This paper is the companion piece to the paper PKI Basics: a Business Perspective in the Forum’s PKI Notes Series. Together the two papers provide a concise, vendor neutral introduction to the PKI technology from business and technical perspectives. The audience for this Technical Perspective includes both the businessperson looking for a high level description of the technology and the IT professional who is unfamiliar with PKI concepts. Our goal is to familiarize the reader with the terminology of PKI, the architectural components and how they interact, and the certificate life-cycle management concepts.
Introduction
The electronic information systems today are as complex as the business relationships they need to serve. The words ‘Information Security’ are now familiar at the highest levels of corporate structures. The security consultant is taking his place as an advisor along with the legal and accounting experts that are essential to conducting business today.
Information security, when approached from a corporate perspective, is an enabler of traditional business goals in an electronic environment. Improved revenue through access to new markets, reduced costs through the efficiencies of extranet and internet delivery of information, compliance with government and industry regulations regarding the privacy of personal information, and reduced risk of liability are only a few examples of the business objectives that can be enabled by having a cogent security policy and security delivery infrastructure.
