Network: The virtual fingerprint

One of the toughest problems faced by Net users is that of authenticati on: how do you know who you are really dealing with? Now there is a way to tell. Jan Libbenga reports

Although the Internet has become a hotbed of advertising and commercial activity, shopping online is still in its infancy. Sure, you can order any product on the Web and pay by credit card or even by digital cash, but there is no guarantee that what you've ordered will be delivered to your doorstep.

How do you tell a genuine online shop from an outright fraud? You can't. There is not even a Web police force to chase the pranksters. It is not just shopping that worries users. According to Bill Gates, billionaire owner of Microsoft, more than 80 per cent of the e-mail sent in his name is actually from pranksters.

But help is at hand. An American company called VeriSign issues digital signatures, "fingerprints" that assure you that the people you are dealing with online are indeed who they say they are, or that documents haven't been tampered with. Digital signatures are based on a technique called public key cryptography, which is used for scrambling information so that it can't be viewed by anyone other than the intended recipient.

To sign a digital signature to a document you need to create two digital numbers called "keys", one public and one private. You feed both the document and your private key into a computer program, which creates the signature and puts it on the document.

With a copy of your public key, the recipient can determine whether the signature is authentic. Digital IDs are superior to written signatures because they cannot be altered. A signed document can always be changed; that's why both parties should keep a copy. But if you try to change a digital document it will invalidate the signature.

Digital signatures have other advantages, as well. You can always tell when a document was produced, as long as it has been time-stamped. If someone claims he wrote a song which in fact belongs to you, you may be able to prove him wrong.

Digital signatures are not a new phenomenon. They are currently built into most popular Internet cryptology programs such as Pretty Good Privacy (PGP). Unfortunately, many of the public keys used for these programs are not at all genuine, either. Some of them belong to people who claim deeply suspect e-mail addresses such as

Until recently there was no trusted certificate authority to issue public keys. That's why VeriSign is offering several classes of public certification. Not only will VeriSign confirm that your e-mail name is a unique name in their database; it will also take information from you in order to verify it with a third party. With some classes you even have to present yourself (in person) to an authorised party. Say you run a company called Anysoft, and would like to sell software over the Internet. If someone connects to a secured Web site with the address, he can be sure that it is Anysoft he's dealing with. VeriSign charges about $300 for a merchant validation.

Web browsers and servers are the first wave of products designed to take advantage of the technology. VeriSign's digital IDs are already used in Web browsers from Netscape and Microsoft. Microsoft even uses the technology to legitimise copies of commercial software downloaded over the Net. Digital signatures can also be used to authenticate publishers of software components written in languages such as Java and ActiveX.

Java originally used a "sandbox" model for security, in which Java components loaded from the network were granted extremely limited capabilities. But, with a new signing technology called Authenticode, applets (tightly focused mini-applications) can be given free rein to do virtually anything. Depending on their digital signature, of course.

In Microsoft's new browser, Internet Explorer 4 (still in beta), users can even identify four zones of trust, including Internet and intranet (sites inside a corporation), where applets can be either "trusted" or "untrusted".

VeriSign is not the only company that develops digital IDs. The telecommunications company GTE has a product called CyberTrust which has the same features and levels of service that VeriSign offers. The US Postal Service is planning to use IDs for e-mail services only. It will charge for a digital postmark for each transaction.

Although VeriSign faces potential competition from these companies, most observers say that it has an impressive head start. VeriSign has issued more than 100,000 digital IDs and has partnerships with more than 50 leading Internet application providers. Last year the company announced a strategic alliance with America Online (AOL) to provide its customers with digital IDs for use in a wide range of electronic commerce and communications applications. Others will follow.

So, digital IDs are here to say. Better not send any e-mail without them.

VeriSign -

Start your day with The Independent, sign up for daily news emails
Life and Style
Steve Shaw shows Kate how to get wet behind the ears and how to align her neck
healthSteven Shaw - the 'Buddha of Breaststroke' - applies Alexander Technique to the watery sport
Arts and Entertainment
The sight of a bucking bronco in the shape of a pink penis was too much for Hollywood actor and gay rights supporter Martin Sheen, prompting him to boycott a scene in the TV series Grace and Frankie
footballShirt then goes on sale on Gumtree
Terry Sue-Patt as Benny in the BBC children’s soap ‘Grange Hill’
voicesGrace Dent on Grange Hill and Terry Sue-Patt
Have you tried new the Independent Digital Edition apps?
ebookA unique anthology of reporting and analysis of a crucial period of history
Arts and Entertainment
Performers drink tea at the Glastonbury festival in 2010
Arts and Entertainment
Twin Peaks stars Joan Chen, Michael Ontkean, Kyle Maclachlan and Piper Laurie
tvName confirmed for third series
Cameron Jerome
footballCanaries beat Boro to gain promotion to the Premier League
Arts and Entertainment
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating

By clicking 'Search' you
are agreeing to our
Terms of Use.

iJobs Job Widget
iJobs Media

Guru Careers: Software Developer / C# Developer

£40-50K: Guru Careers: We are seeking an experienced Software / C# Developer w...

Guru Careers: Software Developer

£35 - 40k + Benefits: Guru Careers: We are seeking a Software Developer (JavaS...

Guru Careers: Senior Account Manager / SAM

£30 - 35k: Guru Careers: A Senior Account Manager / SAM is needed to join the ...

Ashdown Group: Digital Marketing Manager (EMEA) - City, London

£55000 - £65000 per annum + Benefits: Ashdown Group: Digital Marketing Manager...

Day In a Page

Abuse - and the hell that came afterwards

Abuse - and the hell that follows

James Rhodes on the extraordinary legal battle to publish his memoir
Why we need a 'tranquility map' of England, according to campaigners

It's oh so quiet!

The case for a 'tranquility map' of England
'Timeless fashion': It may be a paradox, but the industry loves it

'Timeless fashion'

It may be a paradox, but the industry loves it
If the West needs a bridge to the 'moderates' inside Isis, maybe we could have done with Osama bin Laden staying alive after all

Could have done with Osama bin Laden staying alive?

Robert Fisk on the Fountainheads of World Evil in 2011 - and 2015
New exhibition celebrates the evolution of swimwear

Evolution of swimwear

From bathing dresses in the twenties to modern bikinis
Sun, sex and an anthropological study: One British academic's summer of hell in Magaluf

Sun, sex and an anthropological study

One academic’s summer of hell in Magaluf
From Shakespeare to Rising Damp... to Vicious

Frances de la Tour's 50-year triumph

'Rising Damp' brought De la Tour such recognition that she could be forgiven if she'd never been able to move on. But at 70, she continues to flourish - and to beguile
'That Whitsun, I was late getting away...'

Ian McMillan on the Whitsun Weddings

This weekend is Whitsun, and while the festival may no longer resonate, Larkin's best-loved poem, lives on - along with the train journey at the heart of it
Kathryn Williams explores the works and influences of Sylvia Plath in a new light

Songs from the bell jar

Kathryn Williams explores the works and influences of Sylvia Plath
How one man's day in high heels showed him that Cannes must change its 'no flats' policy

One man's day in high heels

...showed him that Cannes must change its 'flats' policy
Is a quiet crusade to reform executive pay bearing fruit?

Is a quiet crusade to reform executive pay bearing fruit?

Dominic Rossi of Fidelity says his pressure on business to control rewards is working. But why aren’t other fund managers helping?
The King David Hotel gives precious work to Palestinians - unless peace talks are on

King David Hotel: Palestinians not included

The King David is special to Jerusalem. Nick Kochan checked in and discovered it has some special arrangements, too
More people moving from Australia to New Zealand than in the other direction for first time in 24 years

End of the Aussie brain drain

More people moving from Australia to New Zealand than in the other direction for first time in 24 years
Meditation is touted as a cure for mental instability but can it actually be bad for you?

Can meditation be bad for you?

Researching a mass murder, Dr Miguel Farias discovered that, far from bringing inner peace, meditation can leave devotees in pieces
Eurovision 2015: Australians will be cheering on their first-ever entrant this Saturday

Australia's first-ever Eurovision entrant

Australia, a nation of kitsch-worshippers, has always loved the Eurovision Song Contest. Maggie Alderson says it'll fit in fine