Digital Certificates and Secure Net Access
byon 06-30-2012 at 03:56 PM (193 Views)
This article describes the use of Digital Certificates as a mechanism for strongly authenticating users to web sites where identity information is necessary. Before the advent of digital certificates the only option for authenticating customers to a site was to assign a username and password. Digital certificates on the other hand provide for considerably far more robust access control and have a number of rewards over username and password.
Username and password authentication
Employing username and password the procedure is generally as follows: each time a user wishes to access a web service the user navigates to the website and authenticate themselves to the application using distinctive username and password. This data is passed to the server (hopefully in an encrypted form), the application looks up the username and the password (or a representation of the password) in some form of access handle list and provided the info matches the user is granted access.
This approach has some obvious limitations:
* The username and password are passed more than the net (encrypted or unencrypted) with the typical security concerns of interception.
* The systems administrator normally has unrestricted access to all usernames and passwords with connected security and liability issues for the service provider (particularly with confidential information)
* The user demands to dont forget as several usernames and passwords as are essential by their applications leading to inevitable support problems to recover lost access information
Digital Certificate Authentication
The typical digital certificate web access approach is:
The user navigates to the site. Ahead of enabling access it checks the certificate against the access database. The user enters the password locally to confirming their access appropriate to the certificate and is allowed to the site.
Positive aspects of certificates over username and password:
* General security is enhanced: the user needs both the certificate itself and the password to the certificate to gain access.
* The password is never passed over the internet, not even throughout account set-up.
* At no stage do systems administrators have access to user passwords.
* The certificate can electronically sign information on the internet site with the benefit of non-repudiation.
* The user uses one particular digital identity with one password to access a range of applications (reduces passwords to remember).
Implementing Digital Certificates
All main net servers support client authentication through certificates. An SSL certificate on the web server (to support https) enables configuration of client authentication and only requires specification of the access rights for each directory served by the web server. Amend the net application to support client authentication by certificates. If any code was developed to manage user name and password, then the certificate credentials can be looked up in an access handle list in just the same way. Client certificates are issued through a Public Crucial Infrastructure (PKI) You can choose implement your own or use the services of a Managed Service Provider such as Diginus Ltd.
When buyers or staff have digital certificates, the exact same certificates can be used to digitally sign e-mail, PDF and net types and Microsoft Word documents. With a handful of little steps a corporate website can be transformed into the centre of a highly effective net services infrastructure, with single sign on to multiple web applications, signed e-mail and types data exchange, all the time understanding exactly who is accessing the resources and data. ssl server"