********************************************************
* Description: Knowledge of network digital certificate
* Compatiablity: RDBMS 11g, 12c
* Date: 04:14 PM EST, 05/22/2017
********************************************************


 
<1> Network Digital Certificate:
     |
     |__ o. Electronic ID and encryotion systems developed for use over the internet. The purpose is for agent identification verification, data encryption via public key.
	 
         o. Simply speaking, when user visits one website, which requests high secure and sensitive data, such as online bank/shopping, via a browser, the website should
            show the certificate issued by one Certificate Authority, like GoDaddy or Digicert to internet user to approve my website is real and sercure for transaction.

         o. For example, when you visit https://www.BankofAmerica.com, you should see a green LOCK icon within navigation bar as this webiste is certificated.
            When you visit the website for first time, the certificate will be cached in your browser for future use. This same process happen connecting to any HTTPS website.

         o. Public Key Infrastructure [PKI]

         o. The CA is the trusted authority that certifies individual's identities and creates electronic ocuments that verifies individuals and organizations are who they say they.
            There are serveral third party commerical companies to provide the services as a CA.

         o. Types of certificates:
                 >> Class1 - Exchange secure email.
                 >> Class2 - Generally used to sign software.
                 >> Class3 - Used when an organization wants to setup their own CA hierachy.

         o. Certification lifecycle: Registration => Creation => Suspension => Revocation => Expiration => Renewal

         o. Digital Signatures:
                 >> Digital signatures attempt to guarantee the identity of the person sending data from one point to another.
                 >> It is piece of small data that encrypted attached to the core data being sent over with public key
                 >> If core data got modified during packet transmission process, the signature will be demaged when receipant receives it.
		 
         o. Certificate Types:
             |
             |__ Server certificate - identify remote web host server.
                 Client certificate - identify your machine to remote web server.
				 
         o. When you view a secure website, your browser uses cryptography to verify that a certificate authority (CA), usually a trusted independent third party 
            (e.g., USERTrust or VeriSign), has registered and identified the server. The verification occurs through the use of SSL certificates. 
            The CA cryptographically signs the web server's certificate with its own certificate. Because your browser trusts the CA, it will therefore also trust the web server.

            The CA's certificate must also be signed. It may be self-signed, in which case it is known as a root certificate, or it may be a signing certificate signed by 
            the root certificate. CAs will often sign their signing certificates with their root certificates, and then take the root certificates offline and store them in 
            physically secure facilities. Their signing certificates will then be actively used to sign server certificates.

            As long as your browser can either assign a level of trust to the CA's signing certificate, or follow the chain of trust back to the root by checking the 
            cryptographic signatures of all the certificates in the chain, security and trust can be established.
			
			
			
                                     ------------------------------
                                     | Certificate Authority [CA] |  
                                     ------------------------------    .................... Third party commerical companies, such as Symantec, DigiCert.
                                                   ||
                                                   || 
                                                   ||
                                           --------------------        ..................... Since Symantec needs to be approved being certificated as well. 
                                           | Root Certificate |                              So, it self-signed itself as root certificate,
                                           --------------------                              and takes the root certificates offline and store them in physically secure facilities.
                                                   ||
                                                   ||
                                                   ||
                                         -----------------------
                                         | Signing Certificate |       ..................... Since root certificate got stored, so CA uses root one to authorize "Siging Certificate".
                                         -----------------------                             And, CA uses signing certificate to issue certs to web hosts.
                                                   ||
                                                   ||
                                                   ||
                ------------------------------------------------------------------------------
                ||                         ||                      ||                       ||
                ||                         ||                      ||                       ||
                ||                         ||                      ||                       ||
                client certificate         client certificate      client certificate       client certificate
                bankofamerica.com          walmart.com             amazon.com               other website ...
                			
											
																					
<2> Reference:
     |
     |__ https://kb.iu.edu/d/auaw

Your Comments