More details Ideas are consistent with our real world solutions PKI: Certificate: ID card Degree certificate Digital certificate driver license a trusted third party ca Certification Authority Q: Other ideas 復大辱软件学院 LiJT
LiJT More details • Ideas are consistent with our real world solutions – Certificate: ID card, Degree certificate , driver license… – A trusted third party • Q: Other ideas ? • PKI: – Digital certificate – CA (Certification Authority)
efa The structure of digital certificate CAS Certificate private key Subject identit information Subject public key signature CA name CA signature 復大辱软件学院 LiJT
LiJT The structure of digital certificate Certificate Subject identity information Subject public key CA name CA signature signature CA's private key
fe) consider the simplest case: the single CA model Questions Life cycle of keys How to get keys CA Bob Alice 復大辱软件学院 LiJT
LiJT • Questions? – Life cycle of keys – How to get keys – …… Consider the simplest case: the single CA model Bob Alice CA ……
Life cycle of keys Generate keys Certificate Issuance Use keys Certificate Bob Inspection Expired keys pdate keys 復大辱软件学院 LiJT
LiJT Life cycle of keys Generate keys Certificate Issuance Use keys Certificate inspection Expired keys Update keys
to8 PKI(Public Key Infrastructure) Definition A universal security infrastructure that implements and provides security services using public key principles and technologies A complete PKi should include Certificate Authority(CA) Certificate store Certificate revocation Keys backup and recovery Automatic keys update Keys history file Cross-certification Non-repudiation Timestamp Client software 復大辱软件学院 LiJT
LiJT PKI (Public Key Infrastructure) • Definition: – A universal security infrastructure that implements and provides security services using public key principles and technologies • A complete PKI should include – Certificate Authority (CA) – Certificate store – Certificate revocation – Keys backup and recovery – Automatic keys update – Keys history file – Cross-certification – Non-repudiation – Timestamp – Client software