First page > Focus > Focus

Focus

  • What is a digital certificate?

The digital certificate as such includes a series of attributes and information related to the person it identifies. The Digital Certificate or the Digital Signature is created by encrypting the contents of the document, using the sender’s cryptographic key. The signature is thus unique both for the file and for the key holder. Any and all changes to the document affect the signature, thus offering both integrity and authentication. Digital signatures use asymmetric encryption, requiring a key to create the signature and another key, related to the first one, to check it. In a public key security system, all participants need their own signature key or private key. The public key is distributed and identified by the digital certificates. The certificates are issued by trustworthy third parties, known as Certification Authorities (CA), undertaking liability for users’ identification and for granting the keys. CAs are often managed by companies able to guarantee for the operating right.

  • What are digital certificates used for?

Digital certificates are used for a wide range of electronic transactions, including e-mail, e-commerce, electronic funds transfer. Electronic commerce generally imposes the use of a server security certificate. Digital certificates are tools in the creation of secured confidential information communication channels.

  • Why do we need a digital certificate?

Virtual stores, electronic bank transfers and other electronic services are increasingly becoming usual, comfortable and flexible tools that can be used from home. Confidentiality and security concerns will be prevented through this new communication means. Encryption alone is not sufficient and does not provide enough information on the identity of the person sending encrypted data. Without special protection, you are undertaking certain risks in on-line transactions. Digital certificates solve this issue, offering electronic means to check a person's identity. Used in addition to encryption, the digital certificate offers a full security solution, confirming the identity of all parties involved in a transaction. Similarly, a secured server needs its own digital certificate to prove to the users that the server is actually used by the respective organization and that the data supplied is legal.

  • How does a digital certificate work?

Digital certificates use public key encryption techniques, through a pair of related keys, a public and a private one. In the encryption process, the public key is available to anyone who wants to communicate with the holder of the respective pair of keys. Public keys can be used to check private key-signed messages or to encrypt messages that can only be decrypted using the private key. Messages security is based on the security of the private key, which needs to be protected against unauthorized use.

In digital certificates, the pair of keys is stressed by the user’s name and other identification data. Digital certificates work as credible electronic means that can be checked by the site. This allows digital certificates to replace the method requiring a password to access confidential information or to restrict the occasional users’ access.

Digital certificates are signed by the certification authority issuing the respective certificate. The highest authority in the certificate’s trust line must be an independent, acknowledged authority, credible for the beneficiary.

  • What does authentication mean?

Authentication allows a digital message receiver to rely on both the sender’s identity and the message’s integrity.

  • What is a digital signature?

Digital signatures in electronic documents equal holographic signatures on printed documents. The signature is a data sample demonstrating that a certain person wrote or endorsed the document to which the signature was attached. In fact, digital signatures provide a much higher security level than holographic signatures. The signed message’s receiver can confirm both that the original message belongs to the person whose signature was attached, and that the message was not intentionally or accidentally altered after being signed. Furthermore, digital signatures cannot be contested; the subscriber cannot subsequently claim that his/her signature was forged. In other words, digital signatures allow the authentication of digital messages, confirming to the receiver both the sender’s identity and the integrity of the message.

  • What is the validity term of a digital signature?

Generally, keys expire after a certain period of time, for instance a year, and documents signed with expired keys are not acceptable. However, in many cases, certain signed documents need to be legally valid for more than 2 years, such as concessions and agreements. By registering an agreement with a digital signature carrying a timestamp upon the signing date, the signature can be validated even after the keys expire.

If all parties to the agreement keep a copy of this signature, any of them can provide proof that the agreement was signed using valid keys on the respective date. In fact, this signature can confirm the agreement validity, even if a subscriber's key expired subsequent to the agreement signing date. Any and all digitally signed documents confirm that the validity of the signature can be checked after the expiry of the keys.

  • How is a digital certificate used?

When receiving digitally signed messages, you can check the subscriber’s digital certificate to find out whether it is forged or not.

When sending messages, you can sign them and you can attach the digital certificate to ensure the sender that you actually are the sender. You can attach several digital certificates representing a certification chain, within which a digital certificate ensures the authenticity of the previous certificate. At the highest level in the hierarchy there is a credible certification authority without a digital certificate issued by another authority. The highest level authority's public key must be independently acknowledged (large scale published).
Moreover, you can use the digital certificate to access secured websites as member thereof. Usually, when obtaining a digital certificate, you can set up the website's security options or the e-mail application to automatically use this facility.

  • How are digital certificates obtained?

Anyone who desires to obtain a digital certificate first addresses an authorized certification authority. All certification authorities request minimum information to the user as to his/her identity, before issuing this certificate. After this information was supplied and checked, the respective certification authority approves or rejects the respective person’s request, as the case may be.

  • What documents are required to obtain a digital certificate?

The person interested in obtaining a digital certificate must submit a notarized statement. Romanian citizens are identified based on their ID bulletins or cards. Foreign citizens are identified based on their passports. If the person directly addresses the certification authority, the identity is checked on the spot, based on the ID.
If the person interested in obtaining a digital certificate represents an organization or a company, apart from the usual documents, the notification issued by the respective company certifying that he/she is an employee and represents the company's interests is required.

  • What are the stages in obtaining a digital certificate?

In order for the certificate to be issued, the following stages need to be covered:

-    Submission of the requested documents by the certification authority;
-    Purchase of the secured device, on which the certificate will be subsequently available and the corresponding generated keys pair (public and private);
-    Paying the certificate counter value;
-    Installing the drivers and the utilities corresponding to the system secured device;
-    Filling in the on-line registration form;

 When the on-line application is approved, a confirmation e-mail is received including the address and a sole identification code needed to download the certificate.

 Following the steps described in the received e-mail, the digital certificate corresponding to the keys pair on the secured device will be available.

After downloading the digital certificate, the e-mail and documents editing options can be set up to use the digital signature.

  • What are the minimum system requirements for digital signatures?

Digital certificates can be used on any computers running:
 
One of the following operating systems:
-    Windows 98 SE;
-    Windows Me;
-    Windows 2000/ XP;
-    Windows 2003;
-    Windows Vista.
 
E-mail client application:
-    Microsoft Outlook (starting 2000 );
-    Outlook Express;
-    Netscape (starting 4.67 );
-    Lotus Notes (starting 6.5 ).

Web browser:
-    Internet Explorer (starting 6.01);
-    Netscape Communicator (starting 4.67 ).
 

  • What information does the digital certificate include?

The data on the digital certificate is required when filling in the on-line form:

- Name – the person’s name (maximum 20 characters)
- Surname – the person’s surname (maximum 30 characters)
- E-mail address – e-mail address (maximum 64 characters)
- Company – employer company (maximum 64 characters)
- Position – the person's position (maximum 20 characters)
- User Windows Domain – domain user account (maximum 130 characters)
- Country – the country he/she carries out his/her activity in (maximum 2 characters)

Moreover, the certificate includes data on the issuer certification authority (Organization, Organization Unit), version, certificate expansions, serial number, signing algorithm, validity term, public key, revoked certificates distribution unit).

The e-mail address requested in the registration form represents the e-mail address to which the digital certificate is to be attached, from which signed or encrypted messages can be sent. The e-mail address must represent a valid e-mail account, organization-type. No digital certificates can be associated to Internet e-mail addresses (yahoo, hotmail, etc.)

  • What is an extended electronic signature?

Extended electronic signature is legally equivalent to holographic signatures. Such a signature is hard to challenge in court, providing for the sole authentication of the subscriber and the integrity of the signed documents.

The Expanded signature scope includes:

-    Submission of on-line statements to ANAF;
-    Invoice signing (According to the fiscal code);
-    Signing the documents sent by O.N.R.C. for companies settlement  (according to the new regulations in force regarding registration with the Trade Registry);
-    Reports to CNVM  - compulsory for all entities regulated and monitored by CNVM;
-    Messages signing by other state authorities (SEAP, CSA-CEDAM, BVB);
-    Signing and/or encrypting the messages sent by e-mail to the partners;
-    Authentication in private IT systems or on the company’s domain etc.

  • What is a timestamp?

Through time stamping, an electronic document is linked to a data package that guarantees that the file existed in a certain form at a certain time, which allows the avoidance of various disputes.

Timestamps are created through data encryption and the users can use this opportunity through a web browser.

The elements of the timestamp are:

- The stamp attached to the marked electronic file;
- The date and time corresponding to the stamped file, expressed in universal time;
- Date uniquely identifying the timestamp services supplier;
- The timestamp supplier’s registry number.

  • What are the main Internet navigation hazards?

Internet navigation does not prevent certain inconveniences we can be subject to, inconveniences that can be avoided using digital certificates. Thus, possible perpetrations can be avoided, such as:
-    On-line frauds;
-    Personal data interception;
-    IT sabotage;
-    Unauthorized access to confidential data;
-    IT forgery;
-    Hacking;
-    Spoofing;
-    Phishing.

Using electronic signatures in on-line transactions, in e-mails, on-line payments, stock exchange transactions or electronic submission of official documents (to ANAF, the Trade Registry, SEAP, ITM, etc.), one can be sure that the data is secured and authentic.

microsoft certified tuv tuv austria verisign secured ines group
@2009 DigiSign. Toate drepturile rezervate