PKI

Where encryption of data is required, perhaps between the organisation's internal networks and between clients and representatives, a means of generating and managing the encryption keys is required.

PKI, or Public Key Infrastructure, is the use and management of cryptographic keys - a public key and a private key - for the secure transmission and authentication of data across public networks.

Caution : Whilst the overall mechanisms and concepts are generally agreed, there are differences amongst vendors.

A public key infrastructure consists of:

A Certification Authority (CA) that issues and assures the authenticity of Digital Certificates. A Digital Certificate will include the public key or other information about the public key.
A Registration Authority (RA) that validates requests for the issuance of Digital Certificates. The Registration Authority will authorise the issuance of the keys to the requestor by the Certificate Authority.
A certificate management system. This will be a software application developed and provided by the vendor of the PKI system.
A directory where the certificates, together with their public keys are stored; usually confirming to the X.500 standards.

*** The Information Security Glossary ***

This Glossary forms part of the RUsecure Security Policy Suite... visit RUsecure Security Policy World

Use of the guidance contained within RUsecure™ is subject to the End User Licence Agreement.
See also the Disaster Recovery World	This site created with EasyHTMLHelp(tm) for MS Word

Risk Associates: Resources for Security Risk Analysis, ISO 17799 / BS7799, Security Policies and Security Audit