AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- PKI Authentication
- PKI Enterprise Security
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Authentication - PKI (Public Key Infrastructure)
What is a public key infrastructure?
A public key infrastructure is a system that provides for trusted third party user identity inspection and assurance. Normally, this is done by a Certificate Authority (CA) and uses cryptography involving public and private keys.
A typical PKI system consists of:
- Client software
- A Certificate Authority server
- May involve smartcards
- Operational procedures
How PKI infrastructure works:
The Certificate Authority checks the user. Different CA's have different identity validation procedures. Some may grant the user a digital certificate with only a name and email address, while others may involve personal interviews, background checks etc. (Remembering that authentication is a process of validating an identity based on risk means that certificate authorities' digital certificate has a wide range of trust…caveat emptor).
The user is granted a digital certificate. Often there are two components to this; private and public keys.
The user wishes to send an email to a business associate. The user digitally signs the email with their private key. The email is sent to the business associate. The business associate uses the sending user's public key to decrypt the message. The use of digital certificates in this example provides confidentiality, message integrity and user authentication without having to exchange secrets in advance.
PKI was oversold on its capabilities when it was originally introduced several years ago. There were serious problems with browser incompatibilities, costs associated with issuing and managing digital certificates and a business environment that had not yet widely adopted the internet to rethink business processes between enterprises.
The next section will show how this has changed and why a PKI infrastructure is becoming very important in authentication.
PKI - Enterprise Security
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
