Client authentication describes the process of a computer confirming your identity. The following example illustrates how a Web site might use client authentication. Client authentication is not limited to Web sites. Other applications, such as network applications, can use client authentication, but the process is generally the same.

When you access a Web site that requires a Digital ID, your Web browser presents your Digital ID to the Web site. The Web site then views information in your ID to determine what you have permission to do. (Digital IDs used for client authentication are sometimes called client certificates by Web browsers.)

Depending on your Web browser, you might have to confirm that you want to present your Digital ID to the Web site. Usually, you will see a dialog box asking for the certificate password (this is the password for your private key). After you enter the correct password, the Web browser sends your Digital ID to the Web site. This is why it is important to guard your password. If someone knows the password for your Digital ID and has access to your computer, they could easily access your private information or impersonate you online.

Once a Web site views your Digital ID, the site checks the validity of your ID. For example, the site checks to make sure the ID has not expired. The site might also consider who issued the Digital ID. If the Web site does not trust the CA who issued you the ID, then you might be denied access to the site. This is why it is important to use a reputable CA.

The Web site can use any information in the Digital ID when determining what permissions you have. Your Digital ID might contain some or all of the following information about you:

• Your public key (see What is a Digital ID key?)
• Your name
• Expiration date of the public key
• Name of the company (the CA) who issued your Digital ID
• Serial number of the Digital ID
• Digital signature of the CA
• Various information required by the CA