What is 3rd party certification?
The 3rd party certification is a scientific process by which a product or service is reviewed by a reputable and unbiased 3rd party to verify that a set of criteria, claims or standard are being met. 3rd party certification enables commerce and condition of companies in telecommunication, finance, healthcare, life science, public sector and other industries provide a crucial layer of intelligence and security that protect data and deliver information safety program, which make users feel secured for their personal information such as ID, password, and credit card numbers to protect from phishing and spoofing attacks.
Certificate Authority (CA) is a trusted 3rd party in a public key security system. It’s responsible for vouchsafing the identity of users and issuing with certificates that bind the public key to their identities. In Malaysia, MSC Trustgate.com Sdn. Bhd. and Verisign.com are licensed CA. As a CA, it provides digital certification service, including digital certificates, cryptographic product, and software development.
Whereas Verisign.com is the leading Secure Sockets Level (SSL) Certificate Authority (CA) which is a secure way of transferring information between two computers on the Internet using encryption and this enabling secure e-commerce and communication and interactions for Web sites, intranet, and extranet.
For example,
Maybank2U.com is certified by Verisign.com, which enable users to feel more secured in making online transactions through its internet banking services.
Another ex
ample of financial institute is Public e-bank.com. It has been certified by MSC Trustgate.com as to provide trusted and encryption technology that secure its online communication and protect users’ vital information from prying eyes. MSC Trustgate.com is the 1st Malaysian Internet trust solution company which is authorized to offer 128-bit SSL server ID. It also offers Digital ID for Mykad (Malaysian National Identity Card) that is used in online tax filing, e-procurement and others.
SSL have a variety of security measures:
- The client may use the certificate authority's (CA's) public key to validate the CA's digital signature on the server certificate. If the digital signature can be verified, the client accepts the server certificate as a valid certificate issued by a trusted CA.
- The client verifies that the issuing CA is on its list of trusted CAs.
- The client checks the server's certificate validity period. The authentication process stops if the current date and time fall outside of the validity period.
- Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.
- Numbering all the Application records with a sequence number, and using this sequence number in the message authentication codes (MACs).
- By using digital certificates users’ trust on online transaction can be increased. However users must be a smart when making any transaction via internet to avoid disclosure of customers’ confidential information. Finally with CA, the development of internet based activities can be
stimulated.
No comments:
Post a Comment