Published on Digi-Sign, The Certificate Corporation (http://www2.digi-sign.com)

Home > Digi-ID™ > Delete > Digital Signature Overview

By Digi-Sign
Created Feb 14 2008 - 15:52

Digital Signature Overview

Issuing Digi-ID™ Digital Signatures

The following are the steps for issuing a Digi-ID™ Digital Signature:

  • Proof of Identity – When the end user first applies for the Digi-ID™, in most cases they must prove their identity. The information or documents required to provide ‘proof of identity’ are decided by the issuing authority and may include official papers and/or other documents. The precise requirement will be clearly identified in the Certificate Policy

  • Application Form - An application form must be completed

  • Data Check – Once the end user’s application form details are received, the Registration Authority [RA] cross checks or validates the data for accuracy and authenticity

  • Approval/Rejection – The RA either approves or rejects the application

  • Notification – End user is notified that their Digi-ID™ is available for collection or it is sent out automatically

  • Collection – The end user receives the Digi-ID™ and can use this to prove their identity

  • Renewal – All Digi-IDs™ are renewed at fixed intervals. Usually the Digi-ID™ is renewed each year or over a longer time period

Dteps for re-issuing/replacing a Digi-ID™

The following are the steps for re-issuing/replacing an existing Digi-ID™ Digital Signature:

  • Proof of Identity – When the end user first applies for a Digi-ID™, the information or documents required to provide ‘proof of identity’ are decided in the Certificate Policy

  • Application Form - An online application form must be completed

  • Data Check – Once the end user’s application form details are received, the Registration Authority [RA] cross checks or validates the data for accuracy and authenticity

  • pproval/Rejection – The RA either approves or rejects the application using the online RA Control Centre

  • Notification – End user is notified that their Digi-ID™ is available for collection as the final part of the Process or it is simply sent out automatically in a Package

  • Collection – The end user receives the Digi-ID™ and can use this to prove their identity

  • Renewal – All Digi-IDs™ are renewed at fixed intervals. Usually the Digi-ID™ is renewed each year

Typically the renewal process is simply a case of presenting the previous Digi-ID™ and a new one is issued to replace it

Issuing Digital Signatures

Issuing Digi-ID™ Digital Signatures to End Users

The Digi-CA™ [1] Certificate Authority [CA] system (that issues the Digi-ID™ end user digital signatures) can issue thousands of digital signatures every hour. This 'endless' capacity means that getting Digi-ID™ digital signatures to the end users can occur as quickly as your environment demands.

Allow 30+ Minutes

How the Digi-ID™ digital signatures are issued is set by the 'Enrolment Policy [2]'. The options within the Enrolment Policy are designed to be very flexible. They can be customised to meet almost any requirement with many different settings and combinations. The three basic options are:


  • Manual

    • Inviting and approving requiring manual input from the Administrator

  • Automated

    • Inviting and approving are completely automated

  • Combination

    • Inviting and approving may require some manual input from the Administrator

Overview of the Issuing Process

Issuing the Digi-ID™ digital signatures is either a one or two stage process. Either the user receives an email inviting them to apply for their digital signature, or they are referred from an existing online site/system to the Digital Signature Application form.

However the user is prompted to get their digital signature, in the first stage, the Digi-CA™ Inviting 'action' requires the end user 'reaction' (completing an application form). In the second stage, the Digi-CA™ Approving 'action' requires the end user 'reaction' (activating the digital signature) and this completes the process. It is best understood as follows:


  • Inviting each end user to complete the online enrolment form

    • Completing the enrolment form by the end user

  • Approving each correctly completed enrolment and issuing the approval notice

    • Activating the digital signature by the end user

Sample Issuing Process

As stated, because the Enrolment Policy is very flexible, there are many different ways to invite and approve end users digital signatures. The following is a sample issuing process only. You may wish to include other options, as required.


Stage One 'Digi-CA™ Action' - Inviting Digi-ID™ Digital Signature Applications

Using the Digi-CA™ RA Management Console interface, the Administrator uploads a .CSV batch file inviting [3] as many users as required.




Review the other available invitation [3] options.




Stage One 'User Reaction' - Completing Enrolment Form

The Digi-CA™ system sends an email to each end user with a unique link to the Digi-ID™ digital signature enrolment form. Using the link provided in the email, the end user then completes the Digi-ID™ digital signature enrolment form.

Note:- this is the default Digi-ID™ End Entity Digital Signature Enrolment Form. This form uses basic HTML programming that can be altered [4] to match your specific design requirements.




See other sample enrolment [4] forms.



Stage Two 'Digi-CA™ Action' - Approving Enrolment Applications

Once the end user completes all the fields and submits the enrolment form to the Digi-CA™ system, the Administrator is notified. The Administrator then approves [2] each end user application using the Digi-ID™ Digital Signature Authorization Panel.




Depending on the Enrolment Policy [2] this stage may be automated.




Stage Two 'User Reaction' - Activating the Digi-ID™ Digital Signature

Assuming the Administrator approves the application, the Digi-CA™ system sends a new email to the end user advising them that their application has been approved. Using the link provided in the email, the end user then activates [5] the Digi-ID™ digital signature and this completes the issuing process.




See other sample digital signature activation [5] forms.

Sample Enrolment Forms


Examples of How the Digi-ID™ Application Forms can be Customised
The Digi-ID™ End Entity Digital Certificate Enrolment Form uses basic HTML programming that can be altered to match your specific design requirements. Below are some samples of customised enrolment pages:





Note:- In addition to changing the 'look and feel' of the enrolment page you will notice that the fields required on the form can be altered according to the specific Enrolment Policy [2] set by the organisation.




Once the enrolment form is completed and submitted by the end user, the Enrolment Policy enforces how the application is handled by the Digi-CA™ system. Learn more about the Enrolment Policy [2] options or browse the other pages below.

Issuing Options

Descriptions of the Digi-ID™ invitations options
Digi-ID™ certificates are issued according to the Enrolment Policy. The first stage is the Inviting stage that is controlled by the End Entity Account Manager interface in Digi-CA™. There are three options:

  • Single manual invitation

    • Inviting each end user one-at-a-time





  • Batch manual invitation

    • Inviting multiple end users in a single batch upload





  • Automated invitation

    • Inviting multiple end users automatically





Once the invitation is issued, the end user must complete the enrolment form. View customised enrolment [4] forms or browse the other pages below.

Enrolment Policy

Descriptions of the Digi-ID™ invitations options

The Enrolment Policy for Digi-ID™ controls the entire certificate issuing process. Enrolment Policy is set by the Certificate Policy [CP] for the Digi-CA™. This is a specialist subject and requires experienced knowledge of Certificate Authority [CA] systems and Public Key Infrastructure [PKI]. Keeping this complex topic simple, there are three basic options for Enrolment Policy:

  • Manual

    • Inviting and approving requires manual inputs from the Administrator





  • Automated

    • Inviting and approving are completely automated. If the Enrolment Policy is to completely automate the approval process, it will be based on rules. Enrolment Policy Rules are also too complex a topic to explain here, however, here are some simple examples where certificates requests are approved based on:


                • a specific domain being used in the enrolment form

                • a specific phone number being used in the enrolment form

                • a specific PIN number being used in the enrolment form


  • Combination

    • Inviting and approving may require some manual input from the Administrator. Again in this instance, part of the process (and most likely the approval) will be automated and will be based on rules similar to those above.


    Once the application is approved, the end activates their Digi-ID™ certificate using the End Entity Digital Certificate Collection form. View customised activation [5] forms or browse the other pages below.

Sample Activation Forms


Examples of How the Digi-ID™ Application Forms can be Customised
The Digi-ID™ End Entity Digital Certificate Enrolment Form uses basic HTML programming that can be altered to match your specific design requirements. Below are some samples of customised enrolment pages:





Note:- In addition to changing the 'look and feel' of the enrolment page you will notice that the fields required on the form can be altered according to the specific Enrolment Policy [2] set by the organisation.




Once the enrolment form is completed and submitted by the end user, the Enrolment Policy enforces how the application is handled by the Digi-CA™ system. Learn more about the Enrolment Policy [2] options or browse the other pages below.

Viewing Your Digital Signature

Custom Breadcrumb: 
<a href="/">Home</a> › <a href="/digi-id">Digi-ID&trade;</a> › View
How to view your Digi-ID™ Digital Signature
Depending on your operating system and browser version, you can view your Digi-ID™ digital signature using the instructions below:

Microsoft® Internet Explorer®

  

Mozilla/Firefox/Safari
1. To view your Digi-ID™ digital signature in Microsoft® Internet Explorer®, use the Tools menu (you may have to press the 'Alt' button on your keyboard to view this menu) and then select Internet Options




2. In the Internet Options dialog box, select the Content tab and then click the Certificates button




3. In the Certificates dialog box, select the certificate/digital signature you wish to examine and then click the View button




4. The chosen digital signature will be displayed where you will be able to see:

  • The name of the person the digital signature was Issued To

  • The fact that is a Digi-ID™ digital signature issued by Digi-Sign

  • When the digital signature was issued (Valid from) and when it will expire (Valid to)



Here is an en example of such a Digi-ID™ digital signature:




   1. To view your Digi-ID™ digital signature in Mozilla, Firefox or Safari, use the Tools menu and then select Options




2. In the Options dialog box, select the Encryption tab and then click the View Certificates button




3. In the Certificate Manager dialog box, select the certificate/digital signature you wish to examine and then click the View button




4. The chosen digital signature will be displayed where you will be able to see:

  • The name of the person the digital signature was Issued To

  • The fact that is a Digi-ID™ digital signature issued by Digi-Sign

  • That the digital signature was Issued on and the date it Expires on



Here is an en example of such a Digi-ID™ digital signature:
Thumbnail: 

Deleting Your Digital Signature

Custom Breadcrumb: 
<a href="/">Home</a> › <a href="/digi-id">Digi-ID&trade;</a> › Delete
Instructions on How to Delete an Unwanted/Expired Digi-ID™ Digital Signature
Depending on your operating system and browser version, you can delete your Digi-ID™ digital signature using the instructions below:

Microsoft® Internet Explorer®

  

Mozilla Firefox
1. To view your Digi-ID™ digital signature in Microsoft® Internet Explorer®, use the Tools menu (you may have to press the 'Alt' button on your keyboard to view this menu) and then select Internet Options




2. In the Internet Options dialog box, select the Content tab and then click the Certificates button




3. In the Certificates dialog box, select the certificate/digital signature you wish to examine and then click the View button




4. The chosen digital signature will be displayed where you will be able to see:

  • The name of the person the digital signature was Issued To

  • The fact that it is a Digi-ID™ digital signature issued by Digi-Sign

  • When the digital signature was issued (Valid from) and when it will expire (Valid to)



Here is an example of a Digi-ID™ digital signature as seen in the Microsoft® Internet Explorer® dialog:





5. Once you have viewed and confirmed this is the Digi-ID™ digital signature you wish to remove, return to the Certificates dialog box, select the certificate/digital signature and click the Remove button

   1. To view your Digi-ID™ digital signature in Mozilla Firefox, use the Tools menu and then select Options




2. In the Options dialog box, select the Encryption tab and then click the View Certificates button




3. In the Certificate Manager dialog box, select the certificate/digital signature you wish to examine and then click the View button




4. The chosen certificate/digital signature will be displayed where you will be able to see:

  • The name of the person the digital signature was Issued To

  • The fact that it is a Digi-ID™ digital signature issued by Digi-Sign

  • The date the digital signature was Issued on and the date it Expires on



Here is an example of such a Digi-ID™ digital signature as seen in the Mozilla Firefox dialog:





5. Once you have viewed and confirmed this is the Digi-ID™ digital signature you wish to delete, return to the Certificate Manager dialog box, select the digital signature and click the Delete button
Source URL: http://www2.digi-sign.com/digi-ca/introduction/issuing

Links:
[1] http://www2.digi-sign.com/digi-ca
[2] http://www2.digi-sign.com/digi-id/distribute/policy
[3] http://www2.digi-sign.com/digi-id/distribute/invite
[4] http://www2.digi-sign.com/digi-id/distribute/enrol
[5] http://www2.digi-sign.com/digi-id/distribute/activate