|
A public key infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates〔(【引用サイトリンク】title= What is PKI? - A Complete overview , January –23, 2015 )〕 and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The third-party validation authority (VA) can provide this information on behalf of the CA. The binding is established through the registration and issuance process. Depending on the assurance level of the binding, this may be carried out by software at a CA or under human supervision. The PKI role that assures this binding is called the registration authority (RA). The RA is responsible for accepting requests for digital certificates and authenticating the person or organization making the request.〔(【引用サイトリンク】url=http://www.techotopia.com/index.php/An_Overview_of_Public_Key_Infrastructures_(PKI) )〕 In a Microsoft PKI, a registration authority is usually called a subordinate CA.〔(【引用サイトリンク】url=https://msdn.microsoft.com/en-us/library/windows/desktop/bb427432%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396 )〕 == Design == Public key cryptography is a cryptographic technique that enables users to securely communicate on an insecure public network, and reliably verify the identity of a user via digital signatures. A public key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates which map public keys to entities, securely stores these certificates in a central repository and revokes them if needed. A PKI consists of:〔 * A ''certificate authority'' (CA) that both issues and verifies the digital certificates * A ''registration authority'' which verifies the identity of users requesting information from the CA * A ''central directory''—i.e., a secure location in which to store and index keys * A ''certificate management system'' * A ''certificate policy'' 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Public key infrastructure」の詳細全文を読む スポンサード リンク
|