Network Sales and Services Handbook (Cisco Press Networking Technology)

The Public Key Infrastructure (PKI) is a system of digital certificates, certificate authorities, (both commercial and governmental), certificate management services, and directory services (LDAP, X.500) that verify the identity and authority of each party involved in any transaction over the Internet. PKI is the framework that provides for privacy and digital signature services in support of international commerce, balancing government oversight while ensuring privacy for users.

PKI can be used for authentication and authorization, privacy and confidentiality, data integrity, and nonrepudiation. Nonrepudiation provides a way for one party to be sure that the other party has indeed sent the message. Without such a guarantee, financial house, banking, and sales transactions could not occur. The guarantee lies in that nonrepudiation prevents a sending party from "denying" that any transmission occurred.

Public/Private Key Infrastructure can be likened to a telephone book. The sending party looks up the recipient's encryption-key (public) in the "phone book," encrypts and sends the message across a public network. The recipient uses a private key, the only key that will work, to decrypt the message so that it can be read.

Категории