[[pki_public_key_infrastructure]]
 
Trace: » watch_citizendium_unfold_here » Welcome » web_spiders » courtroom_technology » the_development_of_search_engines_in_recent_history » opendocument » semantic_web » alex_brown » writely_-_an_online_text_editor » pki_public_key_infrastructure
Table of Contents

Created and written by Vanessa

PUBLIC KEY INFRASTRUCTURE

Public key Infrastructure(PKI) is the framework for key-management enabling users of un-secure networks to securely exchange data through a key pair obtained through a trusted authority. Its key functions are key certification, distribution and revocation in order to allow authentication of parties, non-repudiation of messages, and secure transfer of information .

A basic PKI is made up of:

  1. Certificate authority(CA) who issues Digital Certificates
  2. Registration authority (RA)who physically verifies a person, eg: post office
  3. Parties: the two main parties involved are the subscriber(S) who applies for a certificate from the CA, and the relying party(RP) who enters into transactions with the S.

Benefits and Advantages

With the increasing popularity of e-commerce and online transactions, users need to be sure that the public keys of other parties are valid. PKI enables confidence in e-commerce and secure online transactions. It authenticates an individual, an organisation or a role, and ensures the integrity and confidentiality of information, thus establishing confidence in commuication between two parties that do not know each other.

Weaknesses and Disadvantages

  • Although cryptography is seen as essential for online communication, it may hamper law enforcement if it is misused for the purposes of carrying out organised crimes.
  • Private keys are also highly susceptible to a range of risks .Users need to keep their private keys secure, but there are limited products available offering security and protection for normal workstations.
  • Verification of identity by RA(Registration authority) is onerous, and may involve intrusive demands for documents.
Liability

A crucial area of uncertainty is how liability will be allocated between the CA and RP for errors made by the CA which is relied upon by RP. E.g.: errors by the CA in maintaining the Certificate Revocation List(CRL)- failing to remove a revoked certificate or failing to list an expired certificate.

The problem arises when RP enters into a transaction with S, as RP places reliance upon information provided by the CA, with whom they have no contractual relationship with. The legal position is also unclear in situations where the RP has been negligent and has failed to check the CRL before entering into a transaction.

Usage examples

  • encryption and/or sender authentication of email messages
  • encryption and/or authentication of documents
  • authentication of users to applications

Links

“Gatekeeper” is a government PKI initiative which provides for the accreditation of CAs,eg: through audit and security checks. A policy committee also monitors and provides for the development of policy and administrative changes to the Gatekeeper accreditation programs. Gatekeeper

See Verisign for more information on security measures that can be used online.

 
pki_public_key_infrastructure.txt · Last modified: 2006/10/29 20:37 by ponleyjim
 
Recent changes RSS feed Creative Commons License Donate Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki