The administration of users, identities and their authentication data is becoming more important than ever in the electronic world. The conventional method of password-based user authentication gives rise to security issues as the intrusion techniques (phishing, Trojans etc) are getting more and more sophisticated. In addition, this method is also becoming a real challenge for users who have to memorise and regularly change passwords for a rapidly growing number of different systems and access types. These problems can be solved by certificate-based authentication solutions which can be bound to an additional hardware/security token (smart card, USB flash drive).
Certificate-based solutions can be used not only for user authentication, but also for signing and encrypting data and messages. A so-called public key infrastructure (PKI) is required to generate and administrate such user certificates. Depending on the application, the security requirements and the company size, different types of infrastructures are possible – from “small” Microsoft Windows- or Linux-based PKIs all the way to complex trust centre environments complying with the stringent requirements of the digital signature legislation.
Certificates are used in various technical guises. Different certificate-based applications rely on different formats, for example
- Card Verifiable Certificate (CV)