Home arrow Security arrow PKI Architectures: How to Choose One

PKI Architectures: How to Choose One

In the Internetís world of insecurities, many actions should be taken to enhance the defense of each and every network. Many solutions exist that provide a level of security, none however being bulletproof. The best approach is to combine a variety of mechanisms that will supplement one another. In this article I will discuss a technology that is considered to be the new trend and a favored option among network implementers, that is Public Key Infrastructure (PKI).

  1. PKI Architectures: How to Choose One
  2. PKI Architectures
  3. Criteria to Choose a Certain PKI Architecture
  4. Conclusions
By: Eliana Stavrou
Rating: starstarstarstarstar / 20
October 26, 2004

print this article




Deciding to implement a PKI architecture is not an easy task to do. There are many factors which must be taken into consideration if we want to benefit from PKI technology.

Before moving into explaining various PKI architectures and the criterion we use to choose the one that best suits our needs, I will make a brief overview about PKI technology so we all know what I'm talking about.

What is Public Key Infrastructure (PKI)?

PKI ensures a secure method for exchanging sensitive information over unsecured networks. In addition, PKI provides authenticated, private and non-reputable communications. 

PKI makes use of the technology known as public key cryptography. Public key cryptography uses a pair of keys to scramble and decipher messages, a public key and a private key. The public key is widely distributed, whereas the private key is held secretly by an individual. Messages are protected from malicious people by scrambling them with the public key of the recipient. Only the recipient can decrypt the message by using his / her private key, thus retaining the privacy of the message. The public key is distributed with a digital certificate that contains information that uniquely identifies an individual (for example name, email address, the date the certificate was issued, and the name of the certificate authority which issued it). Also, by using digital certificates we can digitally sign messages to protect the integrity of the information itself and achieve non-repudiation (digitally signing a transaction is legally binding and no party can deny his /her participation).

Components of PKI

In a PKI system, digital certificates are issued by organizations called Certification Authorities (CAs) i.e. Verisign. Requests for certificates are usually processed by organizations called Registration Authorities (RAs). An RA's responsibility is to evaluate each request, investigate the profile of each applicant and inform the appropriate CA about the trusting level of the client. After the trust verification of the applicant, CA issues the certificate. I have to mention that it is common for RA to be included within the CA environment as one component.

The operation of CAs and RAs are governed by appropriate policies, the Certificate Policy (CP) and the Certificate Practice Statement (CPS). The first provides rules for naming certificate holders, the cryptographic algorithms that will be used, the minimum allowable length of encryption keys, etc. The latter details how the Certification Authority will implement the Certificate Policy (CP) into its procedures.

>>> More Security Articles          >>> More By Eliana Stavrou

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort


- Secure Your Business for Data Privacy Day
- Google Testing Security Fob Password Alterna...
- Security News Highlights Concerns
- Going to Extremes for Data Security
- Skipfish Website Vulnerability Scanner
- Critical Microsoft Visual Studio Security Pa...
- US Faces Tech Security Expert Deficit
- LAN Reconnaissance
- An Epilogue to Cryptography
- A Sequel to Cryptography
- An Introduction to Cryptography
- Security Overview
- Network Security Assessment
- Firewalls
- Whatís behind the curtain? Part II

Developer Shed Affiliates


Dev Shed Tutorial Topics: