x.509 and cryptographic standards make it impossible that two identical certificates can be issued from the same Digi-CA™. Every certificate is unique.

A person’s ‘proof of identity’ can be proven using various traditional methods. For example: private information that only that specific person could know; a letter from a notary, lawyer, accountant, employer or Peace Commissioner identifying that person; bank, passport, national ID card or insurance number; eye scan, finger print, biometrics; etc. Every person is unique.

The whole purpose of the certificate is to identify the specific person or device in the digital world. Once the unique identity is proven using traditional methods, then the unique certificate can be issued.

The process of mapping the unique certificate to the unique person or device is called the Validation Process. The Validation Process is based on the specific CP for the specific certificate and is set out when Digi-CA™ is first designed and installed.

The Digi-CA™ is the digital equivalent of an identification authority like an employee ID card, a passport office or a national identity card issuer. In all of the above cases, the identity of the end user is checked and an ID is issued to certify that the person is who they claim to be. In the case of the Digi-CA™, it issues the certificate to each end user after their ‘real world’ identity has been verified.

The process of issuing the certificate is similar to the steps used to issue an employee ID card, passport or national ID card.

Validation Examples

How an end entity certificate is validated is central to the security and legality of the certificate and the Digi-CA™. If the Validation Policy is weak or can be easily circumvented, then personal identity theft or impersonation is possible. In other words, there is no way to ‘tie’ the certificate to the user.