How Digital Certificates Work

[1] Using the dual-key cryptography algorithm, the Digital Certificates allow users to exchange Public Keys to secure and authenticate each other.
There are two main uses for Digital Certificates are for:

1. Secure Email

2. Secure Access

And when considering using Digital Certificates you need to consider:

3. The Digital Certificate policy

4. The Registration Authority Function

• Communication; Secure Email

User A and B exchange Public Keys and use the other person’s Public Key to encrypt messages back to each other. Only User A has the Private Key that can decrypt any the messages encrypted with User A’s matching Public Key.









• Secure Access

In the case where a web server has a highly secure area and wishes to give restricted and controlled access to the information stored on it, then usernames and passwords do not offer sufficient protection. Replacing this insecure login method with a Digi-ID™ [2] solves this problem.

There are two types of Digi-Access™ [3] authentication systems:

One-to-One Authentication
One-to-Many Authentication




• One-to-One Authentication

Public keys and Private Keys ‘recognize’ each other and because the Public Key can be freely distributed, the web server can store all the Public Keys belonging to its list of authorized users and match the Keys for users seeking access. This is called On-to-One authentication.
User A’s Public Key is stored on the web server. When User A attempts to gain access to the server, the server asks User A’s browser’s Certificate Store to confirm that it has the matching Private Key to the Public Key stored on the server. If the match is confirmed, User A is granted access.

In simpler deployments, you might only need to identify groups of users in which case the One-to-Many implementation is faster to implement and easier to manage.








• One-to-Many Authentication

In One-to-Many Authentication, the entire group of users or several sub-groups are formed. The server is then configured to seek the Signing Certificate only, in which case, the server doesn’t need a copy of each individual’s Public Key.

This is easier to deploy and manage because the server doesn’t require a unique configuration for each Digi-ID™ that will be used to access it. By its simplicity, the server is configured once and any number of users can access it without any further intervention and still the individual user can be revoked so that access is denied on the individual basis as needed.