CertiGuide to Security+  9  Chapter 4:  Basics of Cryptography (Domain 4.0; 15%)

4.2.5  Access Control 1 4.3.1  Certificates

A Public Key Infrastructure (PKI) is the combination of software, encryption technologies and services that enables enterprises to protect the security of their communications, business transactions³⁹⁶ and proprietary data. As you might imagine PKI’s focus on the implementation of public/private key systems, using key pairs to encrypt and decrypt messages. They also make use of digital certificates and certificate authorities, discussed below.

According to Netscape Communications, PKI protects your information assets in a variety of ways:

• Authenticate identity. Individual users, organizations and their web sites use digital certificates, issued as part of your PKI, to validate the identity of the parties to a transaction.
  
  
• Verify integrity. Ensure that the signed message has not changed since being signed.
  
  
• Ensure privacy. Ensure that unauthorized individuals cannot make use of confidential data.
  
  
• Authorize access. Digital certificates can replace user ID’s and passwords for login security, reducing IT overhead.
  
  
• Authorize transactions. The enterprise can control access privileges for specified transactions.
  
  
• Support non-repudiation. Protects against forging, and users’ later challenging transactions.

Adoption of PKI technology has been slow due to the complexity and relatively high cost of PKI solutions. However, the growing use of public-key based technologies such as SSL, and improved awareness of security issues in the enterprise, are causing PKI to be increasingly implemented in organizations today.

PKI is discussed in substantial depth in the X.509 standard.

4.2.5  Access Control 1 4.3.1  Certificates