Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Need more practice? 300 additional Security+ questions!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

Previous Topic/Section
4.2.5  Access Control
Previous Page
Pages in Current Topic/Section
1
Next Page
4.3.1  Certificates
Next Topic/Section

4.3  PKI (Public Key Infrastructure)

A Public Key Infrastructure (PKI) is the combination of software, encryption technologies and services that enables enterprises to protect the security of their communications, business transactions396 and proprietary data. As you might imagine PKI’s focus on the implementation of public/private key systems, using key pairs to encrypt and decrypt messages. They also make use of digital certificates and certificate authorities, discussed below.

According to Netscape Communications, PKI protects your information assets in a variety of ways:

  • Authenticate identity. Individual users, organizations and their web sites use digital certificates, issued as part of your PKI, to validate the identity of the parties to a transaction.

  • Verify integrity. Ensure that the signed message has not changed since being signed.

  • Ensure privacy. Ensure that unauthorized individuals cannot make use of confidential data.

  • Authorize access. Digital certificates can replace user ID’s and passwords for login security, reducing IT overhead.

  • Authorize transactions. The enterprise can control access privileges for specified transactions.

  • Support non-repudiation. Protects against forging, and users’ later challenging transactions.

Adoption of PKI technology has been slow due to the complexity and relatively high cost of PKI solutions. However, the growing use of public-key based technologies such as SSL, and improved awareness of security issues in the enterprise, are causing PKI to be increasingly implemented in organizations today.

PKI is discussed in substantial depth in the X.509 standard.

PKI

A Public Key Infrastructure (PKI) is the combination of software, encryption technologies and services that enables enterprises to protect their communications and data.

PKI’s are implemented with public/private key systems that use key pairs to encrypt and decrypt messages.

PKI’s use digital certificates and certification authorities for authentication.


Quick navigation to subsections and regular topics in this section



 __________________

396. Understanding PKI”, http://verisign.netscape.com/security/pki/understanding.html

Previous Topic/Section
4.2.5  Access Control
Previous Page
Pages in Current Topic/Section
1
Next Page
4.3.1  Certificates
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.