Manualshelf

HP Printers - Certificate-based authentication for data security (whitepaper)

ManualsBrandsHP ManualsPrint & ScanCE525A
12345678
2
Introduction
This document uses a simple analogy to help you understand how certificates are used for identity and
authentication. Analogies are good at showing how a new idea is very similar to an idea that people are
already very familiar with. This analogy compares digital certificates to the old-fashioned paper
certificates. The analogy works so well that a lot of questions about digital certificates can be answered by
thinking of how things work with paper certificates.
A certificate (digital or paper) is nothing more than a statement about something that is being made by
someone with recognized authority.
Analogy: A simple checking account
For quite some time, people have been writing little notes which promise that a person will receive a
certain amount of money if they bring the note to the bank. These have been called “bank notes” or
“checks”. The banks have set up rules that apply to checks so that a customer’s account can’t be wiped
out by someone presenting a fraudulent (forged) check. One of the most important rules is that the check
be signed by the account holder. The signature is presumed to be unique and difficult to copy. And, the
bank keeps an example of it on hand (the “signature card”) for whenever direct comparison is needed.
Another common rule requires that the person receiving the money be the same as the person named on
the check.
The check is a paper certificate. It states that a certain person should be paid a certain amount of money
from a certain account at a certain bank. The statement is made by the owner of the bank account. If the
validity of the certificate (check) can be verified, then the money is paid.
The bank authenticates the check using the following process:
Verify the signature of the account holder (the “signature card”).
Verify the identity of the person presenting the check (endorsement signature, other certificates
like driver’s license or government ID which contain a photo and a signature).
A digital certificate is also a statement. Most often, it declares that a specific person or device has some
special authority and/or capabilities. And, it has a digital signature which comes from a recognized
authority which is unique and difficult to copy.
A digital certificate is authenticated using the following process:
Verify the signature of the authoritative source.
Verify the identity of the device presenting it.
This is basically the same process as verifying a paper check.
Verifying a digital certificate
The first step in verifying a digital certificate is to check the digital signature. The “signature card” for a
digital certificate is called a “CA Certificate”. “CA” stands for “Certificate Authority”. It is a special kind of
certificate that is used to apply signatures to other certificates. It contains a perfect copy of the digital
signature. You can get one of these anywhere certificates are being signed. They are given out freely to