120 likes | 122 Views
NIST is developing PKI standards to support secure electronic commerce. PKI provides a secure, scalable method to distribute public keys for encryption, integrity, and authentication. NIST's industry partners are working together to achieve interoperable PKI products.
E N D
Enabling Secure Electronic Commerce Applications Through PKI PKI Program Area Computer Security Division Information Technology Laboratory
NIST is working with industry to develop PKI standards for interoperable COTS products that support secure electronic commerce.
Public Key Infrastructure • Secure, scalable method to distribute public keys for encryption, integrity, and authentication • Uses two mathematically related keys • Private key is secret to the “owner” • Public key is widely available • Digital certificate “binds” owner to public key • Accepted infrastructure for secure electronic commerce
NIST’s Industry Partners AT&T BBN CertCo Certicom Cylink Digital Signature Trust Dyncorp Entrust Technologies Frontier Technologies GTE ID Certify IRE MasterCard Microsoft Motorola Spyrus VeriSign VISA PKI product vendors PKI service providers
Why NIST? • Conflicting PKI standards • Many options in standards • Products that select different options may not interoperate • Product vendors sought “honest broker” • Users sought standards to meet their security and interoperability needs
Conflicting DRAFT PKI Standards Specifications Best DRAFT PKI Specifications PKI Standards Process
Best DRAFT PKI Specifications MISPC DRAFT PKI Standards Process CRADA
Fixed PKI Specifications MISPC Version 1 PKI Standards Process CRADA
Reference Implementation MISPC Version 1 PKI Standards Process
Xeti Entrust Trustpoint Baltimore Technologies Reference Implementation IBM PKI Standards Process
CRADA Fixed PKI Specifications MISPC Version 2 NIST Research in New PKI Capabilities Interoperability Workshop Results PKI Standards Process
Vendors Working from more consistent standards Working together to achieve interoperability Have larger market Users have access to More secure products Interoperable products Impact of NIST’s Efforts Improved overall security in electronic commerce