Question 1: What is a digital certificate? Digital certificates
Digital certificates on the Internet are similar to ID cards and other documents held by people in society. They are used to prove the identity of the digital certificate holder on the Internet. Digital certificate holders may be natural persons, legal persons in real society, or network equipment. Digital certificates can be simply understood as "network ID cards", which are used to prove one's identity on the Internet.
Digital certificates and ID cards are issued by specialized organizations. ID cards are usually issued by the Public Security Bureau and bear the official seal of the issuing unit. Digital certificates protected by the Electronic Signature Law are issued by state-licensed third-party digital certification centers (referred to as CA centers), such as Tianwei Integrity Digital Certification Center, which is approved by the Ministry of Information Industry. Sign to prove the validity of the digital certificate. The digital certification center established under the license and authorization of relevant national departments has credibility on the Internet, and electronic documents such as electronic contracts and electronic orders signed with the digital certificates issued by it have legal effect.
The digital certificate mainly includes the following information: certificate version number, certificate holder information, certificate issuer (CA) information, certificate start and end validity period, certificate serial number, certificate issuer's signature, etc. This information is similar to an ID card. The signature of the certificate issuer on the digital certificate can prevent counterfeiting of the digital certificate itself, which is similar to the official seal on an ID card. However, the digital signature of the certificate issued by the CA center cannot be forged.
Based on the application perspective classification of digital certificates, digital certificates can be divided into the following types:
? Server certificate
The server certificate is installed on the server device. Used to prove the identity of the server and encrypt communications. Server certificates can be used to prevent fake sites.
After installing the server certificate on the server, the client browser can establish an SSL connection with the server certificate, and any data transmitted on the SSL connection will be encrypted. At the same time, the browser will automatically verify whether the server certificate is valid and whether the visited site is a fake site. Sites protected by server certificates are mostly used for password login, order processing, online banking transactions, etc. The most well-known server certificate brand in the world is verisign. The trusted network compiled by its server certificates has covered the world. At present, the company has cooperated with domestic digital certification companies such as Tianwei Integrity to provide services in China
? Electronics Email Certificates
Email certificates can be used to prove the authenticity of the sender of an email. It does not prove the authenticity of the certificate owner's name identified by the CN item on the digital certificate. It only proves the authenticity of the email address.
When we receive an email with a valid electronic signature, we can not only believe that the email was indeed sent from the specified mailbox, but also be sure that the email has not been tampered with since it was sent.
In addition, using the received email certificate, we can also send encrypted emails to the recipient. The encrypted email can be transmitted over an unsecured network, and only the owner of the recipient can open the email.
? Client personal certificate
Client certificates are mainly used for identity verification and electronic signatures.
The secure client certificate is stored in a dedicated u*** key. The certificate stored in the key cannot be exported or copied, and the key's protection password needs to be entered when using the key. Using this certificate requires physically obtaining its storage medium u*** key, and you need to know the key's protection password, which is also called two-factor authentication. This authentication method is currently one of the most secure identity authentication methods on the Internet.
Question 2: What is a personal digital certificate? A personal digital certificate is a virtual world identity issued by an authoritative organization. It consists of a string of corresponding data. These include your unique attributes. Such as ID cards, etc., can be bound to entities for identification. Hanzi certificate basically uses asymmetric encryption technology. Public key encryption, private key decryption. Generally private keys are protected by individuals to prevent loss etc.
Question 3: What is managing digital certificates? It means ensuring that your account can only be logged in on the computer with the digital certificate installed. If you apply, you will be prompted to verify via SMS when logging in from other computers. If it is your own computer, just apply for a public certificate.
Question 4: What is the personal digital certificate for online transactions? In online banking, safety comes first. In order to ensure security, the most effective way is to use digital certificates. Digital certificates are the fundamental guarantee for online banking security and are a set of mature information security protection measures commonly adopted at home and abroad. So far, there has never been a case of successful online transaction fraud due to the digital certificate mechanism being breached. A digital certificate is your online ID, an electronic file containing your identity information that proves who you are on the Internet. Digital certificates are also your security guards, ensuring the security of the information you transmit online and preventing others from stealing or tampering with the information. Through digital certificates, you can also electronically sign online transactions to achieve your online signature.
When you operate online banking, the certificate will form an electronic signature and be attached to the transaction instructions you send to the bank, so that the bank can identify you and prevent others from deciphering or modifying the information transmitted between you and the bank. With a digital certificate, you can use various functions of online banking with confidence and security. Digital certificates should be issued by an authoritative third-party security certification authority (CA) and should not be issued by banks (including e-commerce websites) as a party to the transaction. Third-party CA plays a role in avoiding risks for both parties to the transaction. For example, when an online banking dispute occurs, a third-party CA can provide corresponding certificates to both parties to clarify the responsibilities of both parties. If a customer uses a digital certificate issued by a CA built by the bank itself, this means that the bank acts as both a referee and an athlete. In the event of a dispute, it is difficult to protect the customer's legitimate rights and interests. Financial regulatory authorities clearly advocate the use of digital certificates issued by third-party security certification agencies (CA). China Financial Certification Authority (CFCA in English) is a national authoritative security certification agency approved by the People's Bank of China and the National Information Security Management Agency. It is one of the important national financial information security infrastructures. As an authoritative, trustworthy and impartial third-party security certification agency, CFCA is responsible for providing certificate services for various certification needs in the financial and non-financial fields.
Question 5: What is a digital certificate? What is the role of digital certificates? Digital certificates are a string of numbers that mark the identity information of communicating parties in Internet communications. They provide a way to verify the identity of communicating entities on the Internet. Digital certificates are not digital ID cards, but are stamped by an identity authentication agency. A stamp or seal on a digital ID (or a signature added to a digital ID).
It is issued by an authoritative organization - CA organization, also known as Certificate Authority (Certificate Authority) center. People can use it to identify each other online.
Question 6: What is a device digital certificate? Digital certificate software digital certificate and hardware digital certificate. To put it simply, software digital certificates are like device usage or operating licenses, hardware certificates are like online banking U-shields, and dongles used in e-commerce.
Question 7: What does a digital certificate contain? From the perspective of the objects of use of digital certificates, the current types of digital certificates mainly include: personal identity certificate, enterprise or institution identity certificate, payment gateway certificate, server certificate, enterprise or institution Code signing certificate, secure email certificate, personal code signing certificate. Personal identity certificate A digital security certificate that complies with the X.509 standard. The certificate contains personal identity information and the individual's public key, which is used to identify the personal identity of the certificate holder. The digital security certificate and the corresponding private key are stored in the E-key and are used by individuals to identify their identities in activities such as contract signing, orders, entry review, operation permissions, and payment information online. Enterprise or organization identity certificate is a digital security certificate that complies with the X.509 standard. The certificate contains enterprise information and the enterprise's public key, which is used to identify the identity of the enterprise holding the certificate. The digital security certificate and the corresponding private key are stored in the E-key or IC card and can be used for the company's external activities in e-commerce, such as contract signing, online securities trading, transaction payment information, etc. Payment gateway certificate The payment gateway certificate is a digital certificate issued by the certificate issuance center for the payment gateway. It is the main tool for the payment gateway to implement data encryption and decryption, and is used for digital signature and information encryption. The payment gateway certificate is only used for the services provided by the payment gateway (conversion of various security protocols on the Internet and the bank's existing network data format). Payment gateway certificates can only be used in a valid state. The payment gateway certificate is not transferable by the applicant. Server certificate is a digital security certificate that complies with the X.509 standard. The certificate contains server information and the server's public key. It is used to identify and verify the identity of the server in network communications. Digital security certificates and corresponding private keys are stored in E-key. The server software uses the certificate mechanism to ensure the authenticity, security, trustworthiness, etc. of both parties' identities when communicating with other servers or clients. Enterprise or Institutional Code Signing Certificate A code signing certificate is a digital certificate issued by the CA center to the software provider. It contains the software provider's identity information, public key and CA's signature. The software provider uses a code signing certificate to sign the software and then puts it on the Internet. When the user downloads the software on the Internet, he will be prompted, so that he can be sure of: the source of the software; that the software has not been compromised since it was signed before downloading. to modify or destroy. Code signing certificates can sign 32-bit .exe, .cab, .ocx, .class and other programs and files. Secure email certificate A digital security certificate that complies with the X.509 standard, applied through IE or Netscape. The certificate applied with IE is stored in the registry of WINDOWS, and the certificate applied with NETSCAPE is stored in a file in the personal user directory.
Used for secure email or to identify yourself to WEB servers (services) that require customer authentication. Personal code signing certificate A personal code signing certificate is a digital certificate issued by the CA center to the software provider. It contains the software provider's personal identity information, public key and CA's signature. The software provider uses a code signing certificate to sign the software and then puts it on the Internet. When the user downloads the software on the Internet, he or she will be prompted, so that they can be sure of: the source of the software; to modify or destroy. Code signing certificates can sign 32-bit .exe, .cab, .ocx, .class and other programs and files. From the technical perspective of digital certificates, certificates issued by the CA center are divided into two categories: SSL certificates and SET certificates. Generally speaking, SSL (Secure Sockets Layer) certificates serve bank-to-business or business-to-business e-commerce activities; while SET (Secure Electronic Transactions) certificates serve card-based consumption and online shopping. Although they are both certificates used to identify identities and digital signatures, their trust systems are completely different and the standards they comply with are also different. Simply put, the role of an SSL certificate is to prove the identity of the holder through a public key. The role of the SET certificate is... >>
Question 8: Online banking personal digital certificate A digital certificate is an electronic file used by online banking users to uniquely bind personal information and electronic signatures. It can confirm the identity of users' online transactions, ensuring that the transactions are unique, complete and undeniable.
Digital certificates are divided into "mobile digital certificates" and "file digital certificates". A "mobile digital certificate" is something that looks like a USB flash drive. It is highly secure and easy to carry, but it costs about 100 yuan. "File digital certificate" is the IE browser certificate. It is low-cost. You only need to pay a one-time handling fee or a small annual fee, about 10 yuan. However, customers can only use it on the computer where this certificate is installed, so it is suitable for fixed users. Computer users.
Currently, most online banks are divided into public version and professional version. For the professional version, the user must go to a bank branch to apply for a digital certificate, while for the popular version, customers can apply for a digital certificate online with their ID card, account number and password. The difference between the public version and the professional version, that is, the difference between whether to apply for a digital certificate, is mainly reflected in:
The public version only has basic functions such as query and small payment, and is subject to the single payment amount and single day Limitation on total payment amount. Professional version users with digital certificates can enjoy services such as unlimited transfer payments.
In addition, with the use of digital certificates, even if the card number and password are stolen, online banking operations cannot be performed without the digital certificate, thus protecting the security of online transactions. And when using digital certificates issued by the China Financial Certification Center for online transactions, if losses occur due to account theft, individual users can receive up to 20,000 yuan in compensation.
Among all current online banks, only ICBC provides "mobile digital certificates", while China Merchants Bank, Shanghai Pudong Development Bank, China Construction Bank, and Agricultural Bank of China provide "file digital certificates". Industrial Bank, Minsheng, CITIC, Shenzhen Development Bank, and Bank of Shanghai provide They are all digital certificates issued by the China Financial Certification Center. Everbright, Bank of China, China Guangfa, Bank of Communications, and HuaXia do not provide digital certificates.
Password verification
"Username + password" is the most basic protection method for online banking. During the use of online banking, login passwords and payment passwords will be involved.
The login password is the password used to log in to online banking. When transfer payment is involved, the system will ask for a payment password. The payment password can ensure the security of the account funds. The bank recommends that the login password and the payment password should not be the same.
In order to prevent others from logging into online banking by guessing passwords, banks have provided protection measures.
ICBC: When the login password and payment password are failed three times in a row on the same day, the bank will temporarily freeze the online banking transaction qualifications on that day, and the freeze will be automatically lifted the next day; if the login password and payment password are not passed 10 times in a row, the bank will freeze online transactions. To qualify, the user needs to go to the counter to go through the password reset procedure
Xingye: The online account has been locked after a total of 6 incorrect entries and the user needs to go to the counter to go through the decoding procedure.
Pudong Development Bank: You will be unable to log in for 15 minutes if your password is incorrect three times. The more errors you make, the longer you will be unable to log in.
BOC: If there are three consecutive errors, the system will lock the user for 24 hours.
Question 9: What is the personal digital certificate used for? Hello:
The digital certificate is to ensure the security of your account. For security reasons, we generally recommend that you download and use it.
——Taobao Account Group Cloud Customer Service
Question 10: What is the difference between a personal mobile digital certificate and a personal digital certificate? Digital certificates are difficult to say. If they exist in the form of files, then There is no way to escape the misfortune of being copied and copied. As long as you have a computer with a digital certificate file installed, you can complete the transaction. So to stay safe, if you have a USB KEY, that's great, just keep it.
If it is a digital certificate in the form of a file, you should keep the file and do not copy it by others, or do not let others use the computer with the digital certificate. Haha, it’s too complicated to say, sorry.