Snippet: For secure communication to take place, involved parties must be able to validate each other before sharing confidential information. Digital certificates, issued by a Certificate Authority, act as a “digital fingerprint”, authenticating the identity of a certificate holder.

We’ve been using codes and ciphers for thousands of years to protect secrets. A clay tablet from Mesopotamia (dated 1500 BC), for example, encrypted a craftsman’s recipe for pottery glaze. We can assume this was commercially valuable to him, and so perhaps only his trusty apprentice knew how to translate the code.

However, it’s all very well encrypting information so that it can’t be understood if it’s intercepted, but what if the sender and receiver can’t verify each other’s identity? How do you know that you’re really talking to your banks, and how does your bank know that it’s you that they’re dealing with? This is the challenge that typical man-in-the-middle attacks exploit – the hacker can impersonate the sender or receiver to intercept or alter the information being sent.

So, for secure and trusted communication, the parties involved need to be able to validate each other before sharing anything confidential. This where digital certificates come in. Acting as a “digital fingerprint”, a digital certificate is issued by a Certificate Authority (CA), which has the responsibility of authenticating the identity of a certificate holder.

Ok; so problem solved, right? Unfortunately not. With the addition of a third player – the CA – both the holder of a certificate and the user of the certificate have to trust the CA. Even if the CA verifies the identity of the other party, what does this actually tell me? How did the CA ensure that the other party is who they say they are? Did they validate that party? How? When?

This is an “open-loop CA”, and while it can address the initial challenge of identifying the parties in a communication, it does come at a cost. Validating the identity of the party using the certificate requires some effort and introduces a financial risk, which therefore requires a form of insurance. This cost is then reflected in the price of the certificate, which can easily equate to a non-working business model or cutting (security) corners.

Entersekt recognized the value of using certificates to provide the digital security required by today’s financial institutes, but also understood that a few “tweaks” were needed to make the solution of certificate technology really work. What we did was this:

  1. We implemented a closed-loop private key infrastructure (PKI) solution, the advantage of which is that issuing and validating certificates can be done in a controlled manner.
  2. We implemented our patented emCert extension, which allows us to decouple issuing certificates – allowing us to secure the connection between the parties, even if the user has not been identified – from formally identifying the user of the app on the mobile device.

With these changes, Entersekt can support millions of users while providing a state-of-the-art mobile communication channel at a low cost and with minimal friction. So used the right way, certificates give financial institutions the opportunity to build their digital services on a solid foundation, exposing their customers to countless new possibilities.

If you found this blog interesting, perhaps try this post: Since when is PKI scalable?

Subscribe to our blog.

Claudius van der Meulen


Claudius manages Entersekt’s European business from our offices in the Netherlands. He’s a seasoned salesperson with two decades’ experience working in information technology at companies like Sun Microsystems and ACI Worldwide, and has been fundamental to our success in the region.

Entersekt Logo

Entersekt is an innovator of customer-centric fintech solutions. Financial services providers and other enterprises rely on our patented mobile identity system to provide both security and the best in convenient new digital experiences to their customers, irrespective of the service channel. With us, they can concentrate on their innovation roadmap, while delivering intuitive, low-friction digital experiences to their customers.