Kein Folientitel
Download
Report
Transcript Kein Folientitel
Public Key Infrastructure
for
Digital Signatures
Christian Ploninger
Technische Universitaet Wien
Contents
Asymmetric Encryption
Key-Person-Binding Problem
Public Key Infrastructure
- Components
- Functionality
Asymmetric Encryption
Authenticity
Secrecy
Integrity
Asymmetric Encryption
Key-Person-Binding
Certificates
Trusted Third Parties
PKI - Components
Local Registration Authority (LRA)
Certification Authority (CA)
Root Certification Authority (RCA)
PKI - Requesting a Certificate
• Verify User Identity
• Submit Data securely
Provide Data
Registration
Authority
Applicant
• Verify Message Authenticity
• Create User Key-pair
• Issue Certificate
• Sign Certificate
Publish Certificate
Directory
Service
Certification
Authority
PKI - Functionality
Key Creation for CA
User Registration
Key Creation for Users
Issue Certificates
PKI - Functionality
Directory Service
Revoke Certificates
Timestamp Service
Personalize Private Keys
Conclusion
Asymmetric Encryption is not enough
Key-Person-Binding Problem
PKI solves this problem
Recommended Readings
Security in Open Networks,
Dusemund, Becker, Gollan, Engel and Meinel,
http://www.ti.fhg.de/publikationen/technische_berichte/2000/prep1500.de.ps
Ten Risks of PKI,
Carl Ellison and Bruce Schneier,
http://www.counterpane.com/pki-risks.pdf
Digitale Signatur,
Frank Bitzer and Klaus Brisch,
Springer Verlag, ISBN 3-540-65563-8