PKI Public Key Infrastructure -

shoulderslyricalAI and Robotics

Nov 21, 2013 (2 years and 11 months ago)


4. Clarify the basic concepts of PKI (Public Key Infrastructure).

A PKI (public key infrastructure) enables users of a basically unsecured public network
such as the Internet to securely and privately exchange data and money through the use of a
public a
nd a private cryptographic key pair that is obtained and shared through a trusted
authority. The public key infrastructure provides for a digital certificate that can identify an
individual or an organization and directory service that can store and, when
necessary, revoke the
certificates. Although the components of a PKI are generally understood, a number of different
vendor approaches and services are emerging. Meanwhile, an Internet standard for PKI is being
worked on.

The public key infrastructure as
sumes the use of public key cryptography, which is the
most common method on the Internet for authenticating a message sender or encrypting a
message. Traditional cryptography has usually involved the creation and sharing of a secret key
for the encryption

and decryption of messages. This secret or private key system has the
significant flaw that if the key is discovered or intercepted by someone else, messages can easily
be decrypted. For this reason, public key cryptography and the public key infrastructu
re is the
preferred approach on the Internet. (The private key system is sometimes known as symmetric
cryptography and the public key system as asymmetric cryptography.)

A public key infrastructure consists of:

A certificate authority (CA) that issues
and verifies digital certificate. A certificate includes
the public key or information about the public key.

A registration authority (RA) that acts as the verifier for the certificate authority before a
digital certificate is issued to a requestor.

or more directories where the certificates (with their public keys) are held

A certificate management system

PKI provides three primary services:


The assurance to the recipient that the sender is who the sender claims to be.
This is achi
eved by means of digital signature.


The assurance to the recipient that data has not been altered during Internet
communication. This is achieved by means of digital signature.


The assurance to a sender and recipient that no

one can read a particular
piece of data except the intended recipient. This is achieved by means of encryption.

Who Provides the Infrastructure?

A number of products are offered that enable a company or group of companies to implement
a PKI. The acceler
ation of e
commerce and business
business commerce over the Internet has
increased the demand for PKI solutions. Related ideas are the virtual private network (VPN) and
the IP Security (IPsec) standard. Among PKI leaders are:

RSA, which has developed
the main algorithms used by PKI vendors

Verisign, which acts as a certificate authority and sells software that allows a company to
create its own certificate authorities

GTE CyberTrust, which provides a PKI implementation methodology and consultation
rvice that it plans to vend to other companies for a fixed price

Xcert, whose Web Sentry product that checks the revocation status of certificates on a server,
using the Online Certificate Status Protocol (OCSP)

Netscape, whose Directory Server product i
s said to support 50 million objects and process
5,000 queries a second; Secure E
Commerce, which allows a company or extranet manager
to manage digital certificates; and Meta
Directory, which can connect all corporate
directories into a single directory f
or security management.