Browse archive

Latest news

Fighting cybercrime is on the right track

Google set to upgrade its SSL certs

IT security pros have trouble communicating with executives

Zeus variants are back with a vengeance

Facebook phishers target Fan Pages owners

Killer apps: The performance of networked applications

Is it time to professionalize information security?

Google researcher reveals another Windows 0-day

Twitter finally offers 2-factor authentication

DHS employees' info possibly compromised due to system flaw

Teens are into online sharing, but are also more privacy-aware

The dangers of downloading software from unofficial sites

Microsoft decrypts Skype comms to detect malicious links

Review: Logging and Log Management

Hacking charge stations for electric cars

PKI... Why Go Through the Hassle?

by Guy Vancollie - Chief Marketing Officer of Ubizen - Tuesday, 15 April 2003.

Implementing the use of public keys on a large scale requires a lot of manpower as, technically, PKI is the combination of the technologies, infrastructure and practices needed to enable use of public key encryption and digital signatures in distributed applications on a significant scale. The main purpose of PKI is to distribute public keys accurately and reliably to those needing to encrypt messages or verify digital signatures. This employs digital certificates issues by certification authorities. PKI also covers certificate renewal, revocation, status checking and private key backup and recovery.

Organisations typically have two options:

go for an in-house PKI, whether or not assisted by a third party with experience in PKI implementations;
go for an outsourced PKI solution.

The latter option seems to be a new trend.

Even large governmental bodies such as the Belgian government have recently chosen for an outsourced solution. As part of an overall strategy to deliver e-government services to its citizens, the Belgian government defined the Belpic project, providing an electronic identity card to each Belgian citizen over a period of five years. The electronic identity card contains a photo, some basic identity information and a signature of the cardholder in visual and electronic format. Digital certificates stored on the card will allow secure identification and electronic signing.

The PKI market has not delivered on its promise because the implementation and maintenance of an in-house Public Key Infrastructure requires highly specialized internal staff. What customers such as the Belgian government want are digital certificates to secure their applications. They don't want the hassle of implementing and maintaining a complex PKI environment. Some Managed Security Service Providers, e.g. Ubizen, offer such outsourced PKI solutions.

Infosecurity Europe is Europe's largest and most important information security event. Now in its 8th year, the show features Europe's most comprehensive FREE education programme, and over 200 exhibitors at the Grand Hall at Olympia from 29th April - 1st May 2003. www.infosec.co.uk

Spotlight

Weekly newsletter

With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.

DON'T
MISS
Fri, May 24th

24 May 2013.

Facebook phishers target Fan Pages owners

24 May 2013.

Google set to upgrade its SSL certs

23 May 2013.

Is it time to professionalize infosec?

23 May 2013.

Google researcher reveals Windows 0-day

23 May 2013.

Twitter finally offers 2-factor authentication

Spotlight

Is it time to professionalize information security?

Review: Logging and Log Management

Experts highlight top data breach vulnerabilities

A closer look at Mega cloud storage

The CSO perspective on healthcare security and compliance