Friday, 25 May 2012

Public Key Infrastructure


A public-key infrastructure (PKI) is a set of hardware, software, people, policies and procedure that is needed to create, manage, distribute, use, store and revoke digital certificates.
- A system for the creation, storage and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity.
- PKI (1) creates digital certificates which map public keys to entities (2) stores certificates in central repository (3) revoke when needed.
* A digital certificate is an electronic document which uses a digital signature to bind a public key with an identity. Some information of the identity may include name of person or organization, their address etc. The certificate can be used to verify that a public key belongs to an individual.
A PKI is an arrangement that
- Binds public keys with respective user identities by means of a certificate authority (CA).
User identity must be unique within each CA domain.
There are three methods of certification
1) Certificate authorities (CAs)
2) Web of trust (WOT)
3) Simple public-key infrastructure (SPKI)

Certificate authorities (CAs)
CA digitally signs and publishes the public key bound to a given user. To ensure trust in the user key relies on one’s trust in the validity of the CA’s key, this is done using the CA’s own private key. The mechanism that binds keys to users is called the Registration Authority, which may or may not be separate from the CA.
Web Of Trust (WOT)
This is an alternative approach to the problem of public authentication of public-key information is the web of trust scheme, which uses self-signed certificates and third party attestations of those certificates.
Simple public-key infrastructure (SPKI)
This is considered another alternative which does not deal with public authentication of public-key information. SPKI does not associate users with persons, since they key is what is trusted, rather than the person. SPKI also does not use any notion of trust as the verifier is also the issue.
http://en.wikipedia.org/wiki/Public-key_infrastructure / http://www.articsoft.com/public_key_infrastructure.htm

Posted by at

3 comments:

  1. CCD2C01-P03-1104116G26 May 2012 at 11:09

    Hi Ameer,

    I can't express how impressed I am by this intricate work of yours. I'm still dazzled after reading your post, which left me in a state of euphoria. I'm on the verge of tears right now, having finally found the purpose and meaning to life all thanks to this wonderful post. We all have the innate desire to accomplish an act of great significance in our lives, which I believe you have finally done so with this post. To congratulate you on this amazing feat, I dedicate this song by Louis Armstrong to you -

    I see trees of green,
    red roses too.
    I see them bloom,
    for me and you.
    And I think to myself,
    what a wonderful post.

    kthxbai

    ReplyDelete
  2. Hetty27 May 2012 at 02:38

    LOL! the comment above is so random -.-

    Anyway, I have read your posts. Hmm..i think that it is detailed and informative. Also, all ideas are paragraphed very nicely. Except that you need to work on your format(the spaces between each paragraph).

    That is all from me! See you in school!

    Hetty

    ReplyDelete
  3. Bob27 May 2012 at 06:39

    HI AMEER
    THANK YOU for your post on public key infrastructure. i have learnt SO MUCH from this post and from the various links you've mentioned. FOR instance, artic soft have eleborated clearly on public key infrastructure. However, TAKING this and comparing with wikipedia, MY view are that they have different SPOT IN their opinions. i will GOOGLE and find more DOCS concerning this issue. thank you ameer once AGAIN for this blogpost
    -Xudong

    ReplyDelete

Subscribe to: Post Comments (Atom)