Public Key Infrastructure

Public Key Infrastructure - Public Key Infrastructure 1...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: Public Key Infrastructure 1 Public Key Infrastructure Webster University COMP 5220 Emmet Henry Contents What is PKI--------------------------------------------------------------------------------- 3 Security Requirements-------------------------------------------------------------------- 3 Components of PKI------------------------------------------------------------------------ 4 Public Key Cryptography---------------------------------------------------------------- 7 PKI Advantages---------------------------------------------------------------------------- 10 PKI Disadvantages------------------------------------------------------------------------- 11 ID/password or PKI security------------------------------------------------------------- 11 SSL -------------------------------------------------------------------------------------------- 12 What is Public Key Infrastructure? Public key infrastructure is a system required to provide key encryption and digital signature services. PKI is a set of policies, procedures, facilities, people, software, and hardware that allow issuing, and managing of public key certificates by establishing trust in distributed environment. Security Requirements: Security requirements of online application are best met by cryptography. These applications must be PKI-enabled to be able to access PKI resources such as certification authority, certificate directory, and certification register. Authentication: any party (sender or receiver) can verify that a user is who he/she claims to be. When an application is PKI enabled, it uses digital signature and public key certificate processes to authenticate individuals, organizations, servers, or any entity. Authorization: verifies that an entity has permission to perform a task, transaction or a right to access certain resources. It also prevents unauthorized activity. Non-repudiation: helps to make it easy to prove that who has done a transaction. The sender or receiver cannot deny a transaction that he/she has done. PKI enabled applications provide the date and time when transaction occurred and maintain an audit log record. Privacy: prevents eavesdropping or unauthorized access. The information should be readable only by the expected receiver. Integrity: protects information from tampering. It ensures that a message has not been altered. Components of PKI 1. Security Policy There are two main policies that determine the operational and technical practices of a PKI: The Certificate Policy (CP): A named set of rules that indicate the applicability of a certificate to a particular class of application with common security requirements. The Certification Practice Statement (CPS): A statement of the practices, which a certification authority employs in issuing certificates ....
View Full Document

This note was uploaded on 06/09/2011 for the course BUSINESS 5970 taught by Professor Jhon during the Spring '09 term at Webster.

Page1 / 18

Public Key Infrastructure - Public Key Infrastructure 1...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online