Information Technology Reference
In-Depth Information
Public Key Infrastructure
A
public key infrastructure (PKI)
is a cryptographic technique that enables users to
securely communicate on an insecure public network. It is an arrangement that binds
public keys with user identities by means of a certificate authority (CA).
http://en.wikipedia.org/wiki/Public_key_infrastructure
The IEEE defines PKI as a set of hardware, software, people, policies, and procedures
needed to create, manage, distribute, use, store, and revoke digital certificates.
PKI requires that the user identity is unique within each CA domain. Keys are bound
with identities through a registration authority (RA). This registration and issuance pro-
cess is carried out depending on the assurance level of the binding. The RA ensures
non-
repudiation
by binding the key with the user identity to which it has been assigned. This
means that the users can authenticate and the system can recognize the authentication
process as being genuine. A PKI consists of the following collaborating entities, as shown in
Figure 11.5:
The certificate authority (CA) issues and verifies digital certificates.
■
The registration authority (RA) verifies user identities by requesting information from
the CA.
■
The central directory is a secure location to store and index keys.
■
The certificate management system is a central or distributed database that stores
certificates.
■
The certificate access control policy specifies access control for certificates, that is, how
a certificate can be accessed, such as, for example, via user credentials (username and
password).
■
FIGURE 11.5
Illustration of a public key infrastructure
CA
4
A . . .
RA requests CA and
verifies Bob's certificate
1
A . . .
Bob requests CA to
issue him a certificate
RA
3
A . . .
Alice requests RA to verify
Bob's certificate
2
A . . .
Bob uses his certificate to
communicate with Alice
Bob
Alice
Alice now trusts Bob and
establishes connection
5
A . . .
Search WWH ::
Custom Search