Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

By Digi-Sign

Created Feb 14 2008 - 15:41

Processes

Processes Used in Issuing a Digi-ID™

[1] A standard process for issuing a Digi-ID™ [2] Certificate involves the following stages:

Using the Digi-CA™ Control Centre, the Administrator initiates a Digi-ID™ invitation email message that is sent to the intended recipient (user)

The recipient (user) enters the Digi-ID™ Application Online Form using the URL provided in the Digi-ID™ invitation email message

The user completes the Digi-ID™ Application Online Form by providing personal information such as:

Full name
Email address
Organisation (it is possible to restrict the value of the Organisation to a pre-defined read-only string)
Organisational Unit/Department
Locality
Telephone
Country (it is possible to restrict the value of the Country to a pre-defined read-only option)
Secret Question
Secret Answer
Other custom values based on the customer requirements

A Key-Pair (Private and Public Key) and a PKCS#10 Certificate Signing Request [CSR] code is generated on the user PC using a local Cryptographic Service Provider [CSP] engine installed on the user’s computer. It can be either a built-in Microsoft CryptoAPI software engine or a hardware USB Token or Smart Card CSP engine

Using HTTP POST method over SSL/TLS all the user data is transferred securely to the RA [Registration Authority] Server

The system Administrator/Validations Officer verifies and validates the user application data and depending on the content of the application, it is either approved or rejected

If the Digi-ID™ application is approved, the application data is passed to the Certificate Engine core server and the CSR is signed by the Certification Authority Certificate

The Certificate Engine core server generates a unique key/PIN number and sends a Digi-ID™ Activation email message to the end user. The message contains a URL to activate and install the Digi-ID™ Certificate

The recipient (user) enters the Digi-ID™ Activation screen from the URL provided in the Certificate activation email and completes the installation of the Digi-ID™ Certificate by clicking the installation button on the screen

The Digi-ID™ Certificate is collected from directly the Certificate Directory via a background TCP/IP connection and installed on the user’s PC using the CSP engine chosen at the time of the Certificate application

The user may now use the Digi-ID™ Certificate

Owner's & Users Manual

Source URL: http://www2.digi-sign.com/digi-ca/introduction/processes

Links:
[1] http://www2.digi-sign.com/downloads/digi-ca-manual
[2] http://www2.digi-sign.com/digi-id