Transcript Kein Folientitel

Public Key Infrastructure
for
Digital Signatures
Christian Ploninger
Technische Universitaet Wien
Contents
 Asymmetric Encryption
 Key-Person-Binding Problem
 Public Key Infrastructure
- Components
- Functionality
Asymmetric Encryption
 Authenticity
 Secrecy
 Integrity
Asymmetric Encryption
Key-Person-Binding
 Certificates
 Trusted Third Parties
PKI - Components
 Local Registration Authority (LRA)
 Certification Authority (CA)
 Root Certification Authority (RCA)
PKI - Requesting a Certificate
• Verify User Identity
• Submit Data securely
Provide Data
Registration
Authority
Applicant
• Verify Message Authenticity
• Create User Key-pair
• Issue Certificate
• Sign Certificate
Publish Certificate
Directory
Service
Certification
Authority
PKI - Functionality
 Key Creation for CA
 User Registration
 Key Creation for Users
 Issue Certificates
PKI - Functionality
 Directory Service
 Revoke Certificates
 Timestamp Service
 Personalize Private Keys
Conclusion
 Asymmetric Encryption is not enough
 Key-Person-Binding Problem
 PKI solves this problem
Recommended Readings
 Security in Open Networks,
Dusemund, Becker, Gollan, Engel and Meinel,
http://www.ti.fhg.de/publikationen/technische_berichte/2000/prep1500.de.ps
 Ten Risks of PKI,
Carl Ellison and Bruce Schneier,
http://www.counterpane.com/pki-risks.pdf
 Digitale Signatur,
Frank Bitzer and Klaus Brisch,
Springer Verlag, ISBN 3-540-65563-8