25-08-2017, 09:32 PM
Public Key Infrastructure (Digital Certificates and Digital Signatures)
1Public Key Infrastructure.ppt (Size: 738.5 KB / Downloads: 32)
WHAT IS PKI?
A public key infrastructure, or PKI, is a process created to enable users to implement public key cryptography, usually in a large (and frequently, distributed) setting
USER SET OF SERVICES
Create certificates associating a user's identity with a (public) cryptographic key
Give out certificates from its database
Sign certificates, adding its credibility to the authenticity of the certificate
Confirm (or deny) that a certificate is valid
Invalidate certificates for users who no longer are allowed access or whose private key has been exposed
POLICIES
The policies define the rules under which the cryptographic systems should operate.
In particular, the policies specify how to handle keys and valuable information and how to match level of control to level of risk.
CERTIFICATE AUTHORITY
Specific actions of a certificate authority:
managing public key certificates for their whole life cycle
issuing certificates by binding a user's or system's identity to a public key with a digital signature
scheduling expiration dates for certificates
ensuring that certificates are revoked when necessary by publishing certificate revocation lists
What is Digital Certificate?
A certificate is a piece of information that proves the identity of a public-key’s owner.
Certificates are signed and delivered securely by a trusted third party entity called a Certificate Authority (CA).
What is a Digital Signature ?
Digital signature is a mechanism by which a message is authenticated
Proving that a message is effectively coming from a given sender much like a signature on a paper document.
Goal is to provide privacy and authentication.