home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |		 APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers











Certificate Authorities: How Valuable Are They?

By Greg Shipley   After completing his most recent quest to uphold the interests of queen and country, our favorite secret agent finds himself at home, surfing the Web for a new Aston Martin to replace the one he drove off a bridge in Istanbul. Discovering one to his liking on the Secret Agent Shopping Network, 007 realizes that if he uses his credit card, he won't be

required to leave the bedroom. After verifying that the server supports secure transmissions, he's ready to approve the transfer--poised to send his credit-card number out onto the Internet, secured by an SSLv2-compliant browser. A fter all, it is secure--isn't it?

Unbeknownst to our intrepid 007, the evil terrorist organization ZIFFWEC (Zealots Into Fraudulent Fantasies With Electronic Commerce) is engaged in typically nefarious activities. ZIFFWEC is determined not only to compromise 007's Internet service provider (ISP), but also to capture as many credit-card numbers as possible to support its mission to import mass quantities of the outlawed Fabio icons. To accomplish this, ZIFFWEC has created a Web site that cleverly impersonates the Secret Agent Shopping Network. Meanwhile, an anxious Q tosses and turns in his sleep, dreaming of the certificate authentication system he wishes he had implemented on the popular spy shopping site.

The world of Certificate Authorities (CAs) and certificate-based authentication is populated by high-level cryptographers, ex-National Security Agency agents, small start-ups headed by young visionaries and private s ervice providers using biometrics-based security systems. Where does corporate America fit into this community, where hardware gets a TEMPEST rating instead of a MHz sticker and key signing units will self-destruct if tampered with? For many, the acceptance--and implementation--of systems based o n the International Telecommunication Union (ITU) X.509 certificate standard offers the promise of secure transmissions across the Web. However, to say that certificates are primarily for use on the Web is like saying Bond--James Bond--is just a spy.

We spent some time digging for clues about the commercial status of this technology, searching both for service providers and software that integrates current technology with future-oriented cryptography features. We found that these services slip comfortably into many niches, including electronic commerce, but we didn't need to break any codes to figure out that certificate authentication has not yet hit networking full force.

One of the obstacles to the widespr ead acceptance and use of certificate authentication may well be its underlying technological complexity: People are reluctant to use what they don't understand. Our mission is to demystify the subject.

Undercover Agents To understand how certificates are used, we must burrow into the world of cryptography. Certificate authentication relies on public key cryptography, which in turn is based on the use of public and private "key pairs." Each half in this pair works in conjunction with the other half. For example, say User A wishes to send User B an encrypted message. User A first must retrieve User B's public key. With this public key, User A encrypts the data using algorithm X. Only User B's private key--which only User B possesses--can decrypt the data. Although these keys are functional inverses of one another, with large key sizes it becomes very hard--if not impossible--to determine the unknown half of someone's key pair simply by using a known half.

But suppose you're suspicious: Was t hat User B's public key that User A obtained? Is User B who he says he is? And how does User B know if User A can be trusted? This is where Certificate Authorities come in. The CA issues an x.509 certificate containing the user's public key, which the CA "stamps" or "signs" as authentic. This stamp of a pproval is how the CA says, "I stand by this User A with this public key X, and he is who he says he is--I've checked him out," (See "Example of Certificate Application")

To download an Adobe Acrobat .pdf format version of "Example of Certificate Application", click here.

Glossary of Encryption and Hashing Terms


Updated March 25, 1997







Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
10 Search Engines You Don't Know About
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Yahoo Profits Fall 23%, Cuts 1,000 Jobs
Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.

More articles from our career center










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch
Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights