66 - DeviceMaster Security DeviceMaster Installation and Configuration Guide: 2000594 Rev. F
Understanding Security Methods and Terminology
Digital
Certificate
A digital certificate is an electronic credit card that establishes your credentials when doing
business or other transactions on the Web. It is issued by a certification authority (CA). It
contains your name, a serial number, expiration dates, a copy of the certificate holder's
public key (used for encrypting messages and digital signatures), and the digital signature of
the certificate-issuing authority so that a recipient can verify that the certificate is real.
Some digital certificates conform to a standard, X.509. Digital certificates can be kept in
registries so that authenticating users can look up other users' public keys.
See Key and Certificate Management
on Page 83 for more information.
PKI (public
key
infrastructure)
A public key infrastructure (PKI) enables users of a basically unsecure public network such
as the Internet to securely and privately exchange data and money through the use of a
public and a private cryptographic key pair that is obtained and shared through a trusted
authority. The public key infrastructure provides for a digital certificate that can identify an
individual or an organization and directory services that can store and, when necessary,
revoke the certificates. Although the components of a PKI are generally understood, a
number of different vendor approaches and services are emerging. Meanwhile, an Internet
standard for PKI is being worked on.
The public key infrastructure assumes the use of public key cryptography, which is the most
common method on the Internet for authenticating a message sender or encrypting a
message. Traditional cryptography has usually involved the creation and sharing of a secret
key for the encryption and decryption of messages. This secret or private key system has the
significant flaw that if the key is discovered or intercepted by someone else, messages can
easily be decrypted. For this reason, public key cryptography and the public key
infrastructure is the preferred approach on the Internet. (The private key system is
sometimes known as symmetric cryptography and the public key system as asymmetric
cryptography.)
A public key infrastructure consists of:
• A certificate authority (CA) that issues and verifies digital certificate. A certificate
includes the public key or information about the public key
• A registration authority (RA) that acts as the verifier for the certificate authority before
a digital certificate is issued to a requestor
• One or more directories where the certificates (with their public keys) are held
• A certificate management system
For more information, see SSL Authentication on Page 74, SSL Performance on Page 76, SSL
Cipher Suites on Page 77, and DeviceMaster Supported Cipher Suites on Page 77.
Term or Issue Explanation (Continued)
To Next Page
Loading...
