Welcome to tScheme Frequently Asked Questions page.
Below we have tried to answer many of the most common questions asked of us. Some of the information is available on other sections of the site and in these cases, you are redirected there. The list is of course not definitive, and tScheme is always willing to provide information and answer questions.
We have tried to address both questions relating to tScheme structure and operation, as well as a brief technical description of the system of Digital Signatures and PKI.
Please email us if after looking through this page you still are in need of an answer.
What is tScheme?
What does tScheme Approval mean?
What services have tScheme approval?
What is a "tScheme Registered Applicant"?
What is a "Qualified Certificate"?
Why get tScheme Approval? (or Why look for tScheme Approved Services?)
How does the system of secure e-communication work?
What is a Digital Signature?
Who can I trust to provide me with good security?
Back to Top |
Back to Top |
Back to Top |
Back to Top |
Back to Top |
Back to Top |
Secure e-Commerce centres around a system called Public Key Infrastructure (PKI). The Infrastructure is used to control and manage the three main elements: two keys (a Public Key and a Private Key) and a Digital Certificate. These keys, whilst not being identical, have a mathematical "relationship". The public key is usually held by the Trust Service Provider, and is available to anyone. The private key is held securely by the individual or company that it ‘belongs’ to. The Digital Certificate is issued by a Trusted third party; information on this is detailed in the next question.
The two main security functions of the PKI, are sending encrypted information (emails and attachments) and sending information that cannot be repudiated. It can be guaranteed to be from you and has not been altered by a third party. These functions can also be combined.
Keys are at the heart of the PKI, although in fact, the term ‘key’ is somewhat misleading, because the encryption, which is done using a complex algorithm, is ‘one way’. Whereas a physical key can lock and unlock the same door, only the private key can decipher a document "locked" (encrypted) with the public key. It is vital to understand that the algorithm is designed so that a document encrypted with the public key can only be decrypted with the private key. Otherwise the system would be flawed; fundamentally, not even the public key will decrypt it. Similarly, a digest of a message created by the private key can only have been created with that Private key; the Public key will of course confirm this.
Bob writes his plain text message and whilst still within his secure area (for example, his home computer), encrypts it using Alice’s public key.
Alice’s public key is available in the public domain (i.e. anyone can use it), although Bob can use it within his secure area. Once the message is "cipher text", or encrypted, it can be openly transmitted through the Public Domain to Alice.
Alice would then use her Private Key, held only in her secure area, to decrypt the message into plain text, and thus read it. The diagram above illustrates this. The physical equivalent of secure document PKI would be a series of empty rooms, each with a locking door, that is left open, and each has the name of the room’s owner above the door. To pass on private documents to someone, you merely locate one of their rooms, and go inside and leave the documents there. When you leave the room, you close the door behind you, and this locks the door. With the room locked, only the room’s owner/key holder, with their private key, can gain admittance to the room.
The other function, which is equally important, is that of ensuring the document is from a specific individual. This is called digitally signing a document.
If Bob wants to send Alice an email that she knows is from him, he needs to send her a "signed" email. By using his Private key he can create a ’hash‘ function of the actual message - this is rather like a summary. By doing this, he "Digitally Signs" it. Using his Private key makes this summary unique. The summary (hash function or now technically the signature) and the message are transmitted in plain text to Alice. Alice can then use Bob’s public key to confirm that the summary was created using Bob’s Private Key, and that the document has not been changed.
The two keys are designed for use in an algorithm, meaning that only the Private Key can decrypt a message encrypted with the public key. Likewise, only the Private Key can "sign" (hash function) messages.
The owner of the document uses a complex algorithm to produce a digest or hash of the document, such that any change to the document would produce a different result. This hash value is then encrypted using their private key. Anyone can then use the matching public key to recover the original hash. If they repeat the algorithm on the document they have received, they can compare the resultant hash with the original hash. Providing the two values are the same they have verified the sender as being the owner of the private key and that the document has not been altered in any way.
Returning to our physical equivalent, here we are using a separate group of pre-locked rooms each with one big window. Only the private key owner can open the door and place the information inside. Anyone is able to access the information (the digest) by reading it through the window, but because it is in the room, you can be sure only the Private Key holder put it there. If the observer also produces the digest for the message then, provided it matches the digest in the room, not only has the message come from a specific person, but it has not be altered in anyway. Of course, with email and the Internet, we have to think of these rooms as being "virtual", and mobile.
Another way of looking at a digitally signed message would be like sending a message contained inside a briefcase with a padlock on it. The key to the padlock is readily available to anyone - the privacy of the message is not at stake here - but the padlock is something that only the message originator (the Private key holder) could have locked. Therefore, if the corresponding public key opens the padlock, then you can be certain that the message came from the person who has control of the padlocks.
This system can be described as "asymmetric encryption", because the keys are not the same and have different privileges. In a "symmetric" system, both parties would have an identical key. Despite the fact that the actual encryption process is much more efficient and quicker, the problem with this latter system is that both parties must have previously exchanged keys. Returning to the analogy, the parties would have to physically meet to exchange keys. The more people who had a key to the room, the more likely someone is to lose the key.
However, by combining the two methods, a very efficient, secure communication path can be established. The asymmetric system is used to negotiate securely a pair of symmetric keys. These keys can then be used to manage a much more efficient, secure conversation. This is essentially the process behind SSL security for secure Internet access.
Public Key Infrastructure has another major advantage. That is that it can be used for a variety of quite different purposes. You can send confidential messages, yet also send messages with proof of identity. PKI can also be used to authenticate web sites - whenever you see the padlock symbol in your browser showing as locked (and, on newer systems, with the address bar shown in green or highlighted in some other way - according to the make of browser being used), the chances are some sort of keys and certificates are being used to determine the origin of the information - vital in the days where anyone can buy/operate a .com or a .co.uk website.
The above description is an attempt to put a highly complex system into an explanation that can be understood by those with no prior knowledge of PKI. Whether it succeed is a individual, case-by-case matter for each reader. However, it does demonstrate the complexities of the system. Trust Service Providers typically try to minimise the amount of understanding a user needs to use their signatures. On the whole they are very successful. Yet this leaves you in the position that your system is rather like a magic box. You assume it does what it says; it seems to work; but you have no real way of telling. Using a tScheme Approved service means that you know it works. tScheme profiles are written by experts, independent of any commercial activities. They know how the magic box works. tScheme assessments are carried out by expert assessors, who also know how the magic box works. You can be assured that tScheme Approved Services are secure and work.
Back to Top |
Back to Top |
Back to Top |