Public Key Infrastructure
Maximum security with digital certificate
PKI s should give individual users and corporations the necessary confidence that their communications and business transactions executed over public networks are secure. Some examples would be remote access, credit card transactions, eCommerce, (B2C) and eBusiness (B2B). It is essential to guarantee business process confidentiality and obligation in an anonymous environment. This is achieved through encryption and authentication of information and transactions as well as strong authentication and authorization of the communication partner. The fundamental need is to establish a basis of trust in the world of electronic, global, information exchange comparable to that which exists in the traditional business world on a paper basis.
PKI denotes an infrastructure that serves as a technical, organizational, and legally regulated foundation for a secure data exchange. It follows that a PKI consists of a variety of components, applications, guidelines and practices to handle all security requirements. The Public Key technology offers the only realistic possibility for the conversion. A PKI is based on digital certificates that function as electronic identifiers. A certificate can be issued to objects (like a company, a system or application) as well as individuals. Essentially the PKI generates, distributes and handles the administration of these certificates. All security protocols solutions use the asymmetric cryptographic process that works with key pairs, a private key and a public key. The dependency is simply that data that has been encoded with one key can only be decoded with the second key of the pair and vice versa.
The most important components of a PKI are:
- Certificate Authority CA
- Registration Authority RA
- Certificate Directory Service
- Key Management
- Directory Services
To a certain extent the CA system is the heart of a PKI - it engenders the foundation of trust. As a certification site it creates the requirements for an authentic integral linking of keys with natural / legal persons in the form of a certificate. The certificate is nothing more than a digital data structure that links a public key with its possessor in a legally binding manner. This is done through the signature of the Certificate Authority (digital signature). The CA administers the time-limited certificate from its creation until it is deleted. Digital certificates can reside on a PC as a file or they can be stored externally as a file on a smartcard.
The RA is the interface between the user and he CA. The RA handles the capture and authentication of the user's identity and transmission of the certificate request to the CA.
Issued certificates are stored in a publicly accessible directory on an LDAP X.500 server in the CA. They can be viewed by anyone with the appropriate software. This is where the Certificate Revocation Lists (CRL) are maintained. A CRL is list of revoked or expired certificates. Certificates are stored either as a file (soft certificate) on a PC hard disk or on a token usually a smartcard.
PKI functionality is an integral part of the Strong Security Management
in the NCP Security Management