Authentication, Public key infrastructure, Public keys – Allied Telesis AT-S62 User Manual

Chapter 27: Public Key Infrastructure Certificates

Section VII: Management Security

518

The Application data message encapsulates the encrypted application
data.

Authentication

Authentication is the process of ensuring both the web site and the end
user are genuine. In other words, they are not imposters. Both the server
and an individual users need to be authenticated. This is especially
important when transmitting secure data over the Internet.

To verify the authenticity of a server, the server has a public and private
key. The public key is given to the user.

SSL uses certificates for authentication. A certificate binds a public key to
a server name. A Certification Authority issues certificates after checking
that a public key belongs to its claimed owner. There are several
agencies that are trusted to issue certificates. Individual browsers have
approved Root CAs that are built in to the browser.

Public Key

Infrastructure

The Public Key Infrastructure (PKI) feature is part of the switch’s suite of
security modules, and consists of a set of tools for managing and using
certificates. The tools that make up the PKI allow the switch to securely
exchange public keys, while being sure of the identity of the key holder.

The switch acts as an End Entity (EE) in a certificate-based PKI. More
specifically, the switch can communicate with Certification Authorities
(CAs) and Certificate Repositories to request, retrieve and verify
certificates.The switch allows protocols running on the switch, such as
ISAKMP, access to these certificates. The following sections of this
chapter summarize these concepts and describe the switch’s
implementation of them.

Public Keys

Public key encryption involves the generation of two keys for each user,
one private and one public. Material encrypted with a private key can
only be decrypted with the corresponding public key, and vice versa. An
individual’s private key must be kept secret, but the public key may be
distributed as widely as desired, because it is impossible to calculate the
private key from the public key. The advantage of public key encryption
is that the private key need never be exchanged, and so can be kept
secure more easily than a shared secret key.

Message

Encryption

One of the two main services provided by public key encryption is the
exchange of encrypted messages. For example, user 1 can send a secure
message to user 2 by encrypting it with user 2’s public key. Only user 2
can decrypt it, because only user 2 has access to the corresponding
private key.