the parties involved in a transaction, and the signature of the documents linked to it.

Electronic identification of transaction participants

As we will see later in this article, password identification, and even the encryption of exchanged information, are not sufficient to meet the need described above. The answer is provided by a certification process for transaction actors, based on a set of components and functions constituting a Key Management Infrastructure (KMI) and enabling the digital signature of exchanged documents.

This type of process is already being used operationally today for transactional exchanges, notably by healthcare professionals to transmit electronic medical forms over the Internet. The functions and products we will describe in this article will make it possible to carry out any other type of network-based commerce, in the broadest sense of the term, going well beyond the framework of relations with the public administration.

In this article, we will begin by mentioning the security requirements imposed by the dematerialization of exchanges (via the Internet, for example), and then briefly describe the techniques used to meet authentication requirements, and consequently the need for certification.

This is followed by an introduction to the concept of electronic certificates and the functions of certificate-issuing authorities. To illustrate our point, we'll present some standard communication protocols and practical applications using certificates.

We're focusing on the Internet because it's the mode of network use that presents the greatest security risks. However,...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!


The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors
+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year
From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

This article is included in

Security of information systems

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
Electronic certification