Overview of Certificates and Authentication discusses digital certificates and how they are used for authentication. Some explanation of software security systems and cryptography is included to provide background on this subject.
Certificates are a form of digital identification used in software security systems to prove the identities of users on nonsecure networks such as the Internet. Certificates also provide the information necessary to conduct private communications and prove the origin of communications.
The term nonsecure network is used here to refer to a computer network that can be routinely accessed by users without the need to obtain access permission. Communications on such a network are subject to possible monitoring by unknown users. The potential also exists for fraudulent communications in which senders of messages falsely represent themselves.
Even private local area networks are vulnerable to determined efforts by intruders to acquire physical access to the network. Consequently, the existence of perfectly secure networks is nearly hypothetical. Nevertheless, on these secure networks a deliberate breach of privacy or misrepresentation of identity is an extraordinary occurrence. Therefore, we can conduct our network communications on them without security precautions because we can trust the other users on the network.
On a publicly accessible network such as the Internet, information may fall into the hands of users whose intentions are unknown. If the information has little or no value, then security measures may be unnecessary. If the information is valuable or confidential, then appropriate precautions should be implemented to secure the information.
This means ensuring that only individuals with whom we want to share the information can understand it, and people with whom we share the information are really the individuals chosen to share it. These two concerns are expressed by the terms privacy and authentication.
Privacy in this context depends upon the ability to prevent anyone except the intended recipient from being able to read a message — even though anyone on the network might be able to intercept it.
Authentication in this context is the verification that the entity with whom you are communicating is, in fact, who you think it is — even though you have no direct physical means of proof.
The need for privacy and authentication over nonsecure networks requires some form of data encryption and decryption, otherwise known as cryptography, as part of a software security system. Cryptographic protocols (a protocol is an agreed upon sequence of steps) employing certificates are designed to address these needs.