Digital ID
A digital ID, or digital certificate, is an electronic version of an ID
card or passport, issued by a trusted, independent organization such as
AlphaTrust. You use a digital ID to send and receive information
electronically that is encrypted and/or "signed"--not physically signed,
but electronically marked in a way that ensures that the message came from
you and only you, has not been altered by anyone else, and can only be
read by its intended recipient.
With an AlphaTrust Digital ID™, your digital signature has the same
legal validity as a traditional (conventional) pen-and-paper signature.
Imagine being able to sit at your computer and "sign" a lease, a loan,
a contract, a purchase order, or any other document that requires a legal
signature. Imagine being able to trust the digital signatures on documents
that you receive electronically. Digital IDs are about to change the way
things get done for individuals, businesses of any size, organizations,
and government agencies.
For personal or business use, a digital ID can
also be used to encrypt email messages to ensure that no one but its intended recipient is reading the email
messages you send. Most people have received at least one misdirected
email message. When you use an AlphaTrust Digital ID™
, you can be assured that no one else is reading
your email.
To get an AlphaTrust Digital ID™ digital, you just submit
an application to AlphaTrust, along with a unique number called a public
key, part of a pair of numbers called a public-private key pair that is
easily generated by AlphaTrust or your Microsoft or Netscape browser
software. AlphaTrust links your personal information with your public key,
and issues you a digital certificate that can be downloaded electronically
or sent to you on a floppy disk. Certificates are usually valid for a
one-year, two-year, or three-year period, and contain information about
who issued the certificate, its serial number, and any restrictions on its
use.
Your public and private keys, numbers that are related to each other by
a cryptographic (or mathematical) formula, are stored on the hard disk of
your computer, or on an electronic card. You don't see them, or need to
remember them. They are used by your software to encode and decode, and to
check the validity of messages.
Your Microsoft or Netscape email programs are already equipped to use
digital certificates, and many other programs are or soon will be. The way
your certificate looks on the screen when you view it depends on which
email program you use, but it is really a collection of data that is
stored on your hard disk.
While the underlying technology is complicated,
once you sign up for an AlphaTrust Digital ID™
, it's simple to use your digital certificate.
You'll activate two icons on your e-mail program, and with the click of
your mouse you can encrypt and/or digitally sign any information that you
want to send electronically.
Once you've sent a copy of your digital
certificate to someone, they will be able to decrypt and validate any
information that you send. It's easy to do, and AlphaTrust provides
the technical support that you might need to get started, and the ongoing
member services that will allow you to make the most out of your digital
ID.
To get an AlphaTrust Digital ID, you just submit
an application to AlphaTrust that includes unique, identifying information
about yourself. Upon verification of your identity and approval of your
application by AlphaTrust, a Digital ID will be generated and transmitted to you
via secure media (encrypted floppy disk or Smart Card w/reader).
Installation of your Digital ID is automatic, using AlphaTrust's customized,
self-executing software application that comes on the floppy or Smart Card.
Within minutes you are able to send and receive encrypted, digitally signed
documents and messages.
The technology that makes digital signatures and encryption work is
based on a type of cryptography that uses computer-generated pairs of
numbers that have a mathematical relationship to each other. The
mathematical relationship is known to the software embedded in your
computer, but it's not something that you see. This technology is called
Public Key Infrastructure (PKI), and it has been in use for 22 years. It’s
the same technology that allows the secure transmission of your credit
card number when you order something online over a secure connection.
Once you have your digital
ID (identifying information about you linked to your public key), you can create
digital signatures. You need someone else's digital ID to encrypt the documents
you send to them.
While you are just clicking on icons in your email program, the
under-the-covers process of creating a digital signature works like this:
- Your application software (Microsoft, Netscape,
or other browsers and email programs) executes an algorithm (a
mathematical formula) on the document or email message that you want to
send, reducing it to a 160-bit string of information. No two documents
will convert to the same 160-bit value. This process is called hashing,
and the 160-bit value is called the hash.
- The hash gets encrypted using your private key.
- The encrypted hash is sent or stored, along
with your digital ID, which has your public key in it, and the original
document.
- The recipient receives the document, along with the other
information, and the recipient's email program hashes the document
again. It knows which formula to use to hash the document because the
algorithm is sent with the encrypted hash message. The recipient's email
program also decrypts the encrypted hash of the original document, using
the public key in the sender's digital ID. It can decrypt the document
with the public key, although it was encrypted with the sender's private
key, because the two keys are mathematically related, and the
mathematical formula is programmed in the software. The email program
checks to see if the two hashes match. When they do, the email program
recognizes a valid digital signature.
You can encrypt messages and documents with or without signing them.
The encryption process is separate from the digital signature process, and
requires that you have the digital ID of the intended recipient of an
encrypted document. The under-the-covers process of encrypting works like
this:
- Your email program takes your document or
message and encrypts it using a formula that is programmed into your
software. It's a formula (called Triple-DES) that uses a random-number
key that the software is programmed to generate.
- Your email program then encrypts that
random-number key using a different encryption algorithm and the
recipient's public key.
- When the recipient receives the encrypted
message, the recipient's software uses its own private key to decrypt
the encrypted Triple-DES key. It can decrypt using its private key
because of the mathematical relationship of the public-private key pair.
- Using the decrypted key, the email program decrypts the document or
message.
|