Chain of Trust
In computer security, a digital certificate is an electronic document that stores information about its owner and is electronically signed by its issuer. While the standard issue digital certificate is usually used for storing identity and access information, such as for websites and in smart-cards, we have repurposed it for use in this specific application.
A typical X.509v3 certificate contains:
- Identity of the person it is issued to;
- A public key;
- Information on the issuing organisation;
- The rights granted by the issuer;
- The validity period for the certificate;
- A digital signature by the issuer’s private key
As a subscriber, you will be given a unique private key that enables you to issue and sign an unlimited number of digital certificates, which can be verified against the public key using industry standard Public Key Infrastructure (PKI). Any tampering of the information stored in an electronically signed document would alter its digital signature, invalidating any checks against the public key.
We have employed modern and secure digital signature algorithms based on performance-optimized elliptic curves. The use of strong cryptography, with a minimum of 256-bit keys and signatures, ensures that the digital certificates that we issue are tamper proof for years to come.
All this security does not prevent someone else from cloning the digital certificate signed with their own private key. An additional capability is needed to prevent this – the information stored on a digital certificate is authenticated by verifying its digital signature against the public key of its issuer, all the way up its chain of trust, ending at its trust anchor – us.
Our system provides a publicly verifiable chain of trust, which allow the authenticity of the certificates to be easily checked by anyone with incontrovertible proof that they are not forgeries. Thus, any identity and credentials stored within our certificates is completely trustworthy.