Certification Authorities

Written by Kevin Tavolaro
Bookmark and Share

Certification authorities are the trusted third parties assigned to regulate and verify the interaction between the user's public and private keys. Certification authorities act as gatekeepers for the digital age. The certification authority vouches for the integrity of the transaction by insuring that an individual's public key is correct and actually belongs to the individual in question.

In face-to-face interactions, this is could easily be done by simply recognizing someone, or by checking a photo ID. In the faceless anonymity of the Internet, a more thorough and secure method is often needed. This is where the certification authority comes into play. The certification authority is an outside party with an established reputation and integrity. By vouching for the validity of public and private keys, the certification authority provides a secure stamp of approval on the transaction.

Certification Authorities and Integrity
When an organization applies for a signing key, the certificate authority proceeds to conduct extensive research into the company's background. They verify that the company is owned by who it claims to be owned by, and validate the identity and reputation of the owner. They then verify that the domain name requesting the certificate is identical to the company name. In addition, the company's physical location and reputation are checked as well. All of this information is then included in the digital certificate, providing the user with full knowledge of the company's integrity.

Certification authorities store data necessary to recognize a user's public key. After comparing this information, certification authorities then attest to the validity of the key by signing it with their own root cryptographic signing key. This signing key also serves to confirm their identity, and is akin to a physical signature.

Bookmark and Share