Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:"Calibri","sans-serif";}
A PKI are set of services united to make
an infrastructure for the reason securing applications. A PKI gives these
services to applications:
Certificate Authority – Automatically signs up a certificate that has a key and an
identity. This procedure is
called “certification”.
Key Recovery and Backup – A means to bring back damaged
or lost certificates
Key History – Certificates can be updated. Any data protected
making use of the older keys wouldn’t be accessible if not the older keys
are saved in an archive.
Certificate Repository – A storeroom repository for
certificates
Certificate Revocation – A means of breaching the
relationship between a key and an identity.
Automatic Key Recertification – Certificates end after
a specified time. Automated key recertification could update with a new ending
date when needed w/out manual intervention.
Cross Certification – Utilized to make a trust
relationship between detach PKI’s. This allows for a decentralized and distributed
infrastructure.
Support for Non Repudiation – avoids a certificate
owner from refusing that data was protected making use of the owner’s
certificate
Time stamping – Confirm that the time stamp on the protected
data is valid and accurate.
Client API – A means for an application to utilize the
services given by a PKI
There are several terms above that should
be defined. An identity is a name. The name can refer to a printer or a person.
A key is basically a number. This number is connected with the uniqueness to
form a certificate. The certificate can be saved w/in a file or a database. The
storage process isn’t really important. What is vital is that it and its data
are accessible. Signing for a certificate passes on to the procedure of the
Certificate authority putting its stamp of authorization on the certificate to
say that the certificate is accurate and valid according to the CA. This whole
process is passed on to as Certification.
Not all of the services stated above
are needed for every PKI installation. Actually a small PKI install could suit
most environments.
What PKI is not
As vital as it is to know what a PKI
is, it is important to know what it is not. A PKI doesn’t handle authorization.
Authorization services must be given by a Privilege Management Infrastructure or
PMI. However, a PMI can use a PKI for identity verification. A PKI doesn’t
automatically make a system safe. Software bugs…human error… malicious code
signed by a relied entity…
