Digital Certificates are a means by which consumers and businesses can utilise the security applications of Public Key Infrastructure (PKI). PKI comprises of the technology to enables secure e-commerce and Internet based communication.
Why is security needed on the Internet?
The number of people and businesses online is continuing to increase. As access becomes faster and cheaper such people will spend even more time connected to the Internet for personal communication and business transactions.
The Internet is an open communications network that was not originally designed with security in mind. Criminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool users must be able to communicate securely.
What does security provide?
- Identification / Authentication:
The persons / entities with whom we are communicating are really who they say they are. - Confidentiality:
The information within the message or transaction is kept confidential. It may only be read and understood by the intended sender and receiver. - Integrity:
The information within the message or transaction is not tampered accidentally or deliberately with en route without all parties involved being aware of the tampering. - Non-Repudiation:
The sender cannot deny sending the message or transaction, and the receiver cannot deny receiving it. - Access Control:
Access to the protected information is only realized by the intended person or entity.
All the above security properties can be achieved and implemented through the use of Public Key Infrastructure (in particular Digital Certificates).
IDRBT CA offers the following classes of Digital Certificates :
Class 1 Certificate:
Description: Class 1 certificates are issued only to individuals employed in banks and financial institutions. Class 1 certificates confirm that a user’s name (or alias) and e-mail address form a distinct subject name within the IDRBT CA repository. Class 1 certificates are added to his/her set of available certificates in the directory services. They are used primarily for digital signature to enhance the security of these environments. Class 1 Encryption Certificate is used for e-mail purposes.
Following the submission of Class 1 Certificate Application (both online and offline) to the RA under IDRBT CA, the RA verifies the name, e-mail address and the postal address in the request. RA has the right to reject the certificate request if it finds not meeting the criteria. RA then digitally signs the certificate request and sends to IDRBT CA for the issuance of the certificate. Although IDRBT CA’s Class 1 Certificate identification process is a method of authenticating a certificate applicant’s identity, it does not require the applicant’s personal appearance before the RA.
The validity period of Class 1 Certificates is two years.
Assurance level: For Class 1 Certificates the authentication of the identity is done by the RA. The verification of the certificate request represent a simple check of the certainty of the subject name within the IDRBT CA repository, plus a limited verification of the address, other personal information and e-mail address.
The Class 1 Certificate is intended to use for Digital Signature and Class 1 encryption Certificates is used for Encrypting e-mails. Class 1 Certificates shall be Digital Certificates under IT Act, and the legal effect, conjecture and evidentiary value of Digital Certificates as provided in the IT Act will be applicable.
Class 2 Certificate:
Description: Class 2 certificates are issued to individuals employed in banks and financial institutions and to the servers used in financial transactions.
The RA bases it on the verification of the application form and the certificate request. The Applicant/Subscriber submits the Certificate Application (both online and offline), the documents (as mentioned in section 4.1.2 of IDRBT CA CPS) to the Registration Authority under IDRBT CA. The RA verifies the name, e-mail address and the postal address in the request as well as the documents supplied along with the certificate request. RA has the right to reject the certificate request if it finds not meeting the criteria. RA then digitally signs the certificate request and sends to IDRBT CA for the issuance of the certificate. Although IDRBT CA’s Class 2 Certificate identification process is a method of authenticating a certificate applicant’s identity, it does not require the applicant’s personal appearance before the RA.
The validity period of Class 2 Certificates is two years.
Assurance level: Class 2 Certificate processes utilize various procedures to obtain probative evidence of the identity of individual applicants who are employed in banks and financial institutions. These validation procedures provide strong assurance of an applicant’s identity.
The Class 2 Certificate is intended to use for Digital Signature, and Encryption of messages. Class 2 Certificates shall be Digital Certificates under IT Act, and the legal effect, conjecture and evidentiary value of Digital Certificates as provided in the IT Act will be applicable.
Class 3 Certificate:
Description: Class 3 Certificates are issued to Individuals employed in banks and financial institutions as well as Servers. Class 3 Certificates provide important assurances of the identity of individual employed in banks and financial institutions subscribers by requiring their personal (physical) appearance before an RA. All the personal details (as mentioned in section 4.1.2 of IDRBT CA CPS) will be physically verified by the RA office and after confirmation of facts it will recommend the issuance of the certificate. He/She has the right to reject the certificate request if he/she finds it not meeting the criteria. The private key corresponding to the public key contained in a Class 3 certificate must be generated and stored in a trustworthy manner according to applicable requirements.
If the organization wants to be a Registration Authority under IDRBT CA, the authorized representative of the organization must personally appear before the IDRBT CA office with the necessary documents mentioned above. The IDRBT CA will issue Class 3 Individual employed in banks and financial institutions Certificate after verification.
Class 3 Certificates for Secure Web Server will help web servers to enable secure communications through the use of Secure Sockets Layer (SSL) technology. IDRBT CA Secure Server Certificate boosts the credibility and scope of your website with today's strongest encryption available for secure communications. Along with the application form the authorized person must give the domain name or the Server IP address on which it needs the Certificate. The domain name must be registered and the proof must also be accompanied with the application.
Assurance level: Class 3 Certificate processes make use of various procedures to obtain strong confirmation of the identity of individual employed in banks and financial institutions applicants as well as the server. These validation procedures provide stronger guarantee of an applicant’s identity. Utilizing validation procedure by the Registration Authorities boosts the practical uses and trustworthiness of Class 3 Certificates.
The Class 3 Certificate is intended to use for Digital Signature, Encryption of messages, Object signing and Secure Web Server.
Class 3 Certificates shall be Digital Certificates under IT Act, and the legal effect, conjecture and evidentiary value of Digital Certificates as provided in the IT Act will be applicable.
Source of data http://idrbtca.org.in/
republishing for general awareness
EmoticonEmoticon