PKIsPKIs

To use public key methods, an To use public key methods, an organization must establish a organization must establish a comprehensive comprehensive Public Key Public Key Infrastructure (PKI)Infrastructure (PKI)• A PKI automates most aspects of using A PKI automates most aspects of using

public key encryption and public key encryption and authenticationauthentication

• Uses a Uses a PKI ServerPKI ServerPKI

Server

PKIsPKIs PKI Server Creates Public Key-Private PKI Server Creates Public Key-Private

Key PairsKey Pairs• Distributes private keys to applicants Distributes private keys to applicants

securelysecurely• Often, private keys are embedded in Often, private keys are embedded in

delivered softwaredelivered software

PKIServer

Private Key

PKIsPKIs PKI Server Provides CRL ChecksPKI Server Provides CRL Checks

• Distributes digital certificates to Distributes digital certificates to verifiersverifiers

• Checks certificate revocation list before Checks certificate revocation list before sending digital certificatessending digital certificates

PKIServer

Digital Certificate

PKIsPKIs CRL CRL (Certificate Revocation List)(Certificate Revocation List) Checks Checks

• If applicant gives verifier a digital If applicant gives verifier a digital certificate,certificate,

• The verifier must check the certificate The verifier must check the certificate revocation listrevocation list

PKIServer

OK?

OK or Revoked

CRL