Certificate Authority Automatically signs up a certificate that has a key and an identity
. This procedure is called certification.
Key Recovery and Backup A means to bring back damaged or lost certificates
Key History Certificates can be updated. Any data protected making use of the older keys wouldnt be accessible if not the older keys are saved in an archive.
Certificate Repository A storeroom repository for certificates
Certificate Revocation A means of breaching the relationship between a key and an identity.
Automatic Key Recertification Certificates end after a specified time. Automated key recertification could update with a new ending date when needed w/out manual intervention.
Cross Certification Utilized to make a trust relationship between detach PKIs. This allows for a decentralized and distributed infrastructure.
Support for Non Repudiation avoids a certificate owner from refusing that data was protected making use of the owners certificate
Time stamping Confirm that the time stamp on the protected data is valid and accurate.
Client API A means for an application to utilize the services given by a PKI
There are several terms above that should be defined. An identity is a name. The name can refer to a printer or a person. A key is basically a number. This number is connected with the uniqueness to form a certificate. The certificate can be saved w/in a file or a database. The storage process isnt really important. What is vital is that it and its data are accessible. Signing for a certificate passes on to the procedure of the Certificate authority putting its stamp of authorization on the certificate to say that the certificate is accurate and valid according to the CA. This whole process is passed on to as Certification.
Not all of the services stated above are needed for every PKI installation. Actually a small PKI install could suit most environments.
What PKI is not
As vital as it is to know what a PKI is, it is important to know what it is not. A PKI doesnt handle authorization. Authorization services must be given by a Privilege Management Infrastructure or PMI. However, a PMI can use a PKI for identity verification. A PKI doesnt automatically make a system safe. Software bugshuman error malicious code signed by a relied entity