Cartoon about digital signature:
http://www.youdzone.com/signature.html
使用签名的Applets的过程:
http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed.html
Digital certificates are the equivalent of a driver’s license, a marriage license, or any other form of identity. The only difference is that a digital certificate is used in conjunction with a public key encryption system. Digital certificates are electronic files that simply work as an online passport. Digital certificates are issued by a third party known as a Certification Authority such as VeriSign or Thawte. These third party certificate authorities have the responsibility to confirm the identity of the certificate holder as well as provide assurance to
the website visitors that the website is one that is trustworthy and capable of serving them in a trustworthy manner.
Digital certificates have two basic functions. The first is to certify that the people, the website, and the network resources such as servers and routers are reliable sources, in other words, who or what they claim to be. The second function is to provide protection for the data exchanged from the visitor and the website from tampering or even theft, such as credit card information.
A digital certificate contains the name of the organization or individual, the business address, digital signature, public key, serial number, and expiration date. When you are online and your web browser attempts to secure a connection, the digital certificate issued for that website is checked by the web browser to be sure that all is well and that you can browse securely. The web browser basically has a built in list of all the main certification authorities and their public keys and uses that information to decrypt the digital signature. This allows the browser to quickly check for problems, abnormalities, and if everything checks out the secure connection is enabled. When the browser finds an expired certificate or mismatched information, a dialog box will pop up with an alert.
There are two main types of digital certificates that are important to building a secure website and these are server certificates and personal certificates.
Server certificates simply allow website visitors to safely transfer their personal information like credit cards and bank account information without worrying about theft or tampering. Server certificates are also responsible for validating the website owners identity so that the visitors can feel as though they are dealing with a legitimate source when creating or inputting passwords, bank account details, or credit card numbers into the website. For any business or website that will require such information, server certificates are an important part of the website building process, one that cannot be skipped or overlooked for any reason. Having a server certificate can be to the website owners advantage because it gives the business an air of professionalism that is not often found when dealing with an e-commerce business where customers have little assurance as to the legitimacy or professionalism of the people that they are dealing with.
Personal certificates are a bit different in that they allow you to validate a website visitors identity and even restrict their access to certain portions of the website. You might want to set your website up so that web pages are only available to certain people, and personal certificates can help you do this. Personal certificates can be used for things such as sending and receiving email for private account information like forgotten passwords or username information. Personal certificates are ideal for communications such as providing partners and suppliers controlled access to websites for shipping dates, product availability, and even inventory management.
Most of the standard protocols being widely adopted for electronic communications rely on digital certificates:
As you can see, digital certificates play an important role in keeping your online experiences safe and secure. It is wise to pay attention to digital certificate dialog alerts that you receive, and that you double check that your connection is secure before you proceed and give someone your personal information.