Introduction to Authentication
On this page:
What is authentication?
Authentication allows the receiver of a digital message to be confident of both the identity of the sender and the integrity of the message.
What is a Digital ID Certificate?
Digital ID certificates are the electronic counterparts to driver’s licenses, passports, and membership cards. You can present a digital ID certificate electronically to prove your identity or your right to access information or services online.
Digital ID certificates, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A digital ID certificate makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, digital ID certificates provide a more complete security solution, assuring the identity of all parties involved in a transaction.
A digital ID certificate is issued by a Certification Authority (CA) and signed with the CA's private key.
A digital ID certificate typically contains the:
- Owner's public key
- Owner's name
- Expiration date of the public key
- Name of the issuer (the CA that issued the digital ID certificate)
- Serial number of the digital ID certificate
- Digital signature of the issuer
How do Digital ID Certificates work?
Digital ID certificates use public key encryption techniques that use two related keys, a public key and a private key. In public key encryption, the public key is made available to anyone who wants to correspond with the owner of the key pair. The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key. The security of messages encrypted this way relies on the security of the private key, which must be protected against unauthorized use.
A digital ID certificate is signed by the Certification Authority that issued the digital ID certificate. Multiple digital certificates can be attached to a message or transaction, forming a certification chain where each digital ID certificate testifies to the authenticity of the previous digital ID certificate. The top-level certification authority must be independently known and trusted by the recipient.