PKI คืออะไร?

Public Key Infrastructure (PKI)

คือเทคโนโลยีด้านความปลอดภัย (security) และ นโยบาย (policies) ที่มีการใช้งานการเข้ารหัสข้อมูล (cryptography) และ มีมาตรฐาน ที่ให้ ผู้ใช้ (user) กระทำให้สิ่งต่อไปนี้

->Identify (authenticate) themselves to network services
->Digitally sign email and other electronic documents and services with legal foundation
->Encrypt email and other documents to prevent unauthorized access

Why PKI?
-Legal aspects
-Compliance with audit requirements

• Sarbanes-Oxley Act of 2002 (SOX)

• Medical industry

-Enables digital signing and data encryption
-Increased security

• No passwords on the wire

• No need for shared secrets

• Strong underlying security technology

-Widely included in technology products

การประยุกต์ใช้งาน PKI (Applications of PKI)
-Authentication

• Web Servers (SSL, …)

• Web Users (SSLv3, mutual authentication, …)

• Local Users (system logon, …)

-Secure e-mail (signed and encrypted)
-Digital signatures
-Data encryption

• Business documents, databases, executable code

-Network data protection (VPN, wireless)
-Secure instant messaging

มีประโยชน์อย่างไร? (Added Value)
-Authentication

• proves your identity to a third party

-Confidentiality

• prevents disclosure of private data

-Non-repudiation

• prevents later denial of actions
  

-Integrity

• proves that no changes were made to your data

พื้นฐานเทคโนโลยี (Underlying Technology)
-A pair of asymmetric keys is used, one to encrypt, the other to decrypt
-Each key can only decrypt data encrypted with the other
-Makes use of the RSA algorithm

PKI Technology - Public and private Keys
-The "public" key is published far and wide
-The "private" key is kept secret by its owner
-No need to exchange a secret "key" by some other channel.



What is a certificate?
-Signed data structure (x.509 standard) binds some information to a public key
-Trusted third party assures validity of information in certificate, enforces policies for issuing certificates
-Information in a certificate is usually a personal identity or a server name
-Think of a certificate with its keys as a software equivalent of an international passport

What is a certificate authority (CA)?
-An organization that creates, signs, publishes and revokes certificates
-Verifies the information in the certificate
-Protects general security and policies of the system and its records
-Allows you to check certificates so you can decide whether to use them in business transactions
-Root certificate can also be self-signed
-Commercial examples:


หากต้องการทดสอบการใช้งาน ใน Windows Server เองก็มี Certification Authority Service ไว้ให้ใช้งานได้ครับ

อ้างอิง:
-"PKI Introduction", Koh Gim Leng, Director of services, Vasco Data Security Asia Pacific Pte Ltd.
-"Public Key Infrastructure", http://en.wikipedia.org/wiki/Public_key_infrastructure