What is the PKI and its technologies ?
PKI Technologies
Organizations need enhanced security for data and strong credentials for identity management. You can use certificates to secure data and manage identification credentials from users and computers both within and outside your organization.
A public key infrastructure (PKI) is the combination of software, encryption technologies, processes, and services that enable an organization to secure its communications and business transactions. The ability of a PKI to secure communications and business transactions is based on the exchange of digital certificates between authenticated users and trusted resources.
You can design a PKI solution to meet the following security and technical requirements of your organization:
A public key infrastructure (PKI) is the combination of software, encryption technologies, processes, and services that enable an organization to secure its communications and business transactions. The ability of a PKI to secure communications and business transactions is based on the exchange of digital certificates between authenticated users and trusted resources.
You can design a PKI solution to meet the following security and technical requirements of your organization:
- Confidentiality. You use a PKI to encrypt data that is stored or transmitted.
- Integrity. You use a PKI to digitally sign data. A digital signature helps you identify whether another user or process modified the data.
- Authenticity. A PKI provides several authenticity mechanisms. Authentication data passes through hash algorithms, such as Shivest Hash Algorithm 1 (SHA1), to produce a message digest. The message digest is then digitally signed by using the sender’s private key to prove that the message digest was produced by the sender.
- Nonrepudiation. When data is digitally signed, the digital signature provides proof of the integrity of the signed data and proof of the origin of the data. A third party can verify the integrity and origin of the data at any time. This verification cannot be refuted by the owner of the certificate that digitally signed the data.
PKI Technologies Architecture
The architecture of a PKI involves implementing various interdependent technologies and processes to make it possible to issue, validate, renew, and revoke certificates. These technologies include:
- One of more servers running Certificate Services and that provide certificate enrollment, revocation and other certificate management services.
- Active Directory directory service or another directory service that provides account management, policy distribution, and certificate publication services.
- Domain controllers that can authenticate end users and computers when they request certificates.
- Domain client computers and users, who request, receive, and use certificates for specific purposes. Although certificates can also be used by services and by non-domain clients, in most Windows PKI environments, domain users and computers are the primary recipients and users of certificates. In some cases, the domain client can be a subordinate CA that requests and receives a certificate authorizing it to issue certificates of its own.
Thank you so much for explaining this important and complex concept. It is basically used in the applications that are designed for the data security. And in this article you have tried to explain most of the things about it.
ReplyDeletepublic key infrastructure