TTM™ & Certificate Delivery Methods

There are many ways to deliver a Certificate to the end user and the Digi-CAST1™ [1] Team will advise you on the most appropriate and practical method for your organisation. Here are some examples (from this list it is possible to ‘mix & match’ methods or to create one specific to your requirements, as necessary):

• The Process Method

• The Process Method is perhaps the preferred option for most organisations. This is because the Process Method ensures that the User’s Private Key remains with the end user at all times. Because the responsibility for securing and controlling all the access to the user’s Private Key remains absolutely with each end user, there can be no doubt that any transaction that occurs with that user’s Certificate must have the consent and knowledge of that end user.

• Using a web browser like Microsoft Internet Explorer [MS IE] 6.0, a Digi-Card™, Digi-Token™ or any other suitable CSP storage device, the Process Method generates the User’s Private Key directly on the device and it never leaves that user. When requesting the Certificate (by completing the on line enrolment application form), the device generates the Certificate Signing Request [CSR] and the form data entered is combined with the CSR before being transferred to the Digi-CA™. The transfer occurs over a HyperText Transfer Protocol Secured [HTTPS] and the Digi-CA™ Engine signs it and creates the x.509 Certificate. An email is then sent to the user to collect the Certificate by clicking on a unique URL within an email, using the TCP/IP Protocol and the Certificate is then automatically installed on the user’s device.

• The Package Method

• An alternative to the Process Method, is the the Package Method. Using the Package Method, the Public and Private Keys are generated at the RA or Administrator’s PC. The Public Key is signed by the Digi-CA™ Engine and the entire Certificate is packaged in a single file and either sent to the end user or it is installed on a Digi-Card™, Digi-Token™ or any other suitable Certificate storage device. This package is also referred to as a PKCS#12, a .pxf or a .p12 Private Key Container Package.

• Using the Package Method, Certificates can be delivered as email attachments and are installed by simply double clicking the email attachment and a wizard installs the Certificate.

• Using a CD/DVD/USB Flash device/other suitable storage device, the Certificate can be physically delivered and separate from any IT network.

•  Package Method Certificates can also be downloaded directly from the Digi-CA™ publicly accessible Registration Authority Registration Service [RA RS] website module of the Digi-CA™, using unique, encrypted, single use URLs.