The Sun BluePrintsTM article by Joel Weise on "Public Key Infrastructure (PKI)" discusses how public key cryptography can be used in various environments to help businesses determine their requirements for a PKI.

Individuals and companies using the Internet today demand stringent security protocols to protect their interests, privacy, communication, value exchange, and information assets. A PKI is an essential component of an overall security strategy that must work in concert with other security mechanisms, business practices, and risk management efforts. A PKI is a foundation on which other applications, system, and network security components are built.

E-commerce on the Internet requires more security and authentication than a traditional, face-to-face customer and merchant interaction in a brick and mortar store. Merchants are typically not willing to ship goods or perform services until a payment has been accepted for them. Also, authentication can allow for a certain amount of non-repudiation so the customer cannot deny the transaction occurred. Similarly, consumers need assurance that they are purchasing from a legitimate enterprise, rather than a hacker's site whose sole purpose is to collect credit card numbers.

The implementation of a PKI is intended to provide mechanisms to ensure trusted relationships are established and maintained. The specific security functions in which a PKI can provide foundation are confidentiality, integrity, non-repudiation, and authentication.

A PKI has many uses and applications and enables the basic security services for such varied systems as:

• SSL, IPsec, and HTTPS for communication and transactional security
• S/MIME and PGP for email security
• SET for value exchange
• Identrus for B2B

Some key benefits that PKI offers e-commerce and other organizations:

• Reduces transactional processing expenses
• Reduces and compartmentalizes risk
• Enhances efficiency and performance of systems and networks
• Reduces the complexity of security systems with binary symmetrical methods

In addition, many other similar solutions rely on the fundamentals of public key cryptography such as:

• Student IDs on college campuses
• Voting
• Anonymous value exchange
• Transit ticketing
• Identification (passports and drivers licenses)
• Notarization (contract, emails, etc.)
• Software distribution
• Symmetric key management

The PKI BluePrint covers additional topics, including:

• Planning a PKI Infrastructure
• Structure and Components of a PKI
• Trust Models
• Cross Certification
• Security Services: Confidentiality, Integrity, Authentication, and Non-repudiation
• PKI Functions: Public Key Cryptography, Certificate Issuance, Certificate Validation, and Certificate Revocation The BluePrint also contains illustrations, an acronyms list, and a bibliography.

Joel Weise is a Senior Security Architect for Sun Professional Services and has worked in the field of data security for over 20 years. He specializes in cryptography and public key infrastructures.

http://www.sun.com/blueprints/0801/publickey.pdf [...read more...]

		fullsource
Print Email Current Profile Archive Blog Generate newsletter