InfoSec - Digital Certificates

¡Supera tus tareas y exámenes ahora con Quizwiz!

Revocation

A key handling procedure. A key may need to be revoked prior to its expiration. Revoked keys cannot be reinstated. The CA should be immediately notified when a key is revoked and its status entered on the CRL.

Renewal

A key handling procedure. An existing key can be renewed before it expires. However, continually renewing keys make them more vulnerable.

Escrow

A key handling procedure. Keys are manage by a third party such as trusted CA. The private key is split and each half is encrypted. The two halves are sent to the third party, which stores each half in a separate location.

Expiration

A key handling procedure. Keys have expiration dates. Some systems set keys to expire after a set period of time by default.

Suspension

A key handling procedure. The revocation of a key is permanent; key suspension is for a set period of time. The CA should be notified, but the key can be reinstated.

Public Key Cryptography Standards (PKCS)

A numbered set of PKI standards that have been defined by the RSA Corporation. These standards are based on the RSA public-key algorithm.

Certificate Repository (CR)

A public accessible directory that contains the certificates and CRLs published by a CA.

Certificate Policy (CP)

A published set of rules that govern the operation of a PKI. It provides recommended baseline security requirements for the user and operation of CA, RA and other PKI components.

M-of-N Control

A recovery technique. A users private key is encrypted and divided into a specific number of parts. The parts are distributed to other individuals, with an overlap.

Key Recovery Agent (KRA)

A recovery technique. Highly trusted person responsible for recovering lost or damaged digital certificates.

Direct Trust

A relationship exists between two individuals because one person knows the other person.

Certificate Practice Statement (CPS)

A technical document that details how the CA uses and manages documents, end users register for a digital certificate, how certificates are issued and revoked and private key protection.

Certificate Authority (CA)

An entity that issues digital certificates for others. A user provides information to this authority for identity verification. The user then generates public and private keys and sends the public key to the authority. The authority inserts this public key into the certificate.

Dual-Sided Certificate

Certificates in which the functionality is split between two certificates. A signing certificate is used to sign a message to prove that the sender is authentic. An encryption certificate is used for the actual encryption of the message. They reduce the need for multiple copies of the signing certificate.

Server Digital Certificates

Combine both server authentication and secure communication between clients and servers on the web.

Public Key Infrastructure (PKI)

Framework for all the entities involved in digital certificates to create, store, distribute, and revoke digital certificates. It is digital certificate management.

Personal Digital Certificates

Issued by a CA or RA directly to individuals.

Software Publisher Digital Certificates

Issued by software publishers to verify that their programs are secure and have not been tampered with.

Destruction

Key destruction removes all private and public keys along with the user's identification information in the CA.

Certificate Revocation List (CRL)

Lists revoked certificates. Can be accessed to check the certificate status of other users.

Bridge Trust Model

PKI trust model that users a CA. There is no single CA that signs the certificates. One CA acts as a facilitator to interconnects all other CAs. The facilitator doesn't issue digital certificates, it acts as the hub between hierarchal trust models and distributed trust models.

Distributed Trust Model

PKI trust model that uses a CA, where there are multiple CAs that sign certificates.

Hierarchical Trust Model

PKI trust model that uses a CA, where there is one master CA called the root.

Third Party Trust

Refers to a situation in which two individuals trust each other because each trusts a third party.

Trust Model

Refers to the type of trusting relationship that can exits between individuals or entities.

Registration Authority (RA)

Subordinate entity that handles some CA tasks such as processing certificate requests and authenticating users.

X.509 Digital Certificates

The most widely accepted international standard format for digital certificates.

Digital Certificate

This can be used to associate a user's identity to a public key. The user's public key that has itself been 'digitally signed' by a reputable source entrusted to sign it.

Certificate Life Cycle

This cycle is divided into four parts as digital certificated don't last forever. Those parts being, creation, suspension, revocation and expiration.

Key usage

This is an important aspect of dealing with keys. If more security is needed then a multiple pairs of dual keys can be created. One pair of keys may be used to encrypt information, the public key would be backed up to another location. The second pair would be used for digital signatures, the public key in that pair would never be backed up.

Key Storage

This is an important aspect of dealing with keys. Public keys can be stored by embedding them within digital certificates, while private keys can be stored on the user's local system. Private keys can be stored in hardware like smart cards or in tokens.

Single-Sided Certificate

When a user sends one digital certificate along with their message.


Conjuntos de estudio relacionados

La Lengua y la identidad Oxford pg 215-217

View Set

med/surg test 3 prepu chapter 33

View Set

Quiz Questions - SOC 170 (Midterm 1)

View Set

Advanced System Analysis Exam 1 Systems analysis and design

View Set

GEOL 105 Geology of Colorado CMU

View Set