Introduction to Digital IDs

 

 

• What is a Digital ID?

 

• How do Digital IDs work?

 

• Why do I need a Digital ID?

 

• How do I use Digital IDs?

 

• What applications support Digital IDs?

 

--------------------------------------

 

What is a Digital ID?

 

Digital IDs are the electronic counterparts to driver licenses, passports, and membership cards. You can present a Digital ID electronically to prove your identity or your right to access information or services online.

Digital IDs, bind an identity to a pair of electronic keys that can be used to encrypt and sign digital information. A Digital ID makes it possible to verify someone's claim that they have the right to use a given key, helping to prevent people from using phony keys to impersonate other users. Used in conjunction with encryption, Digital IDs provide a more complete security solution, assuring the identity of all parties involved in a transaction. For more information about key pairs, refer to the document on Technical Questions about Digital IDs

 

A Digital ID is issued by a Certification Authority (CA) and signed with the CA's private key.

 

A Digital ID typically contains the:

 

Owner's public key

Owner's name

Expiration date of the public key

Name of the issuer (the CA that issued the Digital ID)

Serial number of the Digital ID

Digital signature of the issuer

The most widely accepted format for Digital IDs is defined by the CCITT X.509 international standard; thus certificates can be read or written by any application complying with X.509. Further refinements are found in the PKCS standards and the PEM standard.

 

 

Back To Top

  --------------------------------------

 

How do Digital IDs work?

 

Digital IDs use public key encryption techniques that use two related keys, a public key and a private key. In public key encryption, the public key is made available to anyone who wants to correspond with the owner of the key pair. The public key can be used to verify a message signed with the private key or encrypt messages that can only be decrypted using the private key. The security of messages encrypted this way relies on the security of the private key, which must be protected against unauthorized use.

 


 

A Digital ID is signed by the Certification Authority that issued the Digital ID. Multiple digital certificates can be attached to a message or transaction, forming a certification chain where each Digital ID testifies to the authenticity of the previous Digital ID. The top-level certification authority must be independently known and trusted by the recipient.

 

 

Back To Top

  --------------------------------------

 

Why do I need a Digital ID?

 

Virtual malls, electronic banking, and other electronic services are becoming more commonplace, offering the convenience and flexibility of round-the-clock service direct from your home. However, your concerns about privacy and security might be preventing you from taking advantage of this new medium for your personal business. Encryption alone is not enough, as it provides no proof of the identity of the sender of the encrypted information. Without special safeguards, you risk being impersonated online. Digital IDs address this problem, providing an electronic means of verifying someone's identity. Used in conjunction with encryption, Digital IDs provide a more complete security solution, assuring the identity of all parties involved in a transaction.

 

 

Back To Top

  --------------------------------------

 

How do I use Digital IDs?

 

When you receive digitally signed messages, you can verify the signer's Digital ID to determine that no forgery or false representation has occurred.

When you send messages, you can sign the messages and enclose your Digital ID to assure the recipient of the message that the message was actually sent by you. Multiple Digital IDs can be enclosed with a message, forming a hierarchical chain, wherein one Digital ID testifies to the authenticity of the previous Digital ID. At the end of a Digital ID hierarchy is a top-level Certification Authority, which is trusted without a Digital ID from any other Certification Authority. The public key of the top-level Certification Authority must be independently known, for example by being widely published. The more familiar you are to the recipient of the message, the less need there is to enclose Digital ID.

 

You can also use a Digital ID to identify yourself to secure servers such as membership-based web servers. This is called authentication.

 

Generally, once you've obtained a Digital ID, you can set up your security-enhanced web or E-mail application to use the Digital ID automatically.

 

 

Back To Top

  --------------------------------------

 

What applications support Digital IDs?

 

Digital IDs are supported by Netscape Navigator 3.0 and higher (on Win 95, NT, Sun Solaris 2.5x, 2.6, SGI Irix 6.x and HP-UX 10.20) and by Microsoft Internet Explorer 3.02 with authenticode 2.0 update and higher (on Win95 and Win NT 3.5.x or later on x86 platform.)

For signing and encrypting E-mail, Digital IDs are supported by Netscape Messenger and Microsoft Outlook, Outlook Express and by any other S/MIME (Secure Multipurpose Internet Mail Extensions) enabled E-mail application such as Deming, Frontier, PrE-mail, Opensoft, Connectsoft, and Eudora.

 

The latest Web browser packages (specifically Netscape Communicator and Microsoft Internet Explorer), have E-mail applications included (Netscape Messenger and Microsoft Outlook Express), so Digital IDs obtained through these packages can be used for both E-mail and the Web. If you are using an E-mail application other than Netscape Messenger or Microsoft Outlook Express, you should obtain your Digital ID through the E-mail vendor.

 

 

Back To Top

  --------------------------------------