1 / 8

Public Key Infrastructure

Public Key Infrastructure. Introduction. PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public-key encryption.

bmartin
Download Presentation

Public Key Infrastructure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Infrastructure

  2. Introduction • PKI is a set of roles, policies, and procedures needed to create, manage, distribute, use, store & revoke digital certificates and manage public-key encryption. • The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. • It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred

  3. PKI in brief

  4. Design of PKI • Public key cryptography is a cryptographic technique that enables entities to securely communicate on an insecure public network, and reliably verify the identity of an entity via digital signatures. • A public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. • The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed.

  5. Structure of X.509 Certificate

  6. Components of PKI • Certificate Authority: • A certificate authority or certification authority (CA) is an entity that issues digital certificates. • A digital certificate certifies the ownership of a public key by the named subject of the certificate. • This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. • A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. • The format of these certificates is specified by the X.509 standard.

  7. Components of PKI • Certificate Authority: • A certificate authority or certification authority (CA) is an entity that issues digital certificates. • A digital certificate certifies the ownership of a public key by the named subject of the certificate. • This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. • A CA acts as a trusted third party—trusted both by the subject (owner) of the certificate and by the party relying upon the certificate. • The format of these certificates is specified by the X.509 standard.

  8. Components of PKI • Registration Authority • Assures valid and correct registration is called a registration authority (RA). • An RA is responsible for accepting requests for digital certificates and authenticating the entity making the request. • In a Microsoft PKI, a registration authority is usually called a subordinate CA. • Validation Authority • A validation authority (VA) is an entity that provides a service used to verify the validity of a digital certificate per the mechanisms described in the X.509 standard

More Related