It has become increasingly important to safeguard users from downloaded content that may turn out to be malicious, harmful, or otherwise undesirable. Presently, different types of content or data objects can be certified by trusted entities, and users can choose to accept content only if it is from such trusted entities. This can provide some protection against dangerous content.
Certification of a data or code object, such as an executable program, involves creating a digital certificate to accompany the object. A digital certificate is a compilation of information attested to by an issuer. The attestation can be verified by checking a digital signature that is included with the certificate.
Digital signatures are used to allow verification of the data contained in the certificates. In addition, a certificate can contain a hash of the accompanying data object, which can be verified against the digital object using the public key that is contained in the certificate or by other means. This allows a user of the object to verify that the object is the actual and unaltered object referred to in the certificate.
Before accepting or using a data object, a client evaluates the accompanying certificate to determine if the certificate has been legitimately issued by a trusted entity. This involves checking a digital signature included in the certificate, and in some cases also involves checking an authorizing certificate issued by a “Certifying Authority” or “CA”. If the certificate is legitimate, the browser or client can assume that the information contained in the certificate has been authored by the certificate owner and has not been subsequently altered
Computers can be configured to accept, load, and/or execute only those data objects accompanied by a certificate from a trusted source, or to at least warn the owner before accepting or using any object that is not accompanied by such a certificate.