Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > Processes

Processes

By Digi-Sign
Created Feb 14 2008 - 15:41

Processes Used in Issuing a Digi-ID™

PDF [1] A standard process for issuing a Digi-ID™ [2] Certificate involves the following stages:

  • Using the Digi-CA™ Control Centre, the Administrator initiates a Digi-ID™ invitation email message that is sent to the intended recipient (user)


  • The recipient (user) enters the Digi-ID™ Application Online Form using the URL provided in the Digi-ID™ invitation email message


  • The user completes the Digi-ID™ Application Online Form by providing personal information such as:
        • Full name
        • Email address
        • Organisation (it is possible to restrict the value of the Organisation to a pre-defined read-only string)
        • Organisational Unit/Department
        • Locality
        • Telephone
        • Country (it is possible to restrict the value of the Country to a pre-defined read-only option)
        • Secret Question
        • Secret Answer
        • Other custom values based on the customer requirements


  • A Key-Pair (Private and Public Key) and a PKCS#10 Certificate Signing Request [CSR] code is generated on the user PC using a local Cryptographic Service Provider [CSP] engine installed on the user’s computer. It can be either a built-in Microsoft CryptoAPI software engine or a hardware USB Token or Smart Card CSP engine


  • Using HTTP POST method over SSL/TLS all the user data is transferred securely to the RA [Registration Authority] Server


  • The system Administrator/Validations Officer verifies and validates the user application data and depending on the content of the application, it is either approved or rejected


  • If the Digi-ID™ application is approved, the application data is passed to the Certificate Engine core server and the CSR is signed by the Certification Authority Certificate


  • The Certificate Engine core server generates a unique key/PIN number and sends a Digi-ID™ Activation email message to the end user. The message contains a URL to activate and install the Digi-ID™ Certificate


  • The recipient (user) enters the Digi-ID™ Activation screen from the URL provided in the Certificate activation email and completes the installation of the Digi-ID™ Certificate by clicking the installation button on the screen


  • The Digi-ID™ Certificate is collected from directly the Certificate Directory via a background TCP/IP connection and installed on the user’s PC using the CSP engine chosen at the time of the Certificate application


  • The user may now use the Digi-ID™ Certificate


Source URL: http://www2.digi-sign.com/digi-ca/introduction/processes

Links:
[1] http://www2.digi-sign.com/downloads/digi-ca-manual
[2] http://www2.digi-sign.com/digi-id