|
In public-key cryptography and computer security, a root key ceremony is a procedure where a unique pair of public and private root keys is generated. Depending on the certificate policy, the generation of the root Keys may require notarization, legal representation, witnesses and ‘key holders’ to be present, as the information on the system is a responsibility of the parties. The 'best practice' is to follow the SAS 70 standard for root key ceremonies. At the heart of every certificate authority (CA) is at least one root key or root certificate and usually at least one intermediate root certificate. A root key is a term for a unique passcode that must be generated for secure server interaction with a protective network, usually called the root zone. Prompts for information from this zone can be done through a server. The keys and certificates mentioned are the credentials and safe guards for the system. These digital certificates are made from a public and a private key. ==Examples== Example A: These passcodes are used for Strong identification & non-repudiation for email & web access Unless the information being accessed or transmitted is valued in terms of millions of dollars, it is probably sufficient that the Root Key Ceremony be conducted within the security of the vendor's Laboratory. The customer may opt to have the Root Key stored in a hardware security module, but in most cases, the safe storage of the Root Key on a CD or hard disk is sufficient. The Root Key is never stored on the CA server. Example B: Machine Readable Travel Document () ID Card or e Passport This type of environment requires much higher security. When conducting the Root Key Ceremony, the Government or Organization will require rigorous security checks to be conducted on all personnel in attendance. Those that are normally required to attend the Key Ceremony will include a minimum of two Administrators from the organization, two signatories from the organization, one lawyer, a notary, and two video camera operators, in addition to the CA software vendor's own technical team. Example A and B are at opposite ends of the security spectrum and no two environments are the same. Depending on the level of protection required, different levels of security will be used. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Key Ceremony」の詳細全文を読む スポンサード リンク
|