|
Home / Business / E-Commerce
Digital Certificates and Secure Web Access
By:Jonathan Gay BA (hons) CISA MBCS
Introduction
This article describes the use of Digital Certificates as a mechanism for strongly authenticating users to web sites where identity information is required. Before the advent of digital certificates the only option for authenticating users to a site was to assign a username and password. Digital certificates on the other hand provide for much more robust access control and have a number of benefits over username and password.
Username and password authentication
Using username and password the process is generally as follows: each time a user wishes to access a web service the user navigates to the site and authenticate themselves to the application using unique username and password. This data is passed to the server (hopefully in an encrypted form), the application looks up the username and the password (or a representation of the password) in some form of access control list and provided the information matches the user is granted access.
This method has some obvious limitations:
* The username and password are passed over the web (encrypted or unencrypted) with the typical security concerns of interception.
* The systems administrator normally has unrestricted access to all usernames and passwords with associated security and liability concerns for the service provider (especially with confidential data)
* The user needs to remember as many usernames and passwords as are required by their applications leading to inevitable support issues to recover lost access data
Digital Certificate Authentication
The typical digital certificate web access process is:
The user navigates to the website. Before allowing access it checks the certificate against the access database. The user enters the password locally to confirming their access right to the certificate and is allowed to the website.
Benefits of certificates over username and password:
* General security is enhanced: the user needs both the certificate itself and the password to the certificate to gain access.
* The password is never passed over the web, not even during account set-up.
* At no stage do systems administrators have access to user passwords.
* The certificate can electronically sign data on the website with the benefit of non-repudiation.
* The user uses one digital identity with one password to access a range of applications (reduces passwords to remember).
Implementing Digital Certificates
All major web servers support client authentication via certificates. An SSL certificate on the web server (to support https) enables configuration of client authentication and only requires specification of the access rights for each directory served by the web server. Amend the web application to support client authentication by certificates. If any code was developed to handle user name and password, then the certificate credentials can be looked up in an access control list in just the same way. Client certificates are issued via a Public Key Infrastructure (PKI) You can choose implement your own or use the services of a Managed Service Provider such as Diginus Ltd.
Wider Use
Once customers or employees have digital certificates, the same certificates can be used to digitally sign email, PDF and web forms and Microsoft Word documents. With a few small steps a corporate website can be transformed into the centre of a powerful web services infrastructure, with single sign on to multiple web applications, signed email and forms data exchange, all the time knowing exactly who is accessing the resources and data.
Digg
del.icio.us
Blink
Stumble
Spurl
Reddit
Netscape
Furl
Article keywords: Diginus, e-identity, PKI, Digital Certificate, OpenXPKI, SSL, e-government, e-commerce
Article Source: http://www.articles2k.com
Jonathan Gay BA(hons) CISA MBCS, is an IS Security professional specialising in identity management and Public Key Infrastructure (PKI) related matters. Jonathan works for Diginus Ltd the e-identity solutions company.
You can contact Jonathan via the Diginus Ltd web site www.diginus.com
|
|
| Top E-Commerce Articles |
- 1). The e-Commerce Revolution By : Michael Hehn
The Growth of E-Commerce
It's amazing all the changes in the way people do business in the short time since the beginning of the e-commerce revolution. The e-commerce revolution was predicted in the early stages of the internet. Those who predicted the sweeping business changes brought about by the world wide web knew what they were talking about.
In the early days of the e-commerce revolution customers were reluctant to give their credit card information to somebody on the internet.
|
|
|
- 3). Chain Emails, Hate’em! By : Ricardo d Argence
E-mail is one of the most used Internet tools, and it’s a real shame to fill it with trash that only wastes people’s time. This is one of the main reasons why some companies limit internet access to employees, because instead of raising productivity, web hosting servers get loaded with trash.
|
|
|
- 5). Protect Your Auction Business By : V. Raposo
One thing about eBay that a lot of people don't know is that you can have multiple user id's. Which means you can have more than 1 eBay account.
Here is why I feel it's important to have more than one user id. When you're selling on eBay with a certain id, you can focus it to a specific niche. You can keep it to the same products you use on your website.
|
- 6). More heads are better that one By : Dijana Dimitrovska
No matter how you are looking at things, if another person looks - he will see them differently. So, to be sure you are doing the right things on the right way, you should not only think systematically yourself, but also provide channels to get feedback and other opinions.
"The manager of one car-service company phoned all his daily customers after the working time to make sure they were satisfied with the service and to ask them if they could have done something better.
|
- 7). Merchant Accounts 101 By : Dwayne Garrett
For all of the new webmasters out there that have recently established a business and are looking to accept credit card payments online, here’s a little Merchant Accounts 101 course for you! In understanding how merchant accounts work, you will be better able to operate your online business smoothly and effectively.
|
- 8). Credit Card Processors By : R.S. Chawla
As per 2005 statistics released, on line trade grew more by more than 22% over previous year. To accept credit cards for online trade, you need a merchant account. Getting a merchant account is not easy for all. It does involve a lot of money. To solve this issue, another fast emerging choice is use of third-party factoring services, also known as credit card processors.
|
- 9). Selling on ebay? Find a reliable wholesaler. For free. By : Mike @ TheTraderHub.com
If you want to make money selling on ebay, you should look at finding yourself a wholesaler in the field you are selling in. A wholesaler is the 'bridge' between the manufacturer and the retailer. Quite often the manufacturer doesn't want to deal with individual retailers because of they may only sell hundreds of their product, whereas the wholesaler can sell thousands.
|
- 10). The Pros and Cons of Online Commerce By : Sezer Bozkurt
As the Internet comes of age more and more people and buying goods online. This has becoming a growing trend that looks like it will continue to grow. But what are the pros and cons of buying goods online?
There are several things to consider. Let’s start with the pros. As competition for online business keeps growing exponentially the prices of goods are being driven down.
|
| New E-Commerce Articles |
- 1). What to Look for in a Watch Wholesaler By : Dustin Cannon
When searching for a watch wholesaler, there are many details that you should look into. If you take the appropriate steps during this process you will end up doing business with a highly professional company that is willing to work with you to meet all of your needs.
|
- 2). Ordering Wholesale Watches By : Dustin Cannon
After you are set up with a watch wholesaler your work is not done. In fact, it is only just beginning. It is great that you have found a wholesaler who you can trust, but the fact of the matter is that you are just at the beginning of the process at this point.
|
|
|
- 4). Selling Watches On Ebay By : Dustin Cannon
Anybody has the ability to make money online with eBay. The great thing about eBay is that you can sell any item you wish (within reason) without having to spend much.
|
- 5). Wholesale Watches: Buy Online By : Dustin Cannon
If you are looking to buy wholesale watches there are many options available to you. But just like any other item, the internet is a great place to start your search.
|
|
|
|
|
|
|
- 9). Finding Products To Sell Online By : Obinna Heche
Billions of dollars worth of products are sold on eBay and other online merchants every year. Where are people getting all these items to sell? Surely, they have emptied their closets and garages by now. Even if they have, finding stuff to sell online is still relatively easy.
|
- 10). Ebay Store vs. Ecommerce Website By : Michelle Waters
Many times a new product seller is torn between creating an eBay store and setting up a web store on your own domain. This article will help you decide if an eBay store is the right choice for your business.
|
|
|
