Digital Certificates and Secure Web Access
byon 07-09-2012 at 05:50 PM (46 Views)
This article describes the use of Digital Certificates as a mechanism for strongly authenticating users to web internet sites where identity details is required. Just before the advent of digital certificates the only option for authenticating users to a internet site was to assign a username and password. Digital certificates on the other hand supply for significantly much more robust access control and have a number of positive aspects more than username and password.
Username and password authentication
Using username and password the method is usually as follows: each time a user wishes to access a web service the user navigates to the internet site and authenticate themselves to the application employing special username and password. This information is passed to the server (hopefully in an encrypted form), the application looks up the username and the password (or a representation of the password) in some form of access control list and offered the information matches the user is granted access.
This approach has some clear limitations:
* The username and password are passed more than the web (encrypted or unencrypted) with the typical security issues of interception.
* The systems administrator normally has unrestricted access to all usernames and passwords with related security and liability issues for the service provider (especially with confidential data)
* The user wants to keep in mind as many usernames and passwords as are required by their applications top to inevitable support concerns to recover lost access data
Digital Certificate Authentication
The typical digital certificate internet access process is:
The user navigates to the internet site. Ahead of allowing access it checks the certificate against the access database. The user enters the password locally to confirming their access appropriate to the certificate and is allowed to the web site.
Positive aspects of certificates over username and password:
* General security is enhanced: the user demands both the certificate itself and the password to the certificate to gain access.
* The password is by no means passed over the web, not even throughout account set-up.
* At no stage do systems administrators have access to user passwords.
* The certificate can electronically sign data on the web site with the benefit of non-repudiation.
* The user uses a single digital identity with one particular password to access a range of applications (reduces passwords to keep in mind).
Implementing Digital Certificates
All main web servers support client authentication by way of certificates. An SSL certificate on the web server (to assistance https) enables configuration of client authentication and only requires specification of the access rights for each and every directory served by the web server. Amend the net application to support client authentication by certificates. If any code was developed to handle user name and password, then the certificate credentials can be looked up in an access handle list in just the identical way. Client certificates are issued via a Public Important Infrastructure (PKI) You can choose implement your personal or use the services of a Managed Service Provider such as Diginus Ltd.
Once customers or employees have digital certificates, the exact same certificates can be used to digitally sign email, PDF and web types and Microsoft Word documents. With a few tiny actions a corporate site can be transformed into the centre of a potent internet services infrastructure, with single sign on to numerous web applications, signed e-mail and types data exchange, all the time understanding exactly who is accessing the resources and information. [url=http://www.entrust.net/]entrust[/url]"