Chapter 7: E-Commerce: Public Key Infrastructure

7.1 PKI and you

In Chapter 6, we briefly covered Public Key Infrastructure (PKI). This chapter is devoted to this topic. We have discussed SSL, encryption, and certificates. Now we are going to focus on Public Key Infrastructure. PKI is slowly immersing itself into the business enterprise. Lotus Notes has had a PKI since Release 1.0. For an effective PKI to be implemented, however, you will need to have some idea of what this beast is. As you might guess, public key cryptography requires a public key infrastructure. What is driving this use of PKI are applications and access to those applications. Businesses around the world are deploying new generations of business-critical applications, and in many cases, these are distributed applications. These applications are serving the following types of environments: customer to business; business to business; and employees to business.

7.1.1 Customer to business

This environment is one in which the customer will use the Internet to interact with a business. Customer-to-business access is not only to "buy" something. Following are a few examples of other uses this type of access provides. It can:

  • Look up information on a product or service

  • Inquire or make a change to an order

  • Place an order

  • Send an e-mail with a question regarding the company's offerings

There are a lot of reasons for a customer to use the Internet. Do you have to authenticate with each of these reasons? No, you only need to authenticate in those areas where you need to identify the user. Interestingly enough, implementing a PKI for the general public is somewhat difficult. You will see why a bit later.

7.1.2 Business to business

This environment is where PKI can really shine. You will see that by using some type of PKI, you can determine whom you are doing business with and use that information to track and verify transactions. PKI can be very useful in the high-volume transaction and mobile world of Internet commerce. It provides risk management control for business systems.

7.1.3 Employees to business

This environment is another example of how PKI can help an organization. PKI can provide a secure mechanism to transfer mail not only inside the organization but also outside the organization. Also, there are the benefits of being able to have a secure transaction and access based on a certificate. You could even set up a central certificate database (LDAP) and authenticate using it as your authoritative source.

7.1.4 PKI components

With all that said, let's review: PKI is the use of public key cryptography via some type of network (for our discussion the Internet). In most cases, a standard public-private key system will be used. This PKI will include several components.

Certificate authority (CA)

The CA issues, verifies, renews, and revokes digital certificates. A certificate includes the public key or information about the public key and may even offer a directory to store the public key.

The management system

There are many different implementations of PKI in the marketplace. Many of these systems are shipped with a web server or are offered as a stand-alone program. The keys are typically created simultaneously using the same algorithm by a certificate authority.


Following are some of the features that we will be working with when using a PKI.

Internet Security(c) A Jumpstart for Systems Administrators and IT Managers
Internet Security: A Jumpstart for Systems Administrators and IT Managers
ISBN: 1555582982
EAN: 2147483647
Year: 2003
Pages: 103
Authors: Tim Speed, Juanita Ellis
BUY ON AMAZON © 2008-2017.
If you may any questions please contact us: