Public key infrastructure (PKI) refers to the procedures, policies and the technical mechanisms that coordinate together to provide a framework for giving a solution to some of the fundamentals of security. These fundamentals of security the PKI provide the framework include confidentiality, integrity, access control, and non-repudiation (DeLaet & Schauwers, 2004). It enables business organizations to utilize to apply different internet applications like secure and legal binding of emails and most internet based transactions. Additionally, service delivery can be easily achieved through the use of Public Key Infrastructure.
Public key infrastructure will support the overall distribution and identification of public encryption keys that enables users and different companies to ensure data security over the network like internet and also in the verification of the identity of various parties in a given network. Without the application of PKI in a network, sensitive information can still be encrypted and exchanged with other parties. It, therefore, assures confidentiality and data authenticity and sharing of sensitive data is reliant on PKI for security.
Standard Public key infrastructure consists of hardware and software, policies, standards to control the creation, distribution, and reversal of the network keys and digital certificates. Digital certificates form the heart of PKI and affirm the identity of the network certificate subject then bind the same identity to the same Public key contained in the certificate. PKI include the following elements.
Certificate authority (CA) which is a trusted party in the network and provides services that authenticate the individual identity, different computers and other entities in the network.
Registration authority known as subordinate CA. The registration authority is certified by the root CA to give specific certificates.
Certificate database that is responsible for saving certificate requests.
The certificate store is residing on the local computer machine and acts as a placed for storing issued certificates and private keys.
Certificate authority (CA) delivers a digital certificate to different entities only after verifying their identity. The certificates are assigned using the private key. Its public key is available to interested entities in a self-signed CA certificate. This is a solid reason a customer can believe in the software and its authenticity (Nash, 2001). Using the trusted root certificate, it will create a chain of trust. Additionally, root certificates are implanted in web browsers, and they have an inbuilt trust of the certificate authority. The PKI are also supported by smartphones, email clients and other software and hardware with trusted certificates from major CAs.
Public and in-house CAs
In public CA, the organizations internal CA is replaced, and a local registration authority will handle the enrollment, authentication and key-pair pair generation needed for outsourcing CA components. The external CA, in this case, will receive certificates from local registration authorities that will then issue, distribute and save the certificates then updates the certificate revocation list. In-house CAs on the other side provides the maximum level of control, but the organization will cover software licenses, funds needed to buy and deploy the entire network system.
When compared to the public CAs, the in-house CA is only valid inside the servers while the cost per certificate is cheaper. Additionally, it is easier to revoke an in-house CA, and the user can give the certificate limited validity times (Adams & Lloyd, 2007). The negative characteristics of in-house CAs as compared to the Public certificate are that it needs additional security requirements and requires larger backup. Additionally, organizations that use in-house CAs cannot make their CA public. No one can trust a certificate that is in-house based.
When choosing a certificate, the rational for a CA can include security policy, support capability and security measures. The organization needs to assess the qualification of the available staff and examine the quality service required in the organization. The organization can also evaluate its competence to provide the services needed rather than specializing in outsourcing.
Top of Form
DeLaet, G., & Schauwers, G. X. (2004). Network security fundamentals. Indianapolis, Ind: Cisco.
Top of Form
Adams, C., & Lloyd, S. (2007). Understanding PKI: Concepts, standards, and deployment considerations. Boston [u.a.: Addison-Wesley.
Top of Form
Nash, A. (2001). PKI: Implementing and managing E-security. New York, NY [u.a..: Osborne/McGraw-Hill.
Bottom of Form
Bottom of Form
If you are the original author of this essay and no longer wish to have it published on the SuperbGrade website, please click below to request its removal: