Integrity: Assurance that if an entity changed (tampered) with transmitted data in the slightest way, it would be obvious it happened as its integrity would have been compromised. A classic example of TLS for confidentiality is when using an internet browser to log on to a service hosted on an internet based web site by entering a password. TLS is a capability underpinning the security of data in transit, i.e. Perhaps the most common use of PKI for confidentiality purposes is in the context of Transport Layer Security ( TLS). Data is encrypted to make it secret, such that even if it was read, it appears as gibberish. Trust service objectives respect one or more of the following capabilities: Confidentiality, Integrity and Authenticity (CIA).Ĭonfidentiality: Assurance that no entity can maliciously or unwittingly view a payload in clear text. PKI provides "trust services" - in plain terms trusting the actions or outputs of entities, be they people or computers. The X.509 standard defines the most commonly used format for public key certificates. A third-party validation authority (VA) can provide this entity information on behalf of the CA. Most non-Microsoft commercial PKI solutions offer a stand-alone RA component.Īn entity must be uniquely identifiable within each CA domain on the basis of information about that entity. In the case of Microsoft Standalone CAs, the function of RA does not exist since all of the procedures controlling the CA are based on the administration and access procedure associated with the system hosting the CA and the CA itself rather than Active Directory. So in the Microsoft PKI case, the RA functionality is provided either by the Microsoft Certificate Services web site or through Active Directory Certificate Services which enforces Microsoft Enterprise CA and certificate policy through certificate templates and manages certificate enrollment (manual or auto-enrollment). RAs do not have the signing authority of a CA and only manage the vetting and provisioning of certificates. RAs, however, do not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a CA)." While Microsoft may have referred to a subordinate CA as an RA, this is incorrect according to the X.509 PKI standards. The Internet Engineering Task Force's RFC 3647 defines an RA as "An entity that is responsible for one or more of the following functions: the identification and authentication of certificate applicants, the approval or rejection of certificate applications, initiating certificate revocations or suspensions under certain circumstances, processing subscriber requests to revoke or suspend their certificates, and approving or rejecting requests by subscribers to renew or re-key their certificates. Basically, an RA is responsible for accepting requests for digital certificates and authenticating the entity making the request. The PKI role that may be delegated by a CA to assure valid and correct registration is called a registration authority (RA). When done over a network, this requires using a secure certificate enrollment or certificate management protocol such as CMP. Depending on the assurance level of the binding, this may be carried out by an automated process or under human supervision. The binding is established through a process of registration and issuance of certificates at and by a certificate authority (CA). In cryptography, a PKI is an arrangement that binds public keys with respective identities of entities (like people and organizations). It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. A public key infrastructure ( PKI) is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |