Infineon Security Platform Solution
The Public Key Infrastructure (PKI) in Windows Operating Systems
The Microsoft Windows 2000 operating system introduced a comprehensive Public Key Infrastructure (PKI) to the Windows platform. This infrastructure enhances the Windows-based public-key cryptographic services that were introduced over the past few years, by providing an integrated set of services and administrative tools for creating, deploying, and managing public key-based applications.
This means that application developers can take advantage of the shared-secret security mechanisms or public key-based security mechanisms, as appropriate. Furthermore, enterprises will also be able to administrate their environment and applications with tools and policies that are consistent over the entire organization.
The PKI does not replace the existing Windows domain trust-and-authorization mechanisms based on the domain controller (DC) and Kerberos Key Distribution Center (KDC). Rather, the PKI works with these services and provides enhancements that allow applications to readily scale to address extranet and internet requirements. A public key infrastructure addresses the need for scalable and distributed identification and authentication, integrity, and confidentiality by providing a framework of services, technology, protocols, and standards that enable you to deploy and manage a strong and scalable information security system. Support for creating, deploying, and managing public key-based applications is provided uniformly on workstations and servers running Windows 2000 or Windows NT4.
The basic components of a public key infrastructure include digital certificates, certificate revocation lists, and certification authorities. Enterprise administrators must ensure that a public key infrastructure is in place before they actually start using public key cryptography in their networks.
More information on Microsoft PKI concepts and Certificate Services is available in the Microsoft TechNet.
Setting up a PKI within an organization involves the following steps:
- Setting up the Active Directory
- Installing a Certification Authority
- Changing the User Certificate Template
- Enrolling Certificates
This document gives an overview of some of the items listed above and points you to links that provide more information on these topics.
©Infineon Technologies AG