Table of Contents
Advertisement
6.9 Certificates
Public-key cryptography uses a pair of keys: a public key, which encrypts data,
and a corresponding private key, for decryption. Your public key is made
known to the world, while your private key is kept secret. Anyone with ac-
cess to your public key can encrypt information that only you can read.
The public and private keys are mathematically associated; however it is com-
putationally infeasible to deduce the private key from the public key. Anyone
who has a public key can encrypt information but cannot decrypt it. Only the
person who has the corresponding private key can decrypt your information.
Technically, both public and private keys are large numbers that work with
cryptographic algorithms to produce encrypted material. The primary benefit
of public-key cryptography is that it allows people who have no preexisting
security arrangement to authenticate each other and exchange messages se-
curely.
GlobeSurfer 3G makes use of public-key cryptography to authenticate and en-
crypt Wireless and VPN data communication.
6.9.1 Digital Certificates
When working with public-key cryptography, you should be careful and make
sure that you are using the correct person's public key. Man-in-the-middle
attacks pose a potential threat, where an ill-intending 3rd party posts a phony
key with the name and user ID of an intended recipient. Data transfer that is
intercepted by the owner of the counterfeit key can fall in the wrong hands.
Digital certificates provide a means for establishing whether a public key truly
belongs to the supposed owner. It is a digital form of credential. It has infor-
mation on it that identifies you, and an authorized statement to the effect that
someone else has confirmed your identity.
Digital certificates are used to foil attempts by an ill-intending party to use an
unauthorized public key. A digital certificate consists of the following:
A public key
Certificate information the "identity" of the user, such as name, user ID and
so on.
Digital signatures A statement stating that the information enclosed in the
certificate has been vouched for by a Certificate Authority (CA).
Binding this information together, a certificate is a public key with identifica-
tion forms attached, coupled with a stamp of approval by a trusted party.
6.9.2 X.509 Certificate Format
GlobeSurfer 3G supports X.509 certificates that comply with the ITU-T X.509
international standard. An X.509 certificate is a collection of a standard set of
fields containing information about a user or device and their corresponding
157
Advertisement
Table of Contents
