Welcome to Bucaro TecHelp!

Bucaro TecHelp
HTTPS Encryption not required because no account numbers or
personal information is ever requested or accepted by this site

About Bucaro TecHelp About BTH User Agreement User Agreement Privacy Policy Privacy Site Map Site Map Contact Bucaro TecHelp Contact RSS News Feeds News Feeds

Public Key Infrastructure

A Public Key Infrastructure (PKI) is a collection of software, standards, and policies combined to enable users from the Internet or other unsecured public networks to securely exchange data. PKI uses a public and private cryptographic key pair obtained and shared through a trusted authority. Services and components work together to develop the PKI. Some of the key components of a PKI include the following:

• Certificates: A form of electronic credentials that validates users, computers, or devices on the network. A certificate is a digitally signed statement that associates the credentials of a public key to the identity of the person, device, or service that holds the corresponding private key.

• Certificate authorities (CAs): CAs issue and manage certificates. They validate the identity of a network device or user requesting data. CAs can be either independent third parties, known as public CA, or they can be organizations running their own certificate-issuing server software, known as private CAs.

• Certificate templates: Templates used to customize certificates issed by a Certificate Server. This customization includes a set of rules and settings created on the CA and used for incoming certificate requests.

• Certificate Revocation List (CRL): A list of certificates that were revoked before they reached the certificate expiration date. Certificates are often revoked due to security concerns such as a compromised certificate.

Public Keys and Private Keys

A cornerstone concept of the PKI infrastructure is public and private keys. The term key is used for good reason - public and private keys are used to lock (encrypt) and unlock (decrypt) data. These keys are actually long numbers, making it next ot impossible for someone to access a particular key.

When keys are used to secure data transmissions, the computer generates two different types of keys:

• Public key: A nonsecret key that forms half of a cryptographic key pair used with a public key algorithm. The public key is freely given to all potential receivers.

• Private key: The secret half of a cryptographic key pair used with a public key algorithm. The private part of the public key cryptography system is never transmitted over a network.

Keys can be used in two different ways to secure data communications:

Public (asymmetric) key encryption uses both a private and public key to encrypt messages. The public key is used to encrypt a message or verify a signature, and the private key is used to decrypt the message or to sign a document.

Private (symmetric) key encryption uses a single key for both encryption and decryption. If a person possesses the key, he or she can both encrypt and decrypt messages. Unlike public keys, this single secret key cannot be shared with anyone except people who should be permitted to decrypt as well as encrypt messages.

Where is PKI Used?

The following list discusses areas in which PKI is normally used. Knowing what PKI is used for gives you a better idea of whether it is needed in a particular network.

• Web security: As you know, the Internet is an unsecured network. PKI increases web security by offering server authentication, which enables client systems to validate that the server they communicate with is indeed the intended server. Without this information, it is possible for people tp place themselves between the client and server and intercept client data by pretending to be the server. PKI also offers client authentication, which validates the client's identity.

• Confidentiality: PKI provides secure data transmission using encryption strategies between the client and the server. In application, PKI works with Secure Socket Layer (SSL) protocol and the Transport Layer Security (TLS) protocol to provide secure HTTP transfers, referred to a Hypertext Transport Protocol Secure (HTTPS). To take advantage of the SSL, and TLS protocols, both the client system and the server require certificates issued by a mutually trusted certificate authority (CA).

Note
SSL was first created for use with the Netscape web browser and is used with a limited number of TCP/IP protocols (such as HTTP and FTP). TLS is not only an enhancement to SSL, but also a replacement for it, working with almost every TCP/IP protocol. Because of this TLS is popular with VPNs and VoIP applications. Just as Kleenex is often used to represent any tissue whether it is made by Kimberly-Clark, SSl is often the term used to signify the confidentiality function whether its actually SSl in use or TLS, the latest version of which is 1.2.
Menu - More
Network Security

RSS Feed RSS Feed

Follow Stephen Bucaro Follow @Stephen Bucaro


Computer Networking Sections

Fire HD
[Site User Agreement] [Privacy Policy] [Site map] [Search This Site] [Contact Form]
Copyright©2001-2024 Bucaro TecHelp 13771 N Fountain Hills Blvd Suite 114-248 Fountain Hills, AZ 85268