| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Public Key Infrastructure Public Key Infrastructure aka PKI vaunted as the solution for addressing the network security issues in the cyberspace using cryptographic techniques. This article discusses about how the PKI attempts to address network security threats and issues associated with the PKI.
Vinoth K Anandan,
05/02/2005
|
|
Interoperability in PKI This paper will introduce some of the interoperability issues in PKI which applies to processing and managing the establishment of those trust and the challenges it faces. With increasing emphasis and reliance upon everything from VPNs and ecommerce to remote access and authentication, PKI is rapidly becoming an essential piece of the information age. However, there are several factors that have kept PKI from widespread deployment including confusion about what makes up a PKI, the complex and costly implementations, and immature industry standards and incompatibility among those standards. In the environment of electronic communication, the establishment of trust depends on electronic or digital objects and processes and procedures that manage them.
By Unknown, 04/05/2004
|
|
A Business Perspective on PKI: Why Many PKI Implementations Fail, and Success Factors To Consider This paper is intended to provide an overview of PKI and how a PKI implementation affects the entire organization. Information included in this paper may help business areas understand how PKI can be used to achieve tactical and strategic business objectives, and assist with identifying factors required for a successful PKI implementation. This is a broad overview of the major components and issues, intended to familiarize nontechnical persons or those new to PKI with some of the basic PKI concepts and functions. It is not intended to be all-inclusive. Each PKI installation is unique, and individually tailored for the technical and cultural environment in which it is implemented. The intention is that this information will generate a discussion of security alternatives and support appropriate business decisions regarding PKI.
By Leslie Peckham, 04/05/2004
|
|
Key and Certificate Management in Public Key Infrastructure Technology The intent of this paper is to provide an overview and briefly discuss the various phases involved in Key and Certificate management. Anyone interested in understanding this specific process will find this paper useful. A basic understanding of PKI Technology is assumed. Key and Certificate life cycle management is an essential and crucial process in Public Key Infrastructure technology. There are several stages involved in this process and how it is managed will determine the success or failure of a particular deployment whether using a vendor's services and expertise or building one's own (a rare scenario). Thus, it is necessary to gain a good understanding of this aspect of PKI, to be able to participate and contribute to a successful implementation.
By Sriram Ranganathan, 04/05/2004
|
|
Implementing PKI in a Heterogeneous Environment A Primer on Digital Certificate And Key Formats This document will discuss the various file formats for both X.509 digital certificates and encryption keys. It will also bring to light potential issues one would face when implementing a public key infrastructure (PKI) in a nonheterogeneous environment. In particular, the focus is specifically on the topic of binary and PEM encoded digital certificates and the Public Key Cryptography Standards (PKCS) file formats. Further, the discussion will also include some hard learned lessons on the nuances of supporting and implementing diverse systems that utilize digital certificates. As we'll see, required digital certificate file formats will vary from application to application. Although a light overview of PKI and digital certificates will be provided, this document assumes the reader has some familiarity with the secure sockets layer (SSL) handshake and how digital certificates are utilized within a public key infrastructure.
By Tim R. Sills, 04/04/2004
|
|
Public Key Infrastructure Issues in an Academic Healthcare Setting Planning a Public Key Infrastructure (PKI) deployment in a healthcare environment is a challenge that has unique aspects, determined by the nature of the healthcare business and by the user community the PKI intends to support. Addressing a mixed environment, academic and healthcare, adds complexity to the problem because of the mixed IT infrastructure likely to be seen in such environments and because of user education issues. The paper intends to give a general overview several specific issues related to the PKI deployment process emphasizing the particularities of a mixed environment. We assume that the reader is familiar with the functions various components of a PKI should perform.
By Liviu Groza, 04/04/2004
|
|
Securing Certificate Revocation List Infrastructures Anyone working within a Public Key Infrastructure (PKI) or an environment that uses client side certificates should be concerned that during authentication the Certificate Revocation Lists (CRL) are consistently & properly verified. Microsoft's Internet Information Server (IIS) 5.0 built-in Certificate Revocation List Infrastructure has been openly questioned from several security professionals and been a part of at least one major security vulnerability. This research takes a closer look at the security issues when implementing a secure CRL infrastructure as well as looking deeply into how secure Microsoft's IIS 5.0 built in Certificate Revocation List Infrastructure is. Then we will explore alternative CRL solutions from Internet Standards, PKI Toolkits and middle-ware products. Finally, this research should provide you with the security awareness ins and outs for implementing a secure CRL infrastructure.
By Eddie Turkaly, 04/04/2004
|
|
Integrate HMAC Capable Token into User Authentication Mechanism and Public Key Infrastructure This article describes using a HMAC capable token in user authentication or public key infrastructure (PKI) to derive user private key or produce message digest for digital signature scheme. The unique hardware token will be linked together with the user password cryptographically to provide a more secure/stronger solution.
By Unknown, 04/04/2004
|
|
PKI and Information Security Awareness: Opportunity and Obligation Frequently discussed challenges to successful PKI deployments include integration with internal business processes and legacy systems, automation of processes that extend beyond the firewall to business partners, and user acceptance. In this paper we explore the latter: "In the final analysis, the single most difficult criterion for a successful PKI rollout is user acceptance." (Johnson & Manusco, March 27, 2001)
By Jerry K Brown, 04/04/2004
|
|
Strong Authentication and Authorization model Using PKI, PMI, and Directory Since Internet has been used commonly in information systems technologies, many applications need some security capabilities to protect against threats to the communication of information. Two critical procedures of these capabilities are authenticati on and authorization. This report presents a strong authentication and authorization model using three standard frameworks. They are PKI, PMI, and Directory. Both PKI and PMI are described in X.509 st andard 4th edition. PKI provides a framework to verify the identities of each entities of given domain. The framework includes the requesting, issuing, signing, and validating of the public-key certificates.
By Jong Wook Lee, 04/04/2004
|
|
Page: 1 2 |
