Equifax :: Customers :: E-Commerce

Equifax Secure

About

News

Solutions

FAQ

Contacts

Retail Solutions

Banking Solutions

Risk Management

Telecommunications & Utilities Services

Specialized Business Sales

Fraudscan

Decision Power

Exchange

Gemini

Knowledge Engineering

Frequently Asked Questions

What is a digital certificate?
What is a Private Key?
What is a Public Key?
What do digital certificates allow you to do?
What is a Public Key Infrastructure or PKI?
What is Authentication? What is a Certificate Authority (CA)?
What is a Registration Authority (RA)?
What services do Equifax's electronic commerce solutions offer?
What are the issues that digital certificates and public key infrastructure address?
How does a digital certificate work?

What is a digital certificate?
Digital certificates function as electronic credentials that allow secure communications between two parties. Digital certificates help identify and encrypt electronic messages over networks like the Internet, company intranets or extranets. A digital certificate attaches the holders identity to a unique pair of software keys: a private key and a public key.

What is a Private Key?
A private key is one-half of a key pair that is only available to a defined user. Data encrypted with a user's public key can only be decrypted with the same user's private key. The private key is always kept private.

What is a Public Key?
A public key is one-half of a key pair that is available to the public, and can be listed in public directories. Data encrypted with a user's public key can only be decrypted with the same user's private key. The public key is made available to the public.

What do digital certificates allow you to do?
Digital certificates allow you to verify your identity, privileges or relationship to another party in an online transaction. When used in combination with encryption, they also allow you to encrypt information that you send to another person to provide additional assurance that only the intended party can access the data and that the data will not be compromised en route. Digital certificates facilitate these security measures, which in turn allow applications like e-mail, online trading, and credit card purchasing, to be executed in a more secure environment.

What is a Public Key Infrastructure or PKI?
PKI is the usage of digital certificates in combination with encryption.

What is Authentication?
Authentication answers the key question as to whether people are who they say they are. Equifax's electronic commerce solutions answer this question via a Remote Authentication System (patent pending). The Remote Authentication System is a proprietary methodology that uses both Equifax and customer data and rule sets to quickly answer this question in an accurate, cost-effective and user-friendly manner.

What is a Certificate Authority (CA)?
An organization or person responsible for defining and administering the processes for the issuance, renewal, suspension, and revocation of certificates. It also defines the policies and procedures that are followed in verifying an identity and/or a person's relationship to that organization. The CA authorizes the signing of certificates. It works through Registration Authorities (RA) to approve these requests.

What is a Registration Authority (RA)?
An organization or a person authorized or licensed to approve requests so that certificates can be issued, renewed, updated, suspended, or revoked.

What services do Equifax's electronic commerce solutions offer?

What are the issues that digital certificates and public key infrastructure address?
Digital certificates and public key infrastructure address four issues.

Confidentiality - was the information received only by the intended recipient?
Authenticity - was the information sent by the person claiming to be the sender?
Integrity - was the information altered en route to the recipient?
Binding agreements - can a sender claim that the information received by the intended recipient was never sent? Is this a legally binding document?

How does a digital certificate work?
Each person who is issued a certificate has been authorized by a certificate authority which authenticates the person's identity. Once authenticated, a digital certificate is digitally signed by the certificate authority. The digital certificate attaches a unique public key to the identity of the certificate holder. The public key is one half of a uniquely matched key pair. The other key is a private key. While the public key is made available to the public, the private key is kept confidential. Each key can encrypt and decrypt data. Information encrypted by one key can only be decrypted by its matched counterpart in the key pair. Thus, in order to ensure that only the intended recipient has access to the transmitted message, the sender encrypts the message using the recipient's public key. The recipient then decrypts the message using the matched recipient private key. Similarly, in order to ensure that the message originated from the claimed sender, the sender signs the message by encrypting it with the sender's private key. The recipient verifies the identity of the sender by decrypting the message with the sender's public key.