Trustcenter
The term trust center denotes confidence. A trust center is responsible for ensuring trust between the parties involved in the exchange of electronic data. When information and data are exchanged via the Internet, the parties involved cannot be sure that the data have not been manipulated by unknown persons and no longer correspond to the truth. Trust centers provide a neutral party that confirms the accuracy of the data for both parties involved.
Issuing keys
A trust center has the task of issuing public and private keys. A certificate issued by the trust center contains data about the key holder. The center thus confirms that all the data recorded in the certificate has been checked for correctness. A typical example of this is the ITSG trust center, which is used as a trust center in particular with regard to the German social security system. It is used, for example, to confirm by means of a certificate that the data transmitted by companies to the social insurance agencies is correct. How secure the issuance of certificates is depends on the security level selected. For example, in addition to simple confirmation by email, it is even possible to verify the identity of a certificate holder using his or her photo ID.
Certificate management
Another task of a trust center is to manage the issued certificates. For this purpose, a directory is maintained in which they are recorded. However, each certificate holder can decide for himself whether or not to be entered in the directory. If a certificate loses its validity or a user has lost his key, the associated certificate is revoked. In this case, the certificate is placed on the trust center’s so-called revocation list. In this way, when information is transferred, IT systems can check whether a valid certificate is present or whether it has already expired. The revocation list is always made available on the trust center’s website.
Validity period of certificates
According to Section 14 (3) SigV (Signature Ordinance), a qualified certificate issued by a trust center may not exceed a validity period of five years. If the underlying algorithms and associated parameters are no longer up-to-date or suitable for ensuring the correctness of the data, a certificate may also expire prematurely. Each trust center decides, depending on the respective intended use of the certificates, which validity period should apply to issued certificates.
