Scribd
Upload
59 views

Public Key Infrastructure

The document discusses the key elements of public key infrastructure (PKI). It describes the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) which are responsible for Internet standards and long-term research. It also discusses digital signing techniques, certification authorities, public/private keys, certificates, and automating PKI operations which are essential components of PKI.

Uploaded by

Jay-ar Ylagan
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
59 views

Public Key Infrastructure

The document discusses the key elements of public key infrastructure (PKI). It describes the Internet Engineering Task Force (IETF) and Internet Research Task Force (IRTF) which are responsible for Internet standards and long-term research. It also discusses digital signing techniques, certification authorities, public/private keys, certificates, and automating PKI operations which are essential components of PKI.

Uploaded by

Jay-ar Ylagan
Copyright
© © All Rights Reserved
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 22

PUBLIC

KEY
INFRASTRUCTURE
*Internet Publications
for Standards
Internet Publications for Standards
the Internet Activities Board (IAB)
is the body responsible for
coordinating Internet design,
engineering and management.
The IAB has two subsidiary task
forces:
 The Internet Engineering Task
Force (IETF), which is responsible
for short-term engineering issues
including Internet standards.
 The Internet Research Task Force
(IRTF), which is responsible for
long-term research.
Another important series of
Internet publications are the Internet
Drafts. These are working documents
prepared by IETF, its working groups,
or other groups or individuals working
on Internet technical topics. Internet
Drafts are valid for a maximum of six
months and may be updated,
replaced or rendered obsolete by
other documents at any time.
The X.500 standard specifies the
directory service. A comprehensive
online directory service has been
developed through the ISO/ITU
standardisation processes. These
directory standards provide the basis
for constructing a multipurpose
distributed directory service by
interconnecting computer systems
belonging to service providers,
governments and private
organisations.
X.500 standards were first developed
in 1984–1988, the use of X.500
directories for distributing public-key
certificates was recognised.
Therefore, the standards include full
specifications of data items required
for X.500 to fulfil this role.
The Internet Lightweight
Directory Access Protocol (LDAP)
is a protocol which can access
information stored in a directory,
including access to stored public-key
certificates.
*Digital Signing Techniques
Digital signing techniques are
employed to provide sender
authentication, message integrity and
sender non-repudiation, provided that
private keys are kept secret and the
integrity of public keys is preserved.
Provision of these services is
furnished with the proper association
between the users and their
public/private key pairs.
When two users A and B
communicate, they can use their
public keys to keep their messages
confidential. If A wishes to hide the
contents of a message to B, A
encrypts Digital signing techniques
are used in a number of applications.
Since digital signature technology has
grown in demand, its explosive
utilisation and development will be
expected to continue in the future.
Several applications are considered
in the following.
 Electronic mail security: Electronic
mail is needed to sign digitally,
especially in cases where sensitive
information is being transmitted and
security services such as
authentication, integrity and
nonrepudiation are desired.
 Financial transactions: This
encompasses a number of areas in
which money is being transferred
directly or in exchange for services
and goods.
 Electronic filing: Contracting
requirements expect certain
mandated certificates to be
submitted from contractors. This
requirement is often filed through
the submission of a written form
and usually requires a handwritten
signature.
 Software protection: Digital
signatures are also used to protect
software. By signing the software,
the integrity of the software is
assured when it is distributed.
 Signing and authenticating: Signing
is the process of using the sender’s
private key to encrypt the message
digest of a document. Anyone with
the sender’s public key can decrypt
it.
Algorithm

RSA (Ron Rivest, Adi Shamir, and


Leonard Adleman) is a type of
cryptosystem algorithm. RSA
algorithm is used for securing the
transmission of data.

DSA (Digital Signature Algorithm)


DSA algorithm is used for the digital
signatures and their verification.
*Functional Roles of PKI Entities

Certification Authority (CA)


A certification authority (CA) is an
entity that creates and then "signs"
a document or file containing the
name of a user and his public key.
Anyone can verify that the file was
signed by no one other than the CA
by using the public key of the CA.
Database
A data storage structure where the
CA keeps information required for the
internal operations of the CA.
Repository
A system for storing and distributing
digital certificates and related
information (including CPs, CRLs,
and CPSs) to certificate users. The
repository may be implemented as a
trustworthy logically centralized
database.
Registration Authority
The registration authority (RA) is a
PKI entity whose function can be
separable from the CA. The RA
assists the CA in the recording or
verifying of information needed by the
CA to issue public-key certificates,
CRLs, or other certificate
management functions.
Timestamp Server (TS) and Data
Validation and Certification Servers
(DVCS)
The TS signs a data string or file to
establish that the data string or file
existed at a particular point in time. A
DVCS validates correctness of data
and then signs it
Archive
The archive provides long term
storage of the certificates, and other
valuable records for archival
purposes.
*Key Elements for PKI Operation
Private and Public Keys: PKI uses
these asymmetric keys to establish
and secure an encrypted connection
over the network using asymmetric
encryption.
Public Key Certificates: These are
issued by Certificate Authorities which
prove the ownership of a public key.
They state the authenticity of the
keyholder.
Certificate Authority: Certificate
Authorities, or CAs, are trusted
entities which verify the organization
and generate digital certificates which
contain information about the
organization, as well as the public key
of that organization.
Certificate Repository: A location
where all certificates are stored as
well as their public keys, validity
details, revocation lists, and root
certificates.
Automating PKI Operations: These
help in issuing, revoking, and
renewing certifications. They are
done through certificate management
software.

You might also like